🔒 Cybersecurity 101 - Defending your premises 🕵️‍♂️

Cybersecurity for a small business really isn’t rocket science. It’s just a few logical, easy moves that you can do to make sure no one accesses your digital valuables.

It revolves around four main things:

• Passwords and other secrets

• Software and hardware updates

• Downloads

• Antivirus and other defensive software

In this newsletter, I’ll briefly touch on the first two.

Passwords and other secrets

Passwords should be a no-brainer, but it apparently isn’t. Did you know that passwords are considered one of the least safe methods of securing your digital accounts? This is due to a number of things:

1. People tend to use passwords that are easy to guess. “password”, “12345678”, “qwerty”, “11111111” are super common. Hackers crack these very easily, with automated tools. More advanced methods include sifting through your social media accounts to look for birthdays, pets, and family, since many people use their dates of birth, or pet names, as their passwords.

2. People use the same password across multiple services. Imagine this: A data leak exposes your Temu password where you bought some stickers, and you end up losing access to your business Instagram account. It can happen!

3. People rarely change their passwords. A defunct Warhammer forum you signed up for in 2004 can make you lose your Gmail account

4. People share their passwords with friends and family. If your wife’s computer gets infected with an infostealer, your banking details are toast. It’s avoidable.

I know it’s a pain in the neck, but your passwords really need to be strong. Capital letters, numbers, special characters. Every service needs to have a unique password. If it’s too much for you to remember, just use a password manager. Many of them are free, they’re secure, and they can generate strong passwords with a single click. They can also notify you when it’s time to refresh your passwords.

Use two-factor authentication whenever you can. It’s a second layer of protection that makes ALMOST ALL cyberattacks impotent. Google authenticator is a good choice, but there are others, too. Microsoft has one, Apple too.

You can also use biometrics and passkeys - more and more services are supporting these methods. For example, you can log into your PayPal account with your fingerprint. A passkey is a secure, password-free login method that uses biometrics like a fingerprint, face scan, or a device PIN to verify identity. We’ll do a deep dive into passkeys in a different newsletter, but I think this is probably the best way to secure an account.

Software and hardware updates

Many hacking attacks rely on buggy software. Imagine having an e-commerce app with a bug in the login process, which allows anyone to log into other people’s accounts. A hacker can discover such bugs, and with a little automation, exfiltrate sensitive data, or make fraudulent purchases on the platform. 

But if you don’t patch on time, hackers don’t even need to discover the bug. The software developer can find it, release a patch, and the media will report it (I do it all the time). Hackers can just scan the internet for devices that haven't been patched on time and, by already knowing how to break in, easily swoop the data. Therefore, patching your software and hardware ASAP is pivotal.

That’s all the time I have for this week, so I’ll wrap it up here. Next week, I’ll discuss the danger of downloads, and what to do with antivirus software. 

• Sead from SmallBiz CyberWiz