Some of the biggest threats that businesses face today are security threats. Whether they are threats to online security, offline security, protecting IP and more, these security threats are more pervasive than ever and many entrepreneurs just aren’t doing enough to protect themselves and their businesses. So, we have asked the CarolRoth.com contributor network of business owners, experts, advisors and entrepreneurs to share their top security tips for businesses. Their answers are presented below in no particular order.
You may notice some similar ideas listed, but I kept them separate, as something in the way one is framed may resonate differently with you.
1. Use an External Hard Drive
If you have digital information that you want to keep safe, place it on an external hard drive and leave it disconnected from the internet. When you want to access it, disconnect your PC from the internet before plugging in. This stops any malware from being able to access it and send it out over the internet. Once you have finished with your external drive, unplug it before connecting your PC back to the internet. Also, keep your external drive in a safe place, preferably locked away.
2. Never Forget a Password Again!
When you’re an entrepreneur, you probably have dozens of online accounts that you use for everything from payroll to answering a million emails. Rather than using a variation of the same password for each account, entrepreneurs should utilize password managers to create a long, complicated and unique password for each account. All of the usernames and passwords will be stored in an encrypted vault, and the user will only need to know one master password to access all of their accounts.
3. Develop Fortification Culture
In today's age, the threat of viruses & being hacked or losing important data is more than ever. Hence, it is very important for entrepreneurs to develop a culture of keeping strong passwords within their team by way of seminars, training, etc. Wherever possible, opt for two factor authentication. Further, changing passwords regularly and updating the operating system is a good practice to adopt.
4. Stay Safe - Find a Buddy
We are often the most vulnerable when we are alone. We were taught in kindergarten to hold hands and go with a friend. The same advice works for adults, too. Thanks to technology, we can connect with our buddy virtually. You can share your travel itinerary, your ride share location, and health notifications with a friend. Plus, having someone in your life that you trust leads to more than safety, it leads to deepened level of security. Share more of your life with someone you trust.
5. Neurotic About Backing Up!
Ok, some people call me crazy, but my office could burn to the ground & I would be back up & running in as long as it took to go to buy a new computer and hit the restore button on my online backup software.
I backup using three different sources. I have a physical backup drive in the office, I use Dropbox to backup all files & I use Carbonite to back up my full system & software installs.
Having a backup system is critical for both peace of mind & protecting against the unknown.
6. Lock Your Bag to Bulky Things
I always travel with a retractable tungsten cable. It’s about the size of a pack of cards. When I get to hotels or airport lounges, I loop it through my bag handle and a table, chair or other heavy item. It doesn’t have to be fixed, just bulky. It won’t dissuade a determined thief but it stops the casual light finger taking my bag as they’d have to walk out with a piece of furniture, too - which gets noticed. It also secures it whilst I’m in the restroom quickly.
7. Strong Passwords
As an entrepreneur, you will have lots of important data online. It could be any third party app or a simple tool like your mailbox. If you are a blogger, the password to your website is crucial.
Ensure that you have strong passwords and they are changed on regular basis. Make use of capital letters, characters and numbers.
Besides this, you can also focus on creating usernames that are not so obvious (for example, admin or your name). It is easy to hack into your accounts if you do that.
8. Reconciliation an Outside Job
Always have a third party person reconcile your back accounts. I hire a trusted VA that reconciles all my bank and credit card accounts across all my companies and personal accounts. She then creates a report on any unusual activity. This person has no connection to my day-to-day accounting staff. My VA also creates a Google folder with all the bank accounts, reconciliation reports, and monthly P&L and Balance Sheets. This gives me additional security that my finances are in proper order.
9. Setup Two-Factor Authorization
When using software, online services, and even email accounts, many sites will allow you to set up two-factor authorization. That means when you enter your username and password, the site will send you a notification with a one-time code - often via text - to your cell phone. You then enter that code as the second step to finally login. This protects you in the event that someone else gets your username and password, so I highly recommend business owners use it wherever available.
10. Always Create Strong Password
In any online business you do, you must have a username and a password with which you access your account. One mistake many entrepreneurs do is creating passwords that are very weak. Most times, the system dictates that for us, but we don't really care. Strong passwords will prevent anyone from easily logging into your account. Make use of characters (upper and lower cases), numbers and symbols. Always remember to log out, even if the device is personalized. It is always better to play safe.
