Xero Lead Security Architect, Aaron McKeown, recently shared several of his tips to help small business owners stay safe online.
Ahead of his workshop at computer security conference, Black Hat, where he detailed some practical techniques small business owners can deploy to protect themselves against data breaches, here are a few of his top tips.
Use multi-factor authentication
Requiring a username and password to log in to any kind of system related to the business is like having a lock and key for your front door. Enabling multi-factor authentication is the deadbolt on top of this standard lock and key. McKeown says using multi-factor authentication protects both your organization and your customers too.
“Multi-factor authentication adds an additional layer of protection to customers logging in to your systems,” McKeown says. “Businesses should use it on every system that they possibly can.”
Basically it means that a malicious attacker would not have immediate access to your business’ information if they gained access to your passwords.
It’s really simple to enable multi-factor authentication. Say for example your employees access work email from their phone, by installing the Google Authenticator app, their phone’s security is enhanced as it provides a token by text message or phone call. Xero features the ