The malware known as Gooligan took the world by storm when it hijacked over a million Google Play accounts. Of course, businesses with strong IT security weren’t affected… giving more reason than ever to businesses everywhere to strengthen their own IT security policies.
The funny thing is, when many businesses hear about major threats like this, they may think about strengthening their IT security for a moment. However, the thought often passes and they then return to their normal work schedules, without having changed anything. What’s scary though is 43% of cybercrime targets small business – and the reason is that small businesses are the least likely to use a strong IT security policy!
Have you done any of the following?
Allowed a visitor to connect to your business WiFi
- This not only leaves your business network open to attacks from any malware your visitor may accidentally access, but your visitor may actually be socially engineering you to gain access to your business network!
- A better policy is to set up a separate isolated guest network for visitors and employees to use for personal accounts that are non-work related. Additionally, you may want to have a separate VPN for work related activities and allow visitors and employees to use the regular network for non-work related personal access.
Haven’t set up a disaster recovery plan
- This is definitely a big no-no! Hacking, malware, fire, floods, power outages – the list of potential disasters goes on and on, and you need a plan for each of them.
- If you can’t afford fulltime IT staff to set up a disaster recovery plan, try getting a one time audit for suggestions on what to do.
- At the least you should have both online and offline encrypted backups of all your data made at regular intervals, an uninterruptible power supply that can support your network for several hours in the event of a power outage, and an off site server (like cloud hosting) ready in case your on site servers meet with a disaster.
Use weak passwords
- Using a password many months or even years old, using a password easy to guess, or using the same password on multiple sites is just asking for your accounts to be hacked.
- You should always change your passwords at regular intervals of at least every 3-6 months, use a different password on every website, and use passwords that utilize a combination of capital letters, lowercase letters, numbers, and symbols to make them harder for a hacker to figure out.
- One of the easiest ways to manage your passwords is to use a password manager like Lastpass or Bitwarden, which can create unique passwords for every site and store them for you so that they’re ready to use every time you visit a new site, eliminating the need for you to remember them yourself.
- You can also utilise single sign-on when it is offered on websites, which involves signing in to multiple sites using your email provider’s login credentials.