You’ve cultivated your idea, identified your target audience, designed your product or service – or both – and have defined your focus and priorities into what is your most important resource; your brand.
And, yet, with a single click, or a weak, old password, or a short delay in closing the loop on an ex-employee, the one thing you need to protect the most – your brand – may be exploited in ways you may not recover from.
Welcome to the new digital age.
Without question, today’s marketplace of ideas and its expansion to anywhere and anyone with a smart device is a boon for those needing to get their name in front of the paying public. This resource comes at a price, though, and that price is paid in diligence.
There is no ‘set it and forget it’, no trusted and secure device. There is no single, magical solution. Your brand is not and will never be, isolated. Where an exploit can originate isn’t just a moving target – it’s a moving target viewed from another moving target. Employees, contractors, vendors, financial institutions, third-parties, this list from where a compromise can come from is endless.
Today we’ll explore some of the best recommended practices related to device and network security along with administrative and personal actions to help you build the best shield for your brand. The following 10 points are relatively simple to implement and will have a significant impact on your cyber security.
#1 Accept you are a target to hackers
Don't ever say "It won't happen to me.” We are all at risk and the stakes are high - to your personal and financial well-being, and to the well-being of your brand’s standing and reputation.
The most important step in protecting your brand is to always assume you have risk.
#2 Keep software up to date
Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices. Turn on Automatic Updates for your operating system and always keep software up to date. Most of the time, an update is a company plugging a security hole in their program. Also, delete or deactivate any software, programs, or applications that you're not using.
#3 Practice good password management
We all have too many passwords to manage - and it's easy to take short-cuts, like reusing the same password. A password management program can help you to maintain strong, unique passwords for all of your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.
There are many, many tips on good choices for your passwords with most boiling down to four points:
Long - many characters
Complex - range of characters
Unique - different logins, different passwords
Updated – passwords should be changed every 6-12 months or when any site you utilize reports a security breach
Oh! Creative uses a password management tool that easily updates passwords that are weak or exploitable. Additionally, we can securely store personal passwords only accessible to the individual and team passwords that are required by all. There are a number of solutions to pick from. Here’s a list of some of the top choices.
#4 Use mobile devices safely
Considering how much we rely on our mobile devices, how susceptible they are to attack, and the increasing volume of business (emails, postings, updates) transacted over mobile, you'll want to make sure you are protected:
Lock your device with a PIN or password - and never leave it unprotected in public
Only install apps from trusted sources
Keep your device's operating system updated
Backup your data
For a more in-depth look at comprehensive mobile device security, click here.
#5 Have a plan
If you accept you’re a target, you must have a plan in place for the inevitable. If/when something happens, don't waste time scrambling for the best response. That's how mistakes happen. By setting up this kind of Disaster recovery Plan (DRP), you're actually helping to prevent crises from happening. There are many components that drive the degree and type of DRP that makes sense for your business. Here’s a good guide to get you started.
Additionally, having to terminate a relationship – either with an employee, a contractor, or a vendor – can also be a challenge. In that moment it’s important to remember to also terminate any and all access to your networks. Similar to a disaster recovery plan, you should implement a termination plan. Have a process in place to eliminate any chance of a lingering login still active. Small businesses work with people they trust, and a lot of people who come and go. Sometimes they don't go under the happiest circumstances. If a former employee with a grudge still has access or even still has their multifactor authentication enabled, that's a big insider security problem that's painfully easy to address.
#6 Wipe data from old technology completely
Most of us cycle our phones every two years and will likely update to new computers (laptop or desktop) every three to five years. Add to that any device connected to the internet will hold some degree of data and you can see just how quickly and easily it can be to abandon a piece of hardware holding critical information unintentionally.
Data can be left behind if you don't completely wipe a computer or device with a certified tool. Destruction software, for example, follows the standards of a "DOD wipe", which is what government agencies, like the Department of Defense, would use. If it works for them, it will work for you, too. Not sure what a “DOD wipe” is?
#7 Social Networks - enable privacy settings, increase the default security settings, and set up alerts
Review the privacy and security options for all social networks. Many are open by default, with privacy and security optional or turned off. Make sure to enable alerts and notifications on your accounts to be quickly advised of any suspicious activity. Get notified when anyone attempts to tag you. Much attention is spent creating and updating the content presented on social media to increase your reach. This increased reach requires additional levels of diligence. Fortunately, there are many automated tools that simple need to be activated to help you maintain secure control of all your social channels.
#8 Limit what you do over public Wi-Fi and apply the following best practices when using it
It’s best not to use a public Wi-Fi network without VPN. Rather use your cell network when security is important.
When using public Wi-Fi make sure to confirm the name of the access point. A common trick employed by hackers is to broadcast access points with similar names.
Disable Auto Connect Wi-Fi or enable Ask to Join Networks. Always confirm joining a public Wi-Fi and never opt to remember the Wi-Fi network on public access points.
Always assume someone is monitoring your data over public Wi-Fi.
Do not access your sensitive data like financial information, change passwords or provide personal details over public Wi-Fi.
If you have a mobile device with a personal hotspot function, choose this over public Wi-Fi where possible—but still be cautious.
#9 Turn on Multifactor Authentication
There is no reason not to implement Multifactor Authentication (MFA) as all legitimate platforms will provide for a simple implementation of MFA. MFA is something you can do immediately and easily. Implementing this additional layer can be the piece that saves your data when an unsecured device is lost or stolen. Here’s a great resource for more details.
#10 Always secure your email
You may have the most secure environment implemented. That doesn’t mean the recipient of your email does. If your business model dictates the transmission of sensitive data via email, you should seriously consider encrypting your email. As the industry advances, these services are becoming more reasonable and commonplace. That said, a general best practice is to always consider email as a postcard, not a sealed envelope.
SBA's Top 10 Cybersecurity Tips
SBA Online Course: Cyber Security for Small Businesses
Cyber Resilience Review (CRR) Assessment Tool
The Small Biz Cyber Planner
SBA, NIST, and the FBI's joint Small Business Workshops
The SBA's YouTube channel
NIST's Computer Security Resource Center
COMPTIA's certifications and education programs to learn MSP security protocols
MEET NICHOLAS BROWNSON
Before coming to Oh! Creative, Nicholas Brownson was a sales professional with 20+ years experience in the high tech world. With a solid, operationally-sound approach, Nicholas’ expertise in IT and security software makes him an integral part of the Oh! Creative team.