These days most business owners should be well aware of the security and privacy risks associated with using the internet. Small businesses use more and more online tools and we’re all used to logging in with passwords to the services that we use online.
However, the more services we embrace, the more complacent we become about passwords. What we’re looking for is a balance between ease of use and being secure.
Let’s look at some of the ways you can improve your security.
Let’s begin by recapping the basic points before moving on to business-specific password security tips. Firstly, make sure you use different passwords for different services. If you use the same password for everything, you leave yourself and your business exceptionally vulnerable.
Here’s what you shouldn’t do:
- don’t share your passwords with anyone else!
- don’t use personally identifiable information e.g. names, birth-dates, addresses, and so on.
It’s all very well knowing what you shouldn’t do but how do we go about making secure passwords that are easy to remember? A good password will:
- be 10 or more characters long
- contain a mix of symbols—upper and lowercase letters, numbers, and special characters like punctuation symbols
- won’t contain recognisable words
- be unique for each service
- be changed regularly if the content it protects is very sensitive (e.g. online banking accounts).
How to create a secure password that you can actually remember!
There are plenty of tools online for generating random character passwords but the problem is that they too random to remember.
The easiest way to create a secure password is to think of a phrase that is meaningful to you and build your password from that. It could be the name of your favourite song or even just some sentence that is too crazy to ever forget.
Step #1: First come up with a phrase, e.g. Lucy in the Sky with Diamonds by Elton John
Step #2: Next convert it into symbols e.g. Lucy 1n the $ky with “D”iamonds by Elton john! which can then be reduced down to L1t$w”D”bEj!
How to store your password safely
Once you have created a unique and secure password, now you need to store it safely.
Small businesses need to be even more rigorous with how they store passwords to avoid the risk of either internal or external data theft or fraud.
Managing staff access
For this reason, businesses should use passwords to compartmentalise staff access to different services. For example, only IT staff having the password to the webserver and only accounting staff having the password to accounting services and bank details.
Preferably, even within departments that have access, each staff member should have their own unique password. That makes it easier to revoke a single user’s password without affecting the rest of the team, such as when a team member leaves their job. It also allows for traceability and accountability. For example, if an offensive post is posted on the company’s Facebook account that leaves your customers angry, tracing who posted it is going to be difficult if your business has a shared Facebook password.
- develop a comprehensive password policy and take the time to provide everyone with training so they fully understand it. Make them sign a declaration agreeing to the policies contained in it.
- change passwords on a regular basis and conduct regular security audits.
- try and avoid logging into any account or service requiring a password from public computers.
- you can also use a password manager, either an online service or a stand-alone desktop application. KeePassXC is an open source solution that is actively supported.
- whenever possible opt for 2-step Authentication, which adds in a second step when you log in but makes it even more secure.
Protecting customers passwords and online security
If you are offering your services and products online then you also have an obligation to protect all of the personal information of your clients—not just their login passwords. That means consulting with a professional to get it right.
- enforce HTTPS traffic between the client and the server
- ensure your server applies all security patches as soon as they are released
- never store confidential information in plain text
Once you’ve mastered the basics you can also look at learning how: