This article is for all employers using Justworks.
Data breaches are all over the news, but what does it mean for small businesses? Use these five security tips to help keep yourself and your company protected.
Security is a critical aspect of running any business. This applies to the physical security of your office and your team, which creates a safe work environment. It also applies to digital security, and the protection of the technologies we utilize in our day-to-day jobs.
5 Basic Security Tips for Businesses
While data security can feel completely outside of your comfort zone, there are things you can do (short of hiring a security expert). As a business owner, performing basic security hygiene can help keep yourself, your business, and your employees safe. Here are five tips to get you started.
1) Enforce Two-Factor Authentication (2FA)
Enforce 2FA on all your accounts related to your business as a company policy, especially those for banking and other sensitive transactions. This significantly increases the level of difficulty for attackers looking to compromise an account, even if they have somehow stolen the password to the account.
2FA directory is a great resource that lists services supporting 2FA. It’s a good idea to consider an authenticator app such as Google Authenticator as your primary authentication factor. It’s also best to add a backup MFA method like text or voice, just in case. You can also encourage employees to use 2FA on their personal accounts that aren’t related to the business as an individual precaution.
2) Enforce the Use of Strong, Unique Passwords
For company and business-related logins, enforce a policy that your employees utilize strong, unique passwords for logins. The unique part is especially important. Why? Because people often reuse passwords across platforms, and attackers will attempt to use emails and reused passwords across platforms to break into other accounts. If you or your employees become compromised, your business accounts may also be at risk.
It’s also a good idea to use a password manager. Some examples are 1Password and Dashlane. These applications help create unique and strong passwords that the system saves, so you don’t have to remember each one.
Based on the above, do you feel confident that the passwords you currently have in place are strong enough? If not, change them right away. It’s a great first step toward protecting your accounts.
3) Be Aware of Social Engineering Attacks via Email & Text
Social engineering attacks can target you or your employees through email or sms. A common ruse is a message claiming one of your online accounts is suspended to get you to handover your login information. Also, watch out for spoofed emails pretending to be from someone at your company or others you know. Please read the Phishing, Smishing, and Boss Scams article for more information.
4) Educate Your Team
Providing security awareness education for all your employees cannot be overstated. Make your team aware of all the above information, especially around phishing in emails. Scrutinizing an email before clicking any links or attachments is an important precaution everyone can take.
Hover your cursor over hyperlinks included in emails you receive to view the actual URL. Ensure the URL is actually related to or associated with the company whose website you are trying to visit. Refrain from supplying login credentials or personally identifying information in response to any email.
When it comes to AI-based tools your employees might be using, getting visibility is the first step in mitigating the security risks.. Once you know how employees are actually using ChatGPT, you can begin to find new ways to support and educate them.
5) Update & Sunset Outdated Tech
Security flaws in applications, systems, and devices can be exploited by hackers. Applying security patches ensures you’re keeping up with the security updates released to address discovered flaws. End-of-life technologies typically don’t get updated and, as such, use of these technologies should be discontinued. If you aren’t sure whether a certain technology is end-of-life, checking the websites for each product is a good place to start.
Installing antivirus and antimalware protection is also an important step toward protecting your company. If you need additional help, there are many IT consultants and support services that can assist.
Disclaimer
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, legal or tax advice. If you have any legal or tax questions regarding this content or related issues, then you should consult with your professional legal or tax advisor.