11. Use a Password Manager
One of the biggest security flaws in businesses is using the same passwords everywhere or weak passwords (like "password" or "hello123") for everything. A good password manager like LastPass or Dashlane will allow you to not only create secure passwords, but keep them stored in a secure vault.
12. VPN it, Baby!
Billions of records are being stolen every year from credit card companies or online stores, etc.. As such, this needs to end NOW. As such, what I recommend to anyone who will listen is to get a VPN for usage on your laptops immediately. Too many of you work from a coffee shop with an "Open" network where people can see right into your laptop and take your data; a VPN will save you the pain and troubles.
Christopher Carter of Approyo
13. Business Security Audits
Business security audits or assessments consist of evaluating & providing preventive options for improving the safety & security of a business.
• Business Security Systems- The first area of business security audits or assessment in your company is the security systems.
• Business Premises/Properties- Your business premise is another essential area that requires consistent business security audits.
• Business Personnel- Two types of threats, internal (employees) & external (stranger).
14. Encrypt and Destroy
When handling any financial, medical or personal information for yourself or clients, always use a form encryption in email, texting or messaging. Find an inexpensive VPN service to communicate anywhere over the public web.
When you are done with the use of protected material, shred it, so that it can never go outside of your control and be misused.
15. Get With the Times
Make sure that your software is up to date. Technology is so dynamic, constantly changing and constantly a game of cat and mouse. If your software is obsolete, then chances are so is your security.
16. Plan Security From the Start
For many entrepreneurs who are moving fast, security can be a bit of an afterthought. One of those "it's on my to-do list" bullet points that never gets addressed. So, ensure that you factor it in from the start and get into the habit of thinking about security at each stage of development.
This can include things like ensuring that your team uses two-factor authentication on their laptops and mobile devices where possible in case of theft. Likewise, regularly run website and server vulnerability checks.
17. Humans or Bots; Your Decision
Bad bots can be tracked through their prolonged activity on the websites, they can be traced since their location is not specified like a normal user. Bots are not able to reply like a human, they will only be crawling on your websites and will be visiting it to do any malicious activity. So, whenever that kind of bots appear, with no referee either from FB or google, their IPs should be blocked.
18. Test Your Team
We have run fake phishing scams against our employees and management teams as a way of teaching them to be resilient to those efforts - to not give away passwords, click on unknown links, etc. In our business, protecting the privacy of our customers' information is absolutely critical. There is nothing more personal or important than one’s health, and we are very conscious that we protect information associated with that and prevent data breaches.
19. Hacks to Stop Hackers
Have you heard of the Wordfence plugin?
Wordfence is a Security plugin. It's free and always up-to-date on security threats, too. My knowledgeable IT assistant recommends the plugin.
20. Improve Account Security
Two-factor authentication or 2-FA is a utility that adds an additional layer of security to your online accounts & something I highly recommend.
Here's how it works:
1) Install a 2-FA app on a phone like Google Authenticator or Authy.
2) Sign in to an account that supports 2-FA and turn it on.
3) Connect the 2-FA app to your account.
When you next log in, you will have to input your 2-FA key which is a random encryption key which expires every 30s and will increase your account security.
21. Use a Physical Key
Any business owner who uses email or social media should be using 2-factor authentication, ideally with a physical key like a YubiKey to lock down their email and social accounts (at least the administrator access).
Having a physical key will prevent unauthorized users from getting in if your password is compromised.
22. Share Without Sharing
One of the ways we practice security is to limit password access. Several password managers allow users to share access to passwords without actually allowing the people you share the passwords with to view the password. This makes it easy to give user-account access to employees and freelancers without giving them the actual password. You can later remove their access to the password manager without having to change all of your passwords.
23. Back Up & Encrypt Your Data
Data is a business' most valuable asset, which is why it is so important to ensure it is backed up. What's more, depending on the circumstances, should data be lost, it can be considered as a data breach in accordance with GDPR. As such, we recommend using a VPN when accessing files online when you're out and about. Other security measures include using encrypted mobile storage devices, such as hard-drives or USBs. Only then will you be compliant with GDPR and be able to secure your data.
