Security habits small businesses should build (or break) this year

IT security, online security, cyber security czar, cyberinsurance, cyber resilience

2018 is well underway and, by now, New Year’s resolutions may already be a distant memory for some. However, it’s never too late to start building good information security habits or breaking bad ones.

Here are some simple steps you can take to significantly improve your digital security without impacting your daily life.

  1. Do use free two-factor authentications (2FA) whenever available. Passwords have problems, and many users don’t use them correctly. The best defence is multifactor authentication (MFA). Most big sites and cloud services offer free 2FA options, so there’s no excuse not to use them when they are available.
  2. Do use a password manager. MFA is your best option, but if a site doesn’t offer it, you need to follow good password practices. That said, remembering hundreds of long random passwords is hard (okay, impossible). Password managers solve this problem. Sometimes they are even built into your OS. Use them!
  3. Do invest in security hardware or software, no matter what platform you use. Any desktop computer without security software is like swimming in a sewer with an open sore. Have a Windows system? Then you are probably used to it already. However, Macs also need security suites, as well as mobile providers like Android.
  4. Do backup! Yes, most people say they do… but do you really? If everyone backed up their systems correctly, ransomware would cease to exist. If you do backup, have you ever tested those backups? Make sure the data you think you are saving is really there, otherwise you’re just wasting time.
  5. Do patch regularly. For normal desktop users, I suggest you just set your OS to automatically download and install updates immediately. While there are potentially a few cases where you might wait, I’d rather deal with those uncommon cases rather than dealing with a computer that has two-year-old software flaws.
  6. Don’t send payments based only on texts or emails. There has been a big increase in phishing emails and text messages asking victims to make wire transfers. While these communications may seem to come from your boss or someone you know, they almost never do. You should always validate such communications by talking to the requester using a different communication channel before fulfilling them.
  7. Don’t be click happy. You see a lot of emails and social network posts everyday with links. Yes, a deal might sound good, but do you really need to click? Do your best to avoid clicking unnecessary links from unsolicited communications. Rather, visit sites directly, or if you must click something, look at the link first, and use tools to unmask shortened links.
  8. Don’t join public or open wireless networks without protection. First, see the Do above on security software. More importantly, if it’s an open network you should never use it without a VPN.
  9. Don’t believe that good things come free. There’s a lot of applications and media you find online that screams it’s “FREE.” At best, many of these things come with ads or spyware. At worst, they may infect your computer. While there are some open source things that are good, think twice about anything screaming about being “free.”
  10. Don’t leave your computer in the open in public. Even in environments you control, set a lock screen on your computer, and make the lock timeout relatively low (a few minutes).

Remember, good security is often way more about sustained behaviours – day in and day out – than any one mistake or decision.

Mark Sinclair, ANZ Regional Director, WatchGuard Technologies