2016 saw a huge rise in online hacking and attacks, with one of the most poignant being the large scale DDoS (Distributed Denial of Service) attack on internet directory service Dyn Inc. This attack did not only affect the company itself, but the customers they had too – including the likes of Twitter, Spotify, eBay and Amazon to name but a few. There have also been several Twitter hacks on companies such as Netflix and Square Enix by small scale hacker groups.
But what does this mean for you and your business? While online attacks are increasing in number, the attacks themselves remain mostly harmless and are more a show of power than anything else. They also tend to happen to larger more known businesses. However, to be safe, there are a few things you can do to protect your business from these online attacks.
Use A Server or Two
Dedicated and VPS servers are a great way to not only backup all of your business data, they’re also a fantastic way to always be online. If you’re a business that handles all sorts of customer data then you really should have a server for your business. If you don’t have a server, there are many benefits to having one; no matter how big or small your business is. Dedicated servers are stored in massive data centres that are protected with high end security from the inside out. VPS (Virtual Private Servers) are still physical machines in data centres, but you share them with other people. Dedicated servers are suggested for business use, but if you don’t have much data to store a VPS may be more beneficial.
In the rare event that one server goes down, they’re able to keep you and your data safe as it’s stored on more than one machine. So, if your business website becomes compromised, and you are using a server to host it, you have the ability to keep that website up and running whilst the issue is fixed quickly by your server provider. They’re on hand 24/7 to make sure that your data is safe and are more than happy to help if you have any issues or questions.
Lock Down Those Emails
Another benefit of having a server of your own is that you can then store and host your emails on it too, keeping your emails safe and protected (and backed up in the cloud). If, however, you do not have a server or do not want one there are other things you can do to protect your emails. Firstly you need to make sure that you are the only person who knows the password to your account, having others in knowledge of your password can be dangerous as browsers have the ability to locally save passwords. This gives potential hackers the ability to gain access without even needing your password, as they only need to access your internet via WiFi.
Make sure that your WiFi has a secure password, do not give out the password to anyone and have it written down somewhere safe (you can use apps like Evernote for safe note keeping). Also be sure to ignore and delete all spam emails, some people can be caught out and this can put your email account in danger. Here is an article by PayPal on how to spot fake emails, it’s extremely helpful and gives great advice on what to look out for.
Use Password Managers
Carrying on from the above, another way to secure your business is to secure all of your business passwords. For many businesses, there are hundreds to remember and they aren’t always safely stored. Many will simply use a spreadsheet so that everyone can get to it, which is extremely unsafe. I would urge you to use a password manager such as 1Password as they mean you only have to remember one password (to get into the app) and you can then access every other password. You can also use this with employees if needed as you have the ability to share or hide specific passwords with them.
It may sound very simple, but the one thing most hackers need to get to your business is a password or two. Securing them all in one place makes it much harder for them to get to you and your business. Also make sure that all of your passwords are different and not easy to guess, many businesses are compromised due to the password being the same for all business accounts. You can use a password generator like this one from LastPass to create really secure passwords.
Log All Connected Devices
Do you know who is connected to your business accounts? Do you know what devices are connected? Out of convenience many devices will remain connected to an account until it is signed out, so you need to make sure that you and others using the accounts are signing out every time you are finished with them. Many browsers, as I said before, can save passwords locally which means anyone who can access that device can access your accounts.
For example, an employee may use a login at home to do something quick and stay signed in. Anyone can then access that account if they can access to the device or the internet. Alternatively, you could let an employee go, but they may still have passwords to your accounts saved. Using unique passwords with a generator can help with that (as they’re not easy to remember), but you need to make sure that only the devices in your office are the only devices connected to any and all of your business accounts.
Limit Access To Employees
You may be very pally with your co-workers, you may even trust them with your life; but they cannot stop an online attack should one happen on their device or using one of their accounts. It may sound harsh or cruel, but only give access to employees where it is necessary. In all other cases you need to login yourself or, if possible, give them their own account with limited access. Some employees may go rogue, but many are simply doing their job. Because an online attack can happen to anyone, you have to limit liability of that person by revoking access.
Many and most services will allow you go add employee accounts with their own login credentials, but only do this if you absolutely need to and make sure that they do not then have access to any important data or details.