A large part of running any small business is risk management. Today, one risk that we all face is the threat of a cyber-attack. Unfortunately, cyber-attacks can come in many forms with varying degrees of severity. This post will look at some practical ways you can protect your business.

Using a dedicated computer for work

Many households have a shared computer that’s used for both work and leisure by multiple people. Sharing a computer might be a great way to save money, but it comes at the cost of security.

More people using a computer means more opportunities for someone to download some malware accidentally. As children are usually far less security conscious, sharing a computer with a child can significantly increase the risk of downloading malware.

Having a dedicated machine just for you will dramatically reduce the risk of that machine being hit with malware, even more so if you only use it for work.

Use a password manager

If you ask any IT person what companies can do to improve their security, they will all come back with the same answer: Use unique and strong passwords.

It is hard to overstate how important passwords are to digital security. Using long, unique and complex passwords is an essential part of keeping your business safe.

Why long and complex

Brute force attacks are where someone tries to get your password by guessing over and over again. Hackers often use tools to automate this process, submitting large numbers of guesses in quick succession. It is only a matter of time before they guess correctly. The longer and more complicated your password, the longer it will take for the software to guess correctly.

While some login systems will limit the number of attempts someone can make, many do not. Even when limits are in place, there are often ways around them.

It is also worth noting that attacks like these are often speculative and done on a vast scale. It’s worth assuming that we are all being attacked like this to some degree on a very regular basis.

Why unique

Unfortunately, there is always a risk of someone getting hold of your password for something. If that happens, one of the first things a hacker will do is gather information they can use to access your accounts on other platforms. If you use the same password for every service, a hacker with access to one account will quickly turn that into access to all your accounts.

It’s bad enough when one account is compromised. Not only do you need to re-secure whatever has been compromised, but you also need to evaluate what the hacker could have done while they had access. Now imagine having to do that for every software and app you use.

Using unique passwords gives you a much better chance of containing the problem to one specific place. The more you can contain the unauthorised access, the easier it will be to manage and recover from the attack.

Why a password manager

A good password manager will enable you to create long, complex, and unique passwords for all the services you use. It is practically impossible to manage lots of strong and unique passwords without a password manager.

What’s more, good password managers also come with other features to help improve your online security even further. For example, my personal favourite password manager, 1Password, has a feature that alerts me if a website I use has been compromised. I can then decide to go and change my password for that service as a precaution.

Don’t email login details

On a related note, avoid emailing login details to other people. Emails tend to hang around in peoples inboxes long after they are sent. Ideally, you want to avoid sharing login details anyway. However, there are more secure ways to share passwords in those instances where you have no choice.

If you have a password manager, it may have one or more ways to share a login with someone else. 1Password has a feature they call PSST, while other password managers have their own alternatives.

You can also find online services that will allow you to hide your password behind a link. The website password.link stores an encrypted version of your password behind a one-use link. The website only holds an encrypted version of your password, with the encryption key being added to the link it generates in your browser, which you can then send to the person you want to share it with. When they click on the link, it loads and decrypts the password and removes it from the database. If anyone clicks on the link a second time, they will see a message saying the password is no longer accessible.

Be wary of free software

First off, not all free software is bad. There are loads of great websites and apps that are available for free. A free app may have been created for marketing purposes or as a lead generation tool. There are many legitimate reasons for giving something away for free. However, there are also nefarious reasons to give software away for free. Understanding who is behind the free software and what their motives are will help you assess the risk.

Have multiple email addresses

Your email address is a key part of your online identity. It can be used to link the various elements of your online presence together.

Your email address is also an online security weak point. Even seasoned cyber security professionals have been known to fall for a malicious email from time to time.

If you are not limited to one email address, you may want to consider creating additional email addresses to use for different purposes. For example, you might want a separate email address for app logins. Using multiple email addresses means you can keep your primary email address safer. It will also help cut down on spam.

Be careful using public wifi

People often overstate the risks of using public wifi. That said, using a public wifi connection is not as safe as your home wifi. If you are using public wifi, try and stick to those provided by organisations you trust. If you can use a VPN, that will give a bit of additional security.

Some public wifi connections ask for lots of personal information before they will allow you to connect. Always ask yourself what that information is likely to be used for and how secure it will be. If you feel a company is asking for more information than is reasonable, go somewhere else.

Role play some disaster scenarios in your head

When it comes to digital security, we can never eliminate the risk entirely. There is always a chance something could go wrong. Be honest with yourself about the risks you face, and consider how you would deal with some more likely scenarios.

If you regularly work from a local coffee shop, how would you handle someone stealing your laptop without you noticing? If you accidentally clicked on a malicious email link and your hard disk became encrypted, what would you do to recover the situation?

Running through the potential scenarios you may face will help you assess the risks you face, implement changes to reduce those risks, and put a plan in place should the worst happen.