By now all of us have heard of the ongoing cybersecurity threat to both us personally as well as to our business. Whether it is a ransomware attack preventing us to access our information unless we pay, a Trojan virus loaded onto our system to steal our passwords and our identity or a worm burrowing through our system, allowing a criminal to access our confidential information, the threat to our electronic footprint has become pervasive and continual. Sometimes it can be a little overwhelming, thinking of how to combat these threats, making it challenging to understand the best place to start.
Before you consider a business cybersecurity plan for your small business, take a few moments to implement these five simple steps to harden your own personal cybersecurity presence. Once in place, you will have a much clearer idea of the steps to take for your business.
- Download a password safe/ Password storage app ( check out this article from 2015 in Lifehacker: Five Best Password Managers and this one from Android Central, October of 2016: Best Password Manager For Android. There are a number of these free apps out there, just be sure you select a reputable one. Otherwise, you are simply providing free reign to some third world hacker of all of your confidential log in credentials, defeating the purpose entirely.
Change your passwords to two of your online banking profiles, making each password different from the other. Once you have changed the passwords to these two profiles, others will become more evident that you want to change. Create a phrase type of password, interspersed with lower case, uppercase, numbers and symbol characters. It might sound a little challenging, but you will get used to it. You also probably won’t remember it, but then the bad guys won’t be able to decipher it as easily either. Consider something like this WeareUGA phrase:!wE4Are5uG8a@ . Again, make the passwords different from each other and then load these into your password safe.
Change your user name to each of the above accounts to a similar structure as your password, eliminating your name or email address as your username. Your name and/or email address are too easy to find online and once identified, that is 50% of the puzzle for an attacker to be able to access your account. Again, using a combination of lowercase, uppercase, number and symbol characters, make the change. So, your user name changes from: marklupo to a phrase like, Wecandoit in this format: 4wE& cA9n#DoI+t. Add these new user names to your password safe.
Implement two factor authentication at the two online banking profiles you just modified your user name and password. This is where, when you login, before you access your information, the banking site sends you a text code or email with a verification code (usually 6 digits) to a pre-determined phone number or email address. You then type that code into the verification field on the site to prove it is you. In this way, even if the attacker breaches your hardened user name/password, they still are unable to access your information (until they input the verification code). Thus, two-factor authentication.
Identify and implement a cloud based back up solution for your computer data, something like Carbonite or IronMountain. Make a point to do that this week. Go ahead and pull the trigger on this one. It will cost a small amount ( $60 to $100 annually, though relative to a breach and stolen identity or Ransomware attack requiring a payout, there is a strong ROI), but is a worthy investment. Settings will allow you to have your data backed-up anytime you change a file or add/ delete anything, eliminating the need to have to think about backing up. It is immediate. Should you be attacked with a ransomware or malicious virus infection, all you have to do is wipe your system and reload from a clean backup copy from your online backup made before the infection. You may even want to consider creating a mirror back up, where not only your file/folder system is backed up, but also your software to run those files/folders. Mirror backups will cost a little more, but might be worth it to you to have seamless restore process.
So, five simple steps. Give these a go on two sites you use personally and see how you feel. Once you go through the process, you may even want to expand to other online profiles, from your social media logins to even accessing your Google profile. As you strengthen your personal presence, move to your business sites. We are under attack, folks, and you can choose to be either a victim or proactively take charge and implement these changes and become CyberStrong.
(Source: Mark Lupo, Area Director, UGA SBDC in Columbus)