Ten Key Points That Will Help You Protect Your Brand

You’ve cultivated your idea, identified your target audience, designed your product or service – or both – and have defined your focus and priorities into what is your most important resource; your brand.

AdobeStock_98980705.jpeg

And, yet, with a single click, or a weak, old password, or a short delay in closing the loop on an ex-employee, the one thing you need to protect the most – your brand – may be exploited in ways you may not recover from.

Welcome to the new digital age.

AdobeStock_129383603.jpeg

Without question, today’s marketplace of ideas and its expansion to anywhere and anyone with a smart device is a boon for those needing to get their name in front of the paying public. This resource comes at a price, though, and that price is paid in diligence.

There is no ‘set it and forget it’, no trusted and secure device. There is no single, magical solution. Your brand is not and will never be, isolated. Where an exploit can originate isn’t just a moving target – it’s a moving target viewed from another moving target. Employees, contractors, vendors, financial institutions, third-parties, this list from where a compromise can come from is endless.

Today we’ll explore some of the best recommended practices related to device and network security along with administrative and personal actions to help you build the best shield for your brand. The following 10 points are relatively simple to implement and will have a significant impact on your cyber security.

AdobeStock_85167242.jpeg

#1 Accept you are a target to hackers

Don't ever say "It won't happen to me.” We are all at risk and the stakes are high - to your personal and financial well-being, and to the well-being of your brand’s standing and reputation.

The most important step in protecting your brand is to always assume you have risk.

#2 Keep software up to date

Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices. Turn on Automatic Updates for your operating system and always keep software up to date. Most of the time, an update is a company plugging a security hole in their program. Also, delete or deactivate any software, programs, or applications that you're not using.

#3 Practice good password management

We all have too many passwords to manage - and it's easy to take short-cuts, like reusing the same password. A password management program can help you to maintain strong, unique passwords for all of your accounts.  These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.

There are many, many tips on good choices for your passwords with most boiling down to four points:

  • Long - many characters

  • Complex - range of characters

  • Unique - different logins, different passwords

  • Updated – passwords should be changed every 6-12 months or when any site you utilize reports a security breach

Oh! Creative uses a password management tool that easily updates passwords that are weak or exploitable. Additionally, we can securely store personal passwords only accessible to the individual and team passwords that are required by all. There are a number of solutions to pick from. Here’s a list of some of the top choices.

AdobeStock_180276598.jpeg


#4 Use mobile devices safely

Considering how much we rely on our mobile devices, how susceptible they are to attack, and the increasing volume of business (emails, postings, updates) transacted over mobile, you'll want to make sure you are protected:

  • Lock your device with a PIN or password - and never leave it unprotected in public

  • Only install apps from trusted sources

  • Keep your device's operating system updated

  • Backup your data

For a more in-depth look at comprehensive mobile device security, click here.

#5 Have a plan

If you accept you’re a target, you must have a plan in place for the inevitable. If/when something happens, don't waste time scrambling for the best response. That's how mistakes happen. By setting up this kind of Disaster recovery Plan (DRP), you're actually helping to prevent crises from happening. There are many components that drive the degree and type of DRP that makes sense for your business. Here’s a good guide to get you started.

Additionally, having to terminate a relationship – either with an employee, a contractor, or a vendor – can also be a challenge. In that moment it’s important to remember to also terminate any and all access to your networks. Similar to a disaster recovery plan, you should implement a termination plan. Have a process in place to eliminate any chance of a lingering login still active. Small businesses work with people they trust, and a lot of people who come and go. Sometimes they don't go under the happiest circumstances. If a former employee with a grudge still has access or even still has their multifactor authentication enabled, that's a big insider security problem that's painfully easy to address.


AdobeStock_211554085.jpeg

#6 Wipe data from old technology completely

Most of us cycle our phones every two years and will likely update to new computers (laptop or desktop) every three to five years. Add to that any device connected to the internet will hold some degree of data and you can see just how quickly and easily it can be to abandon a piece of hardware holding critical information unintentionally.

Data can be left behind if you don't completely wipe a computer or device with a certified tool. Destruction software, for example, follows the standards of a "DOD wipe", which is what government agencies, like the Department of Defense, would use. If it works for them, it will work for you, too. Not sure what a “DOD wipe” is?