24. Master Your AI
The ability to leverage machine learning and artificial intelligence is critical to entrepreneurs’ cybersecurity efforts. There is no doubt AI can become the future of security. Data is exponentially increasing. Automation and machine learning have catapulted us beyond the limitations of human skill. As businesses are becoming more digital and data-driven, the more information we can gain from our data, the more entrepreneurs will be able to monetize it. They should bone up on AI and master it.
Steve Tcherchian of XYPRO
25. Privacy & Identity Coverage
Our #1 security tip for entrepreneurs is to get identity and privacy coverage. I have seen more business owners lose their business due to identity theft or privacy complications than actual data breaches or system failures. Identity Theft Insurance is not the same thing as identity and privacy management. Removing all non-relevant business and personal information from the internet as possible, especially when you're a start up, keeps your business safer than you think from cyber threats.
26. Educate Your Board
A sophisticated Board, not only business but in today’s cyber and IT security, is a must to understand the issues and protect the company from these types of harms. Translating an understanding of the importance of a proactive IT policy is imperative. Many companies have very robust policies and procedures for their business processes, which sophisticated Board members can understand. IT is a different language, and unfortunately, most of the Board will ignore issues they don’t understand.
27. Use a Bogus Question Challenge
We’ve seen the quality of email forgeries improve lately. Voice and video forgeries aren’t far behind. How do you tell whether somebody is who they claim to be over the internet? Ask a bogus question. Let’s say you met Mary in New York last month over lunch and ate chicken. Tell the person pretending to be Mary you need to verify she really is Mary, and then ask “her” what you had for dinner last week when you met in Chicago. And, then have fun when “she” tries to wiggle out of it.
28. Multi-Factor Authentication
Compromised credentials are one of the top ways attackers gain access to a company’s systems and information. Implementing multi-factor authentication on all remote access is essential to ensure security for all vendors that have access to the company’s system or the company’s information.
29. The Russians Hack Everyone
Make sure that you have a security plugin on your websites such as WordFence or All in One WP Security and Firewall. No matter how small your business and website is, it is at risk to be hacked. My web design business started about 6 months before the 2016 elections. Sure enough, when I installed and activated my security plugin on my website, the logs showed several hacking attempts from Russia. Not only are government officials to be hacked, but so are everyday small businesses.
30. Don't Get Your Email Hacked!
You absolutely must implement secure two-factor authentication on your email account in order to minimize the chances of it getting hacked. This means authentication not via your phone number, but with a more robust method like Google Authenticator.
If your email is hacked, the hacker can spam all of your contacts in a matter of minutes or, even worse, hack them. This can be very embarrassing to you as an entrepreneur, make you look unprofessional, and undo a lot of hard work. Avoid it!
31. Secure WiFi While Traveling
As an entrepreneur, you'll find yourself using any WiFi you can get your hands on to keep up with work while you're on the go. A lot of it won't be secure, so do yourself a favor and get a VPN. It's so basic, yet I rarely see people using VPNs to stay secure online. Once you set them up, they are extremely easy to use, don't take up time and will keep your data safe on even the most unsecure WiFi.
32. Prepare Your Staff
Invest in Training
Collect use cases for common scams and train your staff to recognize them.
Create a Questioning Culture
Teach employees about your process for funds disbursement.
Reinforce the questioning culture by encouraging every employee to report attempts to a central point of contact in the company.
In the end, the goal is to help employees recognize scam attempts and use them as the frontline barrier for stopping them.
Cyber liability insurance is hands down the most important security tip I can give you and it’s one of the most overlooked areas in your business. It can be added to many small business policies for a modest cost. In this litigious world, it can protect you from a potentially business ending lawsuit that could arise out of something you had no control over.
34. 2-Factor Authentication
My biggest security tips for entrepreneurs are that you should ALWAYS use 2-factor authentication when available and use centralized resources that you can lock down to protect your IP.
Terril Fields of Blerd
35. Train to IT Security Victory
The most overlooked element of security in the workplace – is actually the most obvious and would yield the best results - effectively training staff. Hackers are clever, Trojan horses, too – but employees are still the most likely reason for breaches, from downloading malicious attachments, clicking links, to being involved in man in the middle scams. The list is endless – and yet businesses spend next to no time on training staff effectively AND keeping them updated with the latest threats.
