How To Protect Your Business From Hackers Galore

by | Feb 24, 2019 | The Internet

Here’s the deal. Whether we like it or not, hackers are all over the place looking for opportunities—big or small—to make a quick buck. Because of this, we can’t plead ignorance and do nothing about security.

We must take an active role in doing as much as possible to protect our respective businesses from the various possible threats.

Here are three suggestions to help keep your business safe in these crazy times.

You may also be interested in: How Sales Funnels Can Help You Grow Your Business

Passwords

123456 is one of the worst possible passwords, yet it is one of the most popular. Coming in at second place is another terrible password, and that is password. Yes, many people have a password that is the word password. Sigh…

And that’s a bad idea, obviously.

Setting complex and secure passwords on your devices (and for all of your accounts) is one of the most important steps you can take for security. It doesn’t matter how complex your password is if you use the same password for all of your accounts. If one of the sites where you have an account gets hacked, then all of your accounts are vulnerable.

Here are a few considerations for setting and managing your passwords:

  • Don’t use the same password for all of your accounts and devices. Mix it up.
  • Use a password management service or application to make it easier to remember the complex passwords for all of your accounts, such as Zoho Vault.
  • Use uppercase, lowercase, numbers, and special characters in your password. And, make it at least 16-characters long (or the maximum allowed if it’s less than 16-characters).
  • Require complex passwords to be used by all staff in your office.

Because most password management software services provide the ability to automatically generate complex passwords, this is going to be your best bet.

What If You Need To Remember A Password?

Password generators will come up with much more random and secure passwords than anything you can think up.

Yet, if you have to repeatedly type a password (such as to login to your computer), you likely won’t want to generate a random password such as:

  • noGT1>vd7<OWKS4?:%

That would be difficult to memorize and type each time you want to login to your computer. Instead, you can combine multiple unrelated words (3-5) into a password and substitute letters with numbers and special characters.

For example:

As you can see, the original four words turned into quite the complex and secure password. And, since the four words selected weren’t related to each other, this makes for a really hard password to guess or crack.

Most importantly, it is much easier to remember “traveling house running monster” than it is a random set of characters, numbers, and symbols.

You will just need to remember which letters you swapped out for which numbers and special characters.

Encryption

Let’s say your computer is stolen, and you have a really complex password you’re proud of. A 25-character password with a good mix of lowercase letters, uppercase letters, numbers, and special characters.

Should you be scared about the perpetrator gaining access to your computer? Well, the answer is… it depends.

Even if you have a solid password set on your device, if your contents are not encrypted, you’re still not completely secure.

There are many different types of encryption, some more secure than others. The type of encryption used by the government is called Advanced Encryption Standard (AES). There are different levels of AES, 128-bit, 192-bit, and 256-bit. The higher the number, the more secure.

Ultimately, it’s best practice to encrypt all of your devices and data to ensure it remains secure in the event it falls into the wrong hands.

Beginning with the release of Microsoft Windows Vista, Microsoft has the option to encrypt your entire hard drive with BitLocker. BitLocker uses the same AES encryption as the government, and you can choose 128-bit or 256-bit encryption keys.

On the Apple side, you have the ability to turn on FileVault to encrypt your entire hard driveSimilar to BitLocker, FileVault uses AES with a 256-bit key.

It’s also important to consider other types of devices to be encrypted. This includes:

  • Flash Drives
  • External Hard Drives
  • Cell Phones
  • Tablets

If you lose any of the devices above, and they aren’t encrypted, it will be easy for someone to view all of your information. Even if you do encrypt your devices, the wrong type of encryption can still leave you vulnerable.

 

Email

Most scams these days are hitting individuals and businesses right in their inbox. I’m sure you’re no different with the number of phishing scams that you receive on a weekly basis.

Phishing is a scam completed via email where a bad guy (or gal) attempts to gain access to confidential information through deceitful actions and requests.

These “official” looking emails are becoming very sophisticated, and they often succeed in tricking victims into coughing up lots of money. It’s important to train your employees to closely examine ALL emails.

Even if an email looks like it’s coming from the CEO, owner, or top dog, validate it.

This needs to become a habit.

Here are 4 things you should do with every email you receive. It may seem tedious to do this, but it will eventually become a mindless habit as you do this more-and-more.

  1. Confirm the “From” email address is what it should be. Not just the name, but the email address itself.
  2. Hover over links to make sure they’re legit.
  3. Is the email using proper English? You’d be amazed at how many phishing attempts could have been caught by slowing down and looking for weird language.
  4. Use caution with all attachments you receive—both from others in your company and from clients.

The reason phishing is so successful is by the use of something called spoofing. Spoofing gives the illusion that someone (i.e. a person via email, a computer on your network, etc.) is somebody or something else.

For instance, if you received an email from what appears to be a client asking for their username and password (and it’s really not them), this would be an attempt to phish using spoofing.

It’s very easy to impersonate another individual via email and give the illusion that it is a legitimate request. This is why it’s very important to closely examine emails to ensure it is truly coming from who you think it is.

And, if all else fails, pick up the phone and call the person to confirm its legitimacy.

You may also be interested in: What Ryan Learned From His One Year Podcasting Experiment

Other Ideas? 

What other strategies do you use to stay secure online? 

Let us know on Twitter (@TeamPixelayn) or you can connect with me directly (@rdglick).

Ryan has been heavily involved in the world of Information Technology and entrepreneurship since the early 2000s. From small business consulting to Fortune 500 IT leadership, Ryan has a wide array of industry knowledge. He earned his BBA from the University of Iowa in 2004 majoring in Management Information Systems and later earned his MBA from the University of Iowa in 2009 with a focus on Management and Marketing. When he's not spending time with his wife and three young children, you'll find Ryan pounding away at his keyboard, spinning on his Peloton, or listening to a good audiobook or podcast.

Connect with Ryan on Twitter or Instagram.

Ryan Glick

Co-Founder, Pixelayn Innovations

Ryan has been heavily involved in the world of Information Technology and entrepreneurship since the early 2000s. From small business consulting to Fortune 500 IT leadership, Ryan has a wide array of industry knowledge. He earned his BBA from the University of Iowa in 2004 majoring in Management Information Systems and later earned his MBA from the University of Iowa in 2009 with a focus on Management and Marketing. When he's not spending time with his wife and three young children, you'll find Ryan pounding away at his keyboard, spinning on his Peloton, or listening to a good audiobook or podcast.

Connect with Ryan on Twitter or Instagram.

Ryan Glick

Co-Founder, Pixelayn Innovations