#7 Social Networks - enable privacy settings, increase the default security settings, and set up alerts

Review the privacy and security options for all social networks. Many are open by default, with privacy and security optional or turned off. Make sure to enable alerts and notifications on your accounts to be quickly advised of any suspicious activity. Get notified when anyone attempts to tag you. Much attention is spent creating and updating the content presented on social media to increase your reach. This increased reach requires additional levels of diligence. Fortunately, there are many automated tools that simple need to be activated to help you maintain secure control of all your social channels.

#8 Limit what you do over public Wi-Fi and apply the following best practices when using it

It’s best not to use a public Wi-Fi network without VPN. Rather use your cell network when security is important.

  • When using public Wi-Fi make sure to confirm the name of the access point. A common trick employed by hackers is to broadcast access points with similar names.

  • Disable Auto Connect Wi-Fi or enable Ask to Join Networks. Always confirm joining a public Wi-Fi and never opt to remember the Wi-Fi network on public access points.

  • Always assume someone is monitoring your data over public Wi-Fi.

  • Do not access your sensitive data like financial information, change passwords or provide personal details over public Wi-Fi.

  • If you have a mobile device with a personal hotspot function, choose this over public Wi-Fi where possible—but still be cautious.

AdobeStock_165892885 2.jpeg


#9 Turn on Multifactor Authentication

There is no reason not to implement Multifactor Authentication (MFA) as all legitimate platforms will provide for a simple implementation of MFA. MFA is something you can do immediately and easily. Implementing this additional layer can be the piece that saves your data when an unsecured device is lost or stolen. Here’s a great resource for more details.


#10 Always secure your email

You may have the most secure environment implemented. That doesn’t mean the recipient of your email does. If your business model dictates the transmission of sensitive data via email, you should seriously consider encrypting your email. As the industry advances, these services are becoming more reasonable and commonplace. That said, a general best practice is to always consider email as a postcard, not a sealed envelope.

Additional Resources:

SBA's Top 10 Cybersecurity Tips
SBA Online Course: Cyber Security for Small Businesses
Cyber Resilience Review (CRR) Assessment Tool
The Small Biz Cyber Planner
SBA, NIST, and the FBI's joint Small Business Workshops
The SBA's YouTube channel
NIST's Computer Security Resource Center
COMPTIA's certifications and education programs to learn MSP security protocols


MEET NICHOLAS BROWNSON
Before coming to Oh! Creative, Nicholas Brownson was a sales professional with 20+ years experience in the high tech world. With a solid, operationally-sound approach, Nicholas’ expertise in IT and security software makes him an integral part of the Oh! Creative team.

nick.jpeg

The Cobbler's Children Have No Shoes...

gabby-orcutt-98870-unsplash.jpg

A plumber's house always has a dripping tap.
A blacksmith's home only has wooden spoons.
At the potter's house, water is served in a broken jug.

Proverbs abound on this one. The idea is that someone with a specific skill is often too busy assisting others that their own affairs go unattended.

My Inspiration

Kenton, a director I work with, wrote this in a recent blogpost: "...according to one of my producers (Liz), blogs are crucial to keeping the analytics of a website on the upswing."

Brilliant advice, Liz. 

"Do you have a blog?" He asks me later.

"Not for a while now, no. I just haven't taken the time. I'm so busy, after all. ...It's...it's like those cobbler's children--no shoes," I stammer. 

"Well, looks like you have your next blog post title." my wise friend says, "start a new blog - just force yourself and do it, Liz."

He's so bossy. And so right.

Why Blog?

Im constantly telling clients that a clean, well-written blog is a great way to drive traffic and promote your brand. But what does that even mean? I mean, it's true, but I'm weary of all the buzz words. Simply put, blogs are a fairly simple way to say to the world, "Hey, y'all. Im here. I know what Im talking about. Also, Google - pay attention to me." 

Also - simply having a blog on your website improves your rating with Google over 400% That's good enough reason as any, methinks.

The lady who sells fans, fans herself with her hands.

Maybe it’s my fear of possibly not being engaging enough, or feeling incapable of creating the type of content that I encourage my clients to create that has kept me from doing this. Or maybe i AM too busy. But I know too much to not - so...

"Hey, y'all..."

More soon. 

(While you're here, check out Oh!'s Vimeo Site - and see what we've been up to lately.)