36. Paying 4 Virus Protection 2x?
You need good anti-virus protection; however, you may not realize that your ISP often provides protection free or fee-based as part of your overall service. Find out if you're paying twice. One recent church I shared this tip was paying $100 extra a year to a virus service PLUS their ISP had changed the rate from $7-mo. for 3 computers to $5 for 5 computers and they didn't tell us! So, check the prices with your ISP once a year.
37. Two-way Authentication
When it comes to privacy and security, the corporate world is a dangerous place. Creating a website for any kind of business is the prevailing custom of today’s world. For any entrepreneurs or business owners, it is the ultimate responsibility to ensure security measures for their website. What I consider the most actionable step to make my business website more successful is to add two-way authentication for my admin login page. This adds another protection layer to your login pages.
38. Plan for Protection
Protecting IP is something all entrepreneurs should consider at the start of a product lifecycle. There are no products that are not counterfeited, from food and beverages to industrial chemicals. So, if you plan to launch a product in a year, waiting until weeks before the launch will be insufficient and you may suffer a huge loss of income as a result. The speed of the internet means copies of new products appear for sale within hours of release (or in many cases before they’re released).
39. Don't Forget the Basics
Improving and updating the physical security to prevent unauthorized access to confidential or proprietary information is often overlooked.
With so much attention on encryption, the basics of security are often ignored. Doors are left unlocked, alarms not set, and security cameras either not working properly or unmonitored. For instance, keep external computers (like the one used on reception) on a separate network than that of the internal computers.
40. Security Awareness Training
The best security as an entrepreneur you can use is your own awareness about different threats that you can face (phishing for example). Cybercriminals can even steal your business using phishing. There are different pieces of training all around the web to boost your awareness. Example: https://www.everycloud.com/security-awareness-training. Stay safe!
41. Keep Future Plans in Secret
My number 1 tip for security is to be careful what you say and where you say it. I have entrepreneur friends in the SaaS space that got burned because they talked about their upcoming project in a conference. It turns out that someone who was attending heard the idea and while they were not able to steal the idea itself, they took the domain name and social media accounts. Later on, they offered to sell both to my friend, at an increased price, of course. So, be careful both online and offline!
42. Encrypt Important Information
Encryption ensures that your important data is fully invisible to hackers, even in the case of a breach. While this security method doesn’t prevent hacking as such, it transforms your information with the help of complicated algorithms, so that only authorized people with a key can access it. There are different encryption methods to choose from, depending on the complexity of the algorithm. However, this is a long-term solution to keeping your sensitive information safe.
43. Create Strong Passwords
Companies sometimes have generic passwords for the majority of company accounts which puts all of your sensitive data at risk. One good strategy for creating strong passwords (and making sure you remember them) is to come up with a verse of your favorite song. Take out the first letters of each word and add numbers and special characters in it (could be an important date). As a result, you will get a combination of random letters and numbers which you won’t forget.
44. Keeping Your Docs Confidential
Having secure file storage is essential as an entrepreneur. Working with personal information, confidential documents and plans, it’s essential that my document security keeps these documents safe and away from hackers. I ensure my laptop and phone are password encrypted and keep documents stored online on Google Drive. Most companies I work with use G Suite and I include this requirement in my contracts with clients that this is where information is kept so that data security is never an issue.
45. Use a VPN
If an entrepreneur isn’t using a VPN, then they are inviting hackers to target their company. Most companies today have at least a semi-remote team, especially new businesses and small organizations, which means that team members are often using public networks that are not secure. A business VPN encrypts all internet traffic for the user to ensure that no one can see what they are doing on the internet. Without a VPN, sensitive business information may be at risk.
46. Two-step Verification
Most, if not all, banks allow their customers to set-up two step verification to login. Employing two-step verification for sensitive accounts and software access provides an extra layer of protection at no cost.
47. The Insider Threat
The insider threat is a major risk to cybersecurity in today’s digital age. Employee security training should be a part of your company culture, and the more widespread it is at your company, the more people will buy into it. Try having your CIO or IT manager included during the onboarding process to really drive home to new employees the importance of security at their new place of employment. For long-time employees, ensure your message is being passed on through their team leaders.
48. Develop an InfoSec Program
A well-developed information security program will help IT and the business be more efficient, as well as more secure. A good example is asset management of workstations. The Information Security team wants all operating systems and applications up-to-date with patches and updates, as well as to have a good understating of authorized systems on the network. A good asset management tool will ensure that these needs are met, but will also make IT’s job easier supporting their end-users.
