Cyber security tips for small businesses

Gone are the days when a deadbolt and a good guard dog kept intruders at bay. Now, with everyone turning to the Internet for online banking and management of other business practices, attacks can come at any time and without your knowing.

And it’s not just the big corporations that are dealing with cybercrime; small businesses are targets too. But don’t despair. Even if you are a small-business owner with a meagre IT budget, there are plenty of simple and cost-effective things you can do to improve your cyber-resilience.

Ivo Georgiev, who is a senior security consultant with Detecta Systems Inc. in Vancouver, B.C., specializes in designing information security systems to protect businesses. He offered these tips for small-business owners. 

1. Use two-factor authentication to access critical business and financial systems.

Two-factor authentication, which is also known as two-step verification, requires more than just a password in order for a user to gain access to a computer system. It’s similar to using an ATM. You must place your card (Step 1) in the machine, and then you enter a PIN (Step 2). So if someone were to steal your card, they wouldn’t be able to withdraw money without knowing your PIN number. It’s the same with online systems.

Many sites on the Internet support two-factor user authentication. For example, Google Apps and Google Mail (Gmail) allow users to enable Google’s 2-Step Verification for free. Once a user enrols in the two-step verification process, he or she would need to enter three pieces of information to successfully log in to Google Apps or Gmail: a username, a password and a six-digit number displayed by the Google Authenticator App on the user's smartphone. The number changes every 30 seconds, so therefore, even if the bad guys know your username and password, they would not be able to log in to Google Apps and Mail unless they also get a hold of your smartphone.

2. Ensure sensitive and confidential data is encrypted when stored on storage media (hard disks, SD cards, USB drives, etc.) or portable devices (laptops, tablets and smartphones).

The most commonly used operating systems—such as Microsoft Windows, Mac OS and Linux—support whole disk encryption for all files stored on your computer’s hard drive. Applications such as the free TrueCrypt software can be used to encrypt important data stored on portable devices, SD cards and USB drives.

If someone were to steal your computer or portable device, they would not be able to access your encrypted files unless they also managed to figure out the long and strong password that you have used to encrypt the data. You should keep this password in a safe location and should not share it with anybody. Without someone knowing the password, the data stored on the encrypted media and devices is not readable by humans and looks like very long strings of random numbers.

3. Use a password manager to generate and securely store all your passwords. Choose strong passwords.

If you can remember your password, it isn’t strong enough. How then, will you be able to keep track of different passwords for all the websites you use? The answer is a password manager. It stores—in an encrypted form—all of your login information, and will automatically fill it in when you go to sign into any of your online accounts.

The password manager can even generate strong passwords for the websites you use, and all you have to remember is one very strong master password. Password Safe, LastPass and KeePass are some free, easy-to-use password managers.

4. Do not store or keep data on your business computer that you don’t need.

Your customer relationship management software list may include everything from email addresses and dates of birth to sales transaction history and credit card information, but if you don’t need all of that information, why keep it? Online credit card processing is usually outsourced to a third-party anyways, so storing the unnecessary associated data on your computer only makes your business more vulnerable to cyber attack.

Back up the stuff on your computer that you do need regularly, and store at least one copy of the backup in a safe place off-site. SyncBack is an efficient free application for backing up and synchronizing your most important files on a routine basis.

Most backup applications support encryption of backups, but even if they do not, you can encrypt the data using applications like TrueCrypt or by enabling encryption of files created with Microsoft Office and Excel.

5. Talk to a professional.

Cyber security professionals can analyze the specifics of your small business and recommend cost-effective solutions that will help minimize the overall risk of a security breach.

Even a one-hour conversation with a security professional can go a long way toward protecting you and your business from the advent of cyber crime.