Digital security is a massively important topic for small and medium businesses in every industry. Digital threats are everywhere, and it’s challenging for many business leaders to stay on top of every potential threat avenue.
Implement 2 Factor Authentication Wherever Possible
Our first recommendation is implementing 2 factor authentication wherever possible. This is easily one of the simplest changes businesses can make, and it can have a significant impact on security. Two-factor authentication, or 2FA for short, is the practice of requiring two types of identification to gain access to an account or system.
That might sound a little confusing, but stick with us— we can explain.
Single-Factor Authentication Explained
Navigate to just about any retail- or service-oriented website, and eventually you’ll be asked to log in. Logging in is a simple affair: provide your username and password, and you’re in. It only takes that one single layer of authentication.
The problem with this model is that credentials are somewhat easy to steal or even guess. Also, people frequently reuse credentials across many sites (this is called bad password hygiene, something we’ll cover more in the next section). There are even databases of compromised username and password combos available for sale on the dark web.
How big of a problem is it if someone else gets into your account? Well, it depends on the account. Maybe this isn’t such a big deal for your Chipotle login. How much damage can someone really do with that? But other accounts, like your bank or your corporate email, are vitally important.
Two-Factor Authentication Explained
Many major companies (Google and Apple come to mind) allow you to opt in to two-factor authentication. When you do so, you have to provide a second way to establish your identity. The most common way to do this on the consumer front is by cell phone number.
Once 2FA is enabled, you’ll start logging in with your username and password. But next, you’ll have to type in a temporary numeric code that the site texts to your phone.
That’s the second layer of authentication. You’re proving to the site that not only do you know the correct username/password combo, you also have access to the same phone you did when you set up 2FA.
Setting up 2FA isn’t very complicated, and it’s a massive security increase. Now, that “hacker” who bought your compromised credentials on some list can’t do much of anything with them. The hacker would have to know who you are in real life and somehow gain access to your phone at just the right moment and without your knowledge.
Practice Good Password Hygiene — and Require Your Team to Do So
Our second piece of advice is related to the first. Practicing good password hygiene throughout your organization will significantly decrease the likelihood of a credentials-based breach.
What is good password hygiene? First, you should ideally use different passwords for each distinct account. Reusing credentials is tempting fate: any one of the sites you used that password on could get breached, and it’s only a matter of time before someone tries your reused password in a place where it works.
Second, don’t keep a notebook or a sticky note with all your important passwords right next to your computer. It only takes half a second for someone to snap a photo of your password list. Think about how many people could gain momentary access to your desk space without raising any alarms. Each one is a threat if you leave your passwords out for all to see.
Third, make each password complex and uncommon. If your password is “123456” or “password” or your spouse’s or pet’s name, just about anyone could straight-up guess it.
Now, we know why people fail to do what they should here. Memorizing 50 or 100 unique username/password combinations is incredibly difficult, not to mention frustrating. That’s where our next step comes into play.
Use a Business-Grade Password Manager
It’s very challenging to do the right things with passwords (using unique ones and not writing them down). We understand why people give in to bad password hygiene. It’s far more convenient!
There’s a much better option, though, that’s relatively convenient and very secure: a password manager. The idea here is to create one very complex master password, which you’ll need to memorize. Then the password manager takes care of the rest. They store credentials for every site you visit and put them in when required.
There are some good business-grade password managers available, and we’re happy to consult with you on what makes sense for your business.
Implement Access Control on Stored Files
The smaller your business, the more likely it is that everyone on the network can see everything on the network. This isn’t generally a good plan, though, especially as your business grows. One disgruntled employee could steal everything on his way out!
Get a Cyber Security Assessment (Free!)
It’s easy for many business leaders to worry about cyber security if they give it much thought. And that’s because you never quite know what’s lurking out there. You may not be experiencing any obvious signs of digital threats or cyberattacks, but can you really know you’re safe?
One of the services we offer here at Southeastern Technical is a free cyber security assessment. We’ll scan your network, looking for any signs of weakness that would be easy targets for digital attackers. We’ll also perform a dark web scan, looking for information about your business that you don’t want being shared, like compromised credentials.
Looking for More? Choose Our Cyber Security Bundle
A great next step is to partner with a managed IT provider like us to take a more comprehensive look at what you’re currently doing and implement a cohesive, comprehensive digital security strategy.
At Southeastern Technical, we have decades of experience helping companies enhance and simplify their digital footprint — including digital security.
- Dark web monitoring
- Endpoint and DNS protection
- Security awareness training
- Managed 2FA
- End user privilege management
- Office Protect
- Breach detection and internal threat hunting
Whatever your business needs, Southeastern Technical Consulting is here for you. Reach out today