I’m just going to talk some basic account security for small business (and personal accounts).
- Use 2-factor authentication for all of your accounts. Email, Facebook, Instagram, bank accounts, scheduling and payment services, and whatever other accounts that offer that feature.
- Consider getting an authentication app instead of using your phone number. (I don’t like to associate my phone number with any online account… and SIM card hacking is a thing that you should know about.)
- Never use a duplicate password.
- Maintain your passwords using a password manager. I recommend these LifeHacker and CNet articles to help you choose. Some apps have a “generate password” feature. This is really nice because you don’t even have to think up a password or remember it. It will randomly generate a secure password for you and store it for that account.
Why data breaches are concerning
All these news reports about data breaches of innocuous services (like MyFitnessPal) are not as harmless as they seem at first glance. People joke, “Whatever, they have my calorie data, who cares?”
But NO, they have your email address, too… and a password that you used to login to that account. They can now try and use this information to hack into any account that you have used that same email and password to create an account. That’s why we don’t use duplicate passwords!
And once they have your email address… they can target you and send all kinds of Nigerian Prince-type scams. These scams often include clickable links that are designed to gain access to your email or other accounts associated with that email address. Don’t scoff or think you won’t be fooled by a scammer. You might not fall for a “Nigerian Prince,” but phishing attempts are getting way more sophisticated. It’s called social engineering. Scammers can target you or your company individually. They can craft an email that looks and sounds like it’s coming from a customer or even someone within your company. Using human fallibility to gain access to an account is usually much easier than trying to guess a password. There’s a great podcast that delves deep into this subject, called Hacking Humans.
Be aware of the services that you use & how the data they store could be used against you
Yes, most services that you use have your email address. That’s actually a pretty valuable piece of information about you. If a hacker is trying to gain access to your account, they’ll try your email and easy-to-guess passwords like “Password123” and other phrases with full words and easy number sequences. And that’s why the first step in account security for small business is to use a secure password.
What else should you worry about?
Well, the fitness tracker company, Strava released their heat maps, and inadvertently revealed the location of secret military bases all over the world. That’s a national security concern, and it’s a personal security concern for you.
- Take an inventory of all the fitness tracking apps that you use.
- If you share your running/exercise routes on social media or on those apps, stop sharing it, and make that information private.
- Take a second and consider the pros and cons of using these apps. Do you feel comfortable continuing to use these apps, given the risks?
As for trying to avoid getting caught in a hack like MyFitnessPal, that’s tough. You could stop doing business with services that don’t ensure adequate data security. But really, how can you know if they’re handling your data well until they get hacked? Unfortunately, most tech companies start off with the bare minimum security precautions and only amp up their security once there’s been a breach. I suggest that you use an email masking service for websites that you are trying out or you don’t quite trust.
Ok, so those are the bare basics on account security for small business. Go back and complete the previous steps to make sure that the information you thought was safe and private, such as your passwords and bank accounts… is actually safe and stays private.