07/07/2014

By Bill Carey, Vice President of Marketing & Business Development, for the RoboForm Password Manager.

You’ve no doubt seen news reports about hacking incidents at large companies — from eBay to Domino’s. It’s a growing problem, but generally, only the major incidents that affect millions get media attention.

That can lull small businesses into thinking that they’re not targeted by hackers, which is a huge misconception. At companies large and small, lax security practices by frontline employees are the primary vulnerability point.

Reduce the risks to your small business by developing a security policy or guidelines for your staff that take the following into account:

1. Hold your employees accountable. Make sure employees understand how to protect vital company information by providing training, and then hold them accountable with a formal cyber-security policy.

2. Install the latest software and browser updates. Virtually every platform and all browsers provide periodic updates that can be installed at no charge. Often the primary reason for the new release is to close security gaps. Make sure your business’ software is up to date.

3. As soon as you’ve finished using a website, log off and close your browser. An open browser is an open invitation to hackers; keep your account out of the wrong hands by closing applications you aren’t using.

4. Create hard-to-guess passwords and change them frequently. If your password contains a combination of upper and lowercase letters, numbers and special characters, it will be more difficult to guess. Remember, the more complex your password, the harder it is to crack. Easier still, use a password management system to automate the process.

5. Don't use personal information in your password. Never use your name, your partner’s name, a child’s name, your occupation, telephone number, birth date, etc., as a password since this data is widely available online.

6. Hold your employees accountable. Make sure employees understand how to protect vital information by providing training, and then hold them accountable with a formal cyber-security policy.

7. Password-protect your mobile phone or tablet. Millions of users don’t take the basic step of establishing a PIN or password to access their smartphone or tablet, which is a huge mistake. Protect your business’ mobile and tablets with a secure PIN or password in case it falls into the wrong hands.

8. Use the “keystroke” method to make a strong password. Choose a password you can remember and map each letter to an adjacent key. One key to the left and one up would make the password “tinmen” change to “47gh2g”

9. Set incoming mail to be read in plain text only. If you have email settings that automatically allow images to open, hackers can tell when you’ve opened an email. Instead, set your email to open as plain text, and click images only from trusted senders.

10. Don’t keep a record or list of your passwords. It’s tempting to save a password list, but it defeats the purpose of having a password in the first place. Don’t keep a record in an unencrypted file on your computer or phone — or, worse still, scribbled on a post-it note on your monitor.

11. Maintain a burner email address. Email is one of the primary gateways for hackers, so it’s a good idea to limit the number of people who have your main email address. Create a free account to give out to customers and third parties, etc. This also helps keep your inbox spam-free.