I saw a post today on a Facebook group for entrepreneurs that said that you should take some precautions around internet security to protect and personal information you hold and to be compliant with GDPR.
The list included things like password protecting devices, locking your machine when away from your computer, encrypting backups and disks. All (mostly) good stuff.
But while the list was a great list of technological things that you can do, it ignored the human factors of security. You are way more likely to be tricked into giving access to something than to be hacked. See, for example, the fun game that I came up with.
So here’s a list things that you can do/not do to protect yourself that involve behaviour rather than technology:
- Don’t visit dodgy looking websites.
- Don’t click links or buttons in unsolicited emails.
- Don’t give out any security information over the phone to anyone that has called you: e.g. if your bank calls you and wants to do a security check, get a number, check it’s really a number associated with your bank, and then call them back.
- Don’t share passwords or login details with other people, and if you really have to, do it in a secure way
- Look for the HTTPS / 🔒 Secure symbol in your web browser when entering information and ensure you’re sending it to people that you trust
As business owners, you actually have a higher level of responsibility than most people, so I’d also encourage you to:
- Enable 2-factor authentication/verification on critical services; cloud storage, Facebook, your email, domain names and hosting in particular. This is the kind of thing that sends a code to your phone to get you logged in. It feels like a pain, but compared to the pain of cleaning up a data breach it’s nothing.
- Use unique, long, complex passwords, or “passphrases” (see this slightly technical explanation of passphrases, or just use a generator!) . Re-using passwords could get you into trouble because if your username and password is leaked from one service, it can be used to log into another.
- And look into getting a password manager to help you create and remember many, complex passwords that you might have. Some (Like KeePass) are free, but hard to set up and use. Others (like 1Password) cost a small amount, but are worth every penny. I’ve made a short video showing you how a password manager actually makes your life easier anyway!
Remember that if a hacker gets access to your email, hosting domain or social media, that MAY be a gateway to logging in to other things. Password resets are often sent to your email address, and you may use Facebook as a login for other services. So you need to take particular care to secure those kinds of services.
Take care out there people!