How secure is your data? In a world where we constantly hear about large corporations having their data hacked and sold to the highest bidder on the dark web seemingly every week, what is your small business doing to protect itself? Whilst you may not have data that hackers want to steal and sell, what happens if you are locked out of your accounts? Your social media accounts? What about email marketing tools? and heaven forbid, your website? Unfortunately these are issues that most small businesses are now grappling with. So it’s past time to step up what you are doing to protect yourself and your business online.
Have you had your Facebook account hacked recently?
Hopefully not you personally, but I imagine that most of you have seen a message like this
“Don’t accept any friend requests from me as my account has been hacked.”
Hands up if you have been caught up in the Optus or Medicare hacks. It seems that no matter where we turn, cyber breaches, hacks and ransomware attacks are on the rise.
And they are.
So what are some of the steps you can take to protect both yourself and your business from exposure to hacking as well as ensuring that you protect your clients data.
Enable 2-factor authentication (2FA)
If you haven’t already, you really need to enable 2 factor authentication on everything you do. Whilst this might seem annoying at first, what is definitely more annoying is not being able to access your account.
2FA is simply an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. This type of authentication typically requires a combination of something the user knows (pin, secret question), something you have (card, token, google authentication) or something you are (fingerprint or other biometric – eye or facial scanning).
Businesses as well as individuals should implement 2FA wherever possible. In fact many software tools now prompt for this, Active Campaign recently commenced requesting this second layer of access proof, Xero has had this for some time and inside Facebook now, you can’t have full access to all tools for advertising unless you have enabled 2-factor authentication.
Some of the ways this can occur are listed below
- Physical token – many banking apps
- Biometrics / fingerprint – for tools such as lastpass or your banking app
- Authenticator app – such as Google Authenticator app
- Email – in the case of Active Campaign
- SMS – logging into Google for example
Create better passwords
This is something that many of us are likely to really suck at.
Whilst you may think that using combinations of information that use clever clues from your life for passwords is sufficient, the truth means that this very method is why hackers can hack your account. They have access to that information already, and complex combinations will eventually be broken via advanced computers. Especially when parts of your information may have already been accessed via other breaches – think Optus, Medicare, Woolworths, Vinomofo, Uber, DoorDash – the list goes on. So it is simply not enough to use details from your life in your passwords. It is also quite staggering to realise that the most common password in the world remains either ‘password’ or ‘123456’.
So in a world where we seem to need a million passwords, how can we create and safely store these randomly generated complex passwords to help us navigate our online lives and business safely. There are 2 tools that immediately come to mind.
Both of these tools allow you to store your complex passwords in a handy online location that you can then share securely with your team or digital agency (without them knowing the data), access as you need and not need to carry around these precious details in a little notebook, a scrap of paper in the back of your phone case or in an online google doc. None of those methods of storage are sufficient and all are downright irresponsible, yet so many people do exactly that!
Why you need to be more careful with your passwords and access
I have seen and also heard about increasing instances of people being locked out of their social media accounts, due to suspicious activity. In the last month alone, I have
- Helped people reclaimed lost access to their Facebook business accounts
- Helped people reclaim access to their cancelled Facebook Ad account
- Ensure that more than one person has appropriate access to all social media accounts ( ie have more than one administrator so that you don’t lose access)
- Helped people restore access to their Linkedin Company page
- Worked through how to reset all passwords after a cyber breach for a client
On a side note, it might be worth looking more closely at what data you are actually storing about your clients and why you are storing it. Big questions being asked right now about how much information is being collected online. What is the purpose of the information? How protected is the storage of that information? ( See above 2 points as a baseline!)
Cyber attacks are a regular occurrence and thinking that you are powerless to protect yourself is not accurate. You can take steps to ensure that you are in a better situation by actioning the steps I have outlined above. Turn on 2-factor authentication right now for everything you can (especially Facebook) and then ensure that you have complex and randomly created passwords across everything you touch and that those passwords are securely stored.
Your cyber security in your hands.