Being online and digital is great – it can save small businesses (including sole traders) time, and allow owners to work ‘anywhere, anytime’. But with that connection also comes risk.
We’ve all heard of online scams that target individuals and security breaches targeting large companies with the end result usually a request for money or resources. But what about us sole traders and small business owners? Are we too small to bother about and so immune from cyber criminals?
Sadly the answer is no. The Australian Small Business and Family Enterprise Ombudsman identifies that small business is the target of 43% of all cybercrimes. That’s huge! And with Christmas and the associated online shopping/sales coming up, now’s a really good time to start looking at your security.
The easiest, quickest, highest return on investment place to start is with your password security.
Firstly, don’t use the same / similar password for everything
I know you don’t use the same password for everything but you’d be surprised how many of my clients do! (And maybe you know a friend who does as well?). Obviously once a hacker has got one password then they’ve got easy access to any other services for which
you your friend has used that password.
The other thing I see a lot of, is people who use similar passwords. For example ‘password1’ for their bank; password2 for their credit card account; password3 for PayPal etc. etc. And if they need to update a password for any reason, then they’ll just change the number as required.
Easy to remember usually means easy to hack.
Secondly, don’t use your name, birthday, favourite colour, family pet etc. etc as a basis for your password.
Again, something everyone ‘knows’ but yet somehow there are still people out there doing it. They think they’re making it safe by for example swapping the letter ‘e’ in their name for the number ‘3’ but those types of passwords can be hacked in seconds.
Finally, don’t write your passwords down and certainly don’t put them into an online, unencrypted file
We’ve all heard the stories of ‘that person’ who wrote down their password(s) on a Post It note and stuck it to the computer monitor
But what about the person who put all their passwords into an electronic note on their phone…and then synced their phone to a cloud backup service?
Or the person who wrote down every password to every system in the back of their diary…and then left the diary in a cafe?
These things happen, and they can happen to you and/or your employees.
So what are we supposed to do?
After all, we’ve all got at least 2 or more passwords to remember in our lives and if we can’t make them easy to remember (see first two points) and we can’t write them down, what can we do?
Seriously, this is the best advice I can provide, but if you’re not interested in that for whatever reason, then,
Use a passphrase rather than a password
A passphrase is a type of password but rather than being a string of random numbers and special characters with a mix of upper and lower case letters, it is an actual phrase of words. According to Stay Smart Online passphrases are most effective when they are:
- used with multi-factor authentication (sometimes called 2-step authentication)
- unique – not a famous phrase or lyric and not re-used
- longer – phrases are generally longer than words
- complex – naturally occurring in a sentence with uppercase, symbols and punctuation.
Do not include the following things in your passwords:
- repeated characters
- single dictionary words, your street address or numeric sequences (such as 1234567)
- personal information
- anything you have previously used.
An example of a passphrase might be RunningBeachMoldyShoes – something that’s definitely easy to remember but will take approx 125 years to crack.
By adding a space and punctuation I’ve upped that time to 4,000 years! Good luck getting hold of any money from me after that length of time!
I used this site, to check my definitely fake passphrase.
Want to delve further into Cyber Security? I highly recommend the Small Business Cyber Security Guide from the Australian Cyber Security Centre. It has lots of information to help small businesses protect themselves from the most common cyber security incidents.