What precautions should all business owners be taking to keep their devices secure, particularly given the recent DDoS attack?
The Young Entrepreneur Council (YEC) is an invite-only organization comprised of the world’s most promising young entrepreneurs. In partnership with Citi, YEC recently launched BusinessCollective, a free virtual mentorship program that helps millions of entrepreneurs start and grow businesses.
1. Hire an Outside Consultant to Review Your Current Security Strategy
An outside security consultant brings a fresh pair of eyes and will look at the problem from a unique and unbiased perspective. You or your IT staff may be accustomed to your current strategy and may not be able to see the holes in it. It’s like having a small piece of food on your cheek. You won’t notice it, but somebody else will.
2. Use Touch ID Security
Passwords are hard to remember, can be easy to guess and put your devices at risk for a DDoS attack. That’s why you should use touch ID security whenever and wherever available. For instance, you have two options if you own an iPhone 6 or higher. You can select a password and risk getting hacked by an intruder or you can use touch ID (fingerprint) security to eliminate vulnerabilities.
3. Keep Sensitive Information Off of Your Devices
First of all, utilize hard-to-guess passwords and back up your important documents and info on a separate device. If possible, keep confidential information off of your devices entirely. Install top-rated security software and utilize an app that lets you control your devices remotely.
4. Hire an IT Security Expert
Whether you have an IT department or just a few IT folks managing your systems, you should consider hiring an IT security expert who can put in place the policies and procedures to protect all of your devices and equipment. Whether you use a contractor or hire internally, choose someone who knows best practices and is up to date on IT security efforts, including DDoS.
5. Regularly Update Firmware
It’s easy to get caught up with the day-to-day and completely forget about updates. It’s crucial that you keep your devices updated with the latest firmware as most of them contain security fixes and enhancements.
6. Implement Two-Factor Authentication
Criminals are constantly looking for new devices to compromise. There’s no surefire way to secure devices but, for the average user, two strategies massively decrease the risk: Keep devices and software up-to-date and use two-factor authentication. Both make it difficult for an attacker to compromise a device, and they’ll more than likely look for an easier target.
7. Have an Accountability Policy in Place
Every business needs a security policy detailed in writing to which all employees are held accountable. This is the best way to both prevent basic problems and identify where your weaknesses are in the event of a more elaborate attack. Password rotations should be a part of any basic policy, and so should division of information so that it’s not all accessible to any one employee.
8. Create Longer Passwords
Apple offers several options for making your device more secure, including four-character, six-character and eight-character authentication. Even though a longer password may be harder to remember, it is typically more secure, which is why I recommend all business owners use them. Do not use easy to guess passwords and always use a combination of capital and lowercase letters along with numbers.
9. Don’t Forget Proper Disposal
Being a company that specializes in IT asset disposition and data destruction services, we often consult clients about the importance of having a diligent end-of-life process. Most people don’t realize that the biggest data and security breach risks often come when organizations do not properly dispose of their devices once the organization is done using them.
10. Remember One Password With Password Management Tools
Our teams has found 1Password to be an invaluable tool to create all our passwords. With 1Password, you can store all of your important passwords in one place and you are only required to memorize one password in order to unlock all of them. This makes it extremely easy to change any password with its password generator and then store it in the vault.
11. Use Multiple Vendors
When setting up your technology stack, involve multiple vendors so you won’t become vulnerable when your single technology source becomes affected. Use multiple services within your business to avoid a single point of failure. Avoiding DDoS attacks altogether will be nearly impossible for a small business; the best strategy is to focus on reducing the risk of your technology stack.
12. Use Simple Mental Recipes
Skip passwords and build a simple password recipe for better security. Use an app like PasswordChef.co to generate easy to remember recipes that keep you safe by ensuring each site uses different but easily recalled passwords. Here’s a simple recipe, for example: [first-3-vowels-capitalized-and-reversed] + [secret-code] + [#-of-consonants] + [first-consonant]. Google becomes EOOS3cr3t-C0d33g.