Christopher Gerg of Gillware
49. Games are High Security Risk
Do not permit your employees to download games or personal-use apps on company-issued devices like phones, tablets or computers. Hackers will use them to find vulnerabilities. Keeping your platform protected from hackers who could spy on meetings, download sensitive documents or gain access to employee or client info should be a top priority. Companies should have security software in place that blocks or tracks employee devices and their downloads, and sends alerts if there is a threat.
50. Take Care with Mobile Apps
The majority of applications people download to their phones are perfectly safe. However, in the past year, cybercriminals have been developing more apps that contain malware and ransomware for individual phones. According to Symantec’s 2019 Internet Security Threat Report, one in 36 mobile devices had high-risk apps installed, so to stay safe, consumers should keep their phones’ operating systems as updated as possible, and only download apps from primary app stores.
51. Lock Up Your Login
Wordpress sites can be penetrated by intermediate, as well as advanced, hackers. This is more pertinent if people don’t update their site plugins regularly, as this can leave loopholes.
More than 90% of sites use /login or /admin after their site name as WordPress creates this by default! You can prevent the majority of hacking attempts by simply changing the URL of your login page. Our site was https://dfylinks.com/login but we have changed it, so anyone outside of our company doesn’t know it.
52. Virtual Private Network
A Virtual Private Network (VPN) is incredibly important for a few reasons. Firstly, to help protect the information of my clients and my employees. Jolly Content, as a whole, is a remote business, therefore, keeping everyone's information safe is crucial. I also work part of the year in China. As most people are aware, there are blocks on many American websites. Without a VPN, it would be impossible to work. It's a very inexpensive way to give peace of mind to my team and clients.
53. Protect Your Domain IP
Always protect the IP of your domain. This is a key factor in any sort of online protocol, but it's increasingly more important when you take into account who may be viewing your site. You want to protect any sensitive information from the public. If you're an ecommerce business, this is imperative because you're not only working with your own information, but the information of your customers. Protect them by protecting yourself.
54. Security Plugins Save the Day
Most of us have the words “login” or “contact us” on our websites. This makes our businesses targets for cyber attacks. That doesn’t mean you have to be a victim. Whether you built your website or hired someone to develop it for you, be sure to take advantage of the easy to install security plugins available to you. Best news — most are free. Squarespace, Go Daddy, Wix, WordPress and other popular website builders all offer plugins that will show you an inside look at your traffic.
Joshua Milne of BotRx
55. Mitigation You Can Bank On
Remember to apply any trusted mobile banking app (and your own phone) software updates as soon as possible. It may seem like another invisible task that needs to be done, but it will ensure that you are not vulnerable to dangerous and expensive malware attacks that can steal your information. It's a simple yet powerful solution to protect your financial and personal data in today’s digital age.
56. Two-Factor Authentication FTW
The last thing an entrepreneur wants is that their data falls into the wrong hands. This can create serious implications for their entire business. Two-factor or multi-factor authentication for enhanced security in this technological-packed environment is a must. Implement this technique whenever possible and also train your team to be socially engineered with basic security hygiene. Use an app called LastPass to protect passwords and generate stronger ones, and never forget to use VPN (e.g., TouchVPN).
Nooria Khan of GX
57. Business Security Tip
I work with many confidential documents for clients. When I really want to assure security when they send me an office document, I will have them make it password-protected to open the document and email it to me. This works with both Word and Excel. Then, have them text the password to me. By splitting it into two delivery methods, the chances for security issues are reduced greatly.
58. Keep Your Voice Down in Public
Entrepreneurs typically promote themselves sharing our names or digits freely for legit business reasons.
Calling in a reservation? Checking in? Never say your real name, email or any address aloud for random strangers or staff to overhear.
It’s harder than you think. Whisper or share business cards quietly. Use a nickname or refuse to answer.
Good security today means preventing thieves or their eavesdroppers from gleaning your identity and sharing it amongst crooks.
59. Open at Your Own Risk
Email is key to getting our work done, so my tip is to NEVER open any attachment you are uncertain about. Nothing is worth the risk of getting a virus and having to spend hours trying to undo the damage done. It can kill your day and frustrate your clients, so take the time to double check that it is not spam or worse.