Is Your Email Address Safe? Cyber Security For Small Businesses

Small business owners are routinely challenged with staying up to date on all activities of their business; their learning never stops. Whether it’s new marketing tools or operational improvements, technology is driving change and it is occurring at near exponential rates. Consequentially, threats from hackers are also changing at a near exponential rate. Just as it is difficult to stay up to date on just the well-publicized technological improvements, it is even more difficult to keep up with the strategies used by hackers. Therefore, cybersecurity should be a priority for small business owners. Yet, for a lot of business owners technological changes are so rapid they ultimately fail to create an effective cybersecurity plan. And as the adage says, “a failure to plan is a plan to fail.” For this reason, I will be focusing this and future articles on cybersecurity challenges specific to small businesses. Business owners need to be aware of the real dangers of data breeches from different institutions such as linkedin.com and Myspace.com. Specifically, how the data obtained from these breeches is used by hackers. When a well-known institution has been the victim of a data breech most people who have accounts there will merely update their password for that one institution. For example, when Myspace was hacked in May of 2016 and 360 million email addresses and 427 million passwords were stolen, I wasn’t concerned. I didn’t take any action because I no longer used Myspace. However, when Linkedin was hacked in the same month I changed my Linkedin password. The reason for the difference in behavior was because I didn’t understand how hackers used the data. Most of us know hackers sell emails and associated passwords from data breeches on the darkweb. However, what most of us don’t know is that hackers use the combinations of emails and passwords from institutions of the data breeched on other websites. In other words, hackers could purchase Myspace.com email and password combination and then attempt to use these combinations on the websites of financial institutions. The hackers are betting the owner of the email will use the same password for multiple sites. They will then write a script to attempt to login into the most popular institutions using these combinations. with half a billion email/password combinations acquired they only need a tiny percentage to hit in order to have success. CyberSecurity Strategy to Protect Your Passwords & Email Firstly, I’d recommend learning if your email and passwords have been part of a data breech. It just takes a few seconds to check. Step # 2 is for you to update all your passwords. It’s important to have unique and complex passwords that are routinely updated. DO NOT use one password for multiple websites just because of the difficulty in remember them all. Which is why the step # 3 is to get either a paid or free password manager. A password manager is an application used to store and manage the passwords a user has for various online accounts. The user only needs to remember their one unique password. Alternatively, you can begin to take advantage of Chrome’s password manager extension. Google offers unique password generation, and allows you to “view all your passwords, credit cards, addresses, and other stored information from the main desktop Chrome toolbar. You can also export all your saved passwords into a .csv file at any time”. Business leaders are routinely registering with different websites in order to manage their own business. However, with every new registration they expose themselves to risk. Eliminating risk is impossible, but it is possible to manage those risk. This segues to a step # 4 which would be to partner with your Managed IT Service Provider to ensure that adequate security protections are in place for employees. MSPs can set up specific security profiles that are designed to reduce the risk of security vulnerabilities and then monitor these profiles for security erosion over time. Additionally, they can perform darkweb scans of employees and identify potential risks. In summary… Business owners need to understand how technology can work for and against them. This is easily remedied by reading Infinet Services’ Blogs ???? . We provide simple strategies businesses owners can use to protect themselves and their employees from data breeches of large institutions. check to learn if an email has been part of a data breech Update all passwords Select a password Manager Partner with an Managed IT Service Provider