Give your business a security spring clean
The changing of the seasons presents the perfect opportunity to get into good habits when it comes to keeping your business safe.
We all have our annual rituals, like changing the batteries in the office smoke alarm when we adjust the clocks for daylight savings. Just like that smoke alarm, there are digital security issues you shouldn’t let slip your mind just because they’re out of sight.
An audit of your passwords is a great place to start, especially if you’re using online accounts that are more than a few years old.
That seemingly bulletproof eight-character password you came up with a decade ago no longer makes the grade when it comes to password strength. These days you’d want at least 12 characters, avoiding dictionary words. But there’s more to password strength than just length. It’s also important to use a mix of upper and lower case letters along with numbers and symbols.
If you’re guilty of reusing passwords, now is the time to repent – it’s one of the easiest ways to get your business hacked. As soon as a list of stolen passwords is released online, opportunistic hackers try using the same credentials to access other services, leaving you exposed if you’ve reused that password.
As part of your password audit, it’s worth checking whether the services you use have experienced a security breach and recommended that users change their passwords. For particularly sensitive accounts you might opt to change your password regularly, should it fall into the hands of hackers or be caught up in an unreported security breach.
The trap with changing your passwords regularly is that it’s easier to forget them, which makes it tempting to choose a less secure password so it’s easier to remember.
Changing your password every month and cycling through “password1” to “password12” is much less secure than choosing one long, complex password and sticking with it for a while.
Auditing your passwords also presents a good opportunity to consolidate services and cull old accounts that you no longer use, as they might present an unnecessary security risk.
This is particularly important if those unused accounts are linked to other accounts you still rely on, or if they’re cloud storage or backup services that you’ve abandoned but may still contain sensitive information.
While you’re at it, it’s worth checking that your current backup service is running smoothly. Because backup systems tend to run automatically in the background, you might not realise that something is wrong until it’s too late.
It’s important to test your backups regularly, and even run through the restore process like a digital fire drill to ensure they won’t leave you in the lurch when you need them most.
As you’re assessing your passwords it’s also worth checking whether any of the services you rely on have recently added support for two-factor authentication, such as requiring a secondary code sent as a text message when you login from a new device.
It’s an extra layer of security that can help keep hackers at bay even if your password has been compromised.
Digital security isn’t a one-off set-and-forget process – it requires ongoing vigilance. Getting into good security habits reduces the risk of your business having a very bad day.