Digital security is a massively important topic for small and medium businesses in every industry. Digital threats are everywhere, and it’s challenging for many business leaders to stay on top of every potential threat avenue.
That said, there are quite a few simple ways to increase digital security, things that just about every business can and should implement quickly. Below, you’ll find six common sense steps to increase digital security. Hopefully, your business has already implemented some of these. If so, great! Use this as a check-up and implement the ones you’re missing.
Implement 2 Factor Authentication Wherever Possible
Our first recommendation is implementing 2 factor authentication wherever possible. This is easily one of the simplest changes businesses can make, and it can have a significant impact on security. Two-factor authentication, or 2FA for short, is the practice of requiring two types of identification to gain access to an account or system.
That might sound a little confusing, but stick with us— we can explain.
Single-Factor Authentication Explained
Navigate to just about any retail- or service-oriented website, and eventually you’ll be asked to log in. Logging in is a simple affair: provide your username and password, and you’re in. It only takes that one single layer of authentication.
The problem with this model is that credentials are somewhat easy to steal or even guess. Also, people frequently reuse credentials across many sites (this is called bad password hygiene, something we’ll cover more in the next section). There are even databases of compromised username and password combos available for sale on the dark web.
How big of a problem is it if someone else gets into your account? Well, it depends on the account. Maybe this isn’t such a big deal for your Chipotle login. How much damage can someone really do with that? But other accounts, like your bank or your corporate email, are vitally important.
This is where two-factor authentication comes in.
Two-Factor Authentication Explained
Many major companies (Google and Apple come to mind) allow you to opt in to two-factor authentication. When you do so, you have to provide a second way to establish your identity. The most common way to do this on the consumer front is by cell phone number.
Once 2FA is enabled, you’ll start logging in with your username and password. But next, you’ll have to type in a temporary numeric code that the site texts to your phone.
That’s the second layer of authentication. You’re proving to the site that not only do you know the correct username/password combo, you also have access to the same phone you did when you set up 2FA.
Setting up 2FA isn’t very complicated, and it’s a massive security increase. Now, that “hacker” who bought your compromised credentials on some list can’t do much of anything with them. The hacker would have to know who you are in real life and somehow gain access to your phone at just the right moment and without your knowledge.
Practice Good Password Hygiene — and Require Your Team to Do So
Our second piece of advice is related to the first. Practicing good password hygiene throughout your organization will significantly decrease the likelihood of a credentials-based breach.
What is good password hygiene? First, you should ideally use different passwords for each distinct account. Reusing credentials is tempting fate: any one of the sites you used that password on could get breached, and it’s only a matter of time before someone tries your reused password in a place where it works.
Second, don’t keep a notebook or a sticky note with all your important passwords right next to your computer. It only takes half a second for someone to snap a photo of your password list. Think about how many people could gain momentary access to your desk space without raising any alarms. Each one is a threat if you leave your passwords out for all to see.
Third, make each password complex and uncommon. If your password is “123456” or “password” or your spouse’s or pet’s name, just about anyone could straight-up guess it.
Now, we know why people fail to do what they should here. Memorizing 50 or 100 unique username/password combinations is incredibly difficult, not to mention frustrating. That’s where our next step comes into play.
Use a Business-Grade Password Manager
It’s very challenging to do the right things with passwords (using unique ones and not writing them down). We understand why people give in to bad password hygiene. It’s far more convenient!
There’s a much better option, though, that’s relatively convenient and very secure: a password manager. The idea here is to create one very complex master password, which you’ll need to memorize. Then the password manager takes care of the rest. They store credentials for every site you visit and put them in when required.
There are some good business-grade password managers available, and we’re happy to consult with you on what makes sense for your business.
Implement Access Control on Stored Files
The smaller your business, the more likely it is that everyone on the network can see everything on the network. This isn’t generally a good plan, though, especially as your business grows. One disgruntled employee could steal everything on his way out!
Access control is what it sounds like: controlling who has access to what resources on the network. It’s a common sense step that you can take today if you have a little tech know-how. (And if not, we can help!)
Get a Cyber Security Assessment (Free!)
It’s easy for many business leaders to worry about cyber security if they give it much thought. And that’s because you never quite know what’s lurking out there. You may not be experiencing any obvious signs of digital threats or cyberattacks, but can you really know you’re safe?
One of the services we offer here at Southeastern Technical is a free cyber security assessment. We’ll scan your network, looking for any signs of weakness that would be easy targets for digital attackers. We’ll also perform a dark web scan, looking for information about your business that you don’t want being shared, like compromised credentials.
Click to learn more about our free cyber security assessment.
Looking for More? Choose Our Cyber Security Bundle
The common sense steps we’ve listed above should be an excellent start for individuals or small businesses looking to increase their digital security efforts. Of course, there are all sorts of more complex ways to continue strengthening your network’s security.
A great next step is to partner with a managed IT provider like us to take a more comprehensive look at what you’re currently doing and implement a cohesive, comprehensive digital security strategy.
At Southeastern Technical, we have decades of experience helping companies enhance and simplify their digital footprint — including digital security.
We’ve put together a cyber security bundle for a layered defense that includes seven top tools for security enhancement. We won’t outline every one of those tools here, but here are the areas they cover:
- Dark web monitoring
- Endpoint and DNS protection
- Security awareness training
- Managed 2FA
- End user privilege management
- Office Protect
- Breach detection and internal threat hunting
Several of these are related to specific points earlier in this article. If implementing those common sense steps proves too complex, you may need a better tool to get it done. With our cyber security bundle, chances are you’ll find that tool — plus expert help in setting up and maintaining the tool.
If you’re interested in seeing what our cyber security bundle can do for you, or for more hands-on help with anything we’ve discussed today, feel free to contact us. The same goes if you’re looking for a dedicated managed service provider to take care of some or all your IT needs.
Whatever your business needs, Southeastern Technical is here for you.
