As a business owner, these 3 words instill panic and generate lots of questions:
WHO hacked us?
WHAT data is compromised?
HAS the hack been contained?
WHEN did this happen?
WHY were we hacked?
WHERE did they get into our system?
HOW did they get into our system?
Let’s begin at the beginning: cyber security begins at home.
Think about how you manage cyber security in your own home. Do any of these behaviors sound familiar:
Use the same password on multiple logins?
Keep your passwords written on sticky-notes or on paper in plain sight?
Use simple passwords that may have upper-case, lower-case, numbers and special characters, AND use familiar names, like your dog or cat; your kids; any birthdays or other special occasions?
Share your login credentials with even 1 other person?
Use a wireless router?
Use “The Internet of Things” – appliances, thermostats, lighting, etc.?
Open attachments in emails from people you know and trust?
Visit ecommerce websites that offer products you want at crazy-low prices?
Now, think about how your staff, distributors and customers manage their own logins. The only thing a bad-guy needs is access to your system, whether they hack in or log in. No anti-virus program or other security hardware or software can account for how people manage their own cyber security behaviors.
Please share the following 3 cyber-hygiene tips with your family, your staff, and even your customers. I’ll have a follow-up posts with additional tips to keep you and your system safe.
1. Use a different password for every site where you have a login.
I use a password manager that anonymizes my login credentials and automatically inserts my username and my password. The PW manager isn’t perfect, but it sure helps.
2. The ideal password length is 16 characters!
The good news is that with 16 characters, you don’t need to include numbers and/or symbols unless the login requires them. Use a phrase that has meaning to you. For example, the Beatles’ song “Strawberry Fields” has been in my head all day. The song name has 16 characters, and if I make 1 or 2 small changes, I’ll have a secure password that I’ll likely remember, especially if I use my “hint”:
Of course, I can use upper-case and lower-case, and even throw in a number or two and a special character, but unless someone waterboards me or sees my password on a sticky-note, nobody will crack my password!
A good password manager can also generate random passwords that it stores and uses for you. Just don’t ever forget your PW manager master password!! I’ve done this twice, and I had to use the password reset on almost all of my accounts.
3. Speaking of sticky-notes, would you give your house keys and address to anyone who walks past your desk?
NEVER leave your written password in a place where anyone else might see it. Again, a good password manager keeps your passwords safe and secure.
You have a huge responsibility to protect you company’s data, as well as your customers’ and distributors’ personal information. Whether you have a large company with a huge database of customers, distributors and orders, or you have a startup, your risk and liability are the same. Your customers and distributors trust that you’ll protect their information, and if you’re not practicing good cyber hygiene AT HOME and AT WORK, you risk your company’s goodwill as, well as it’s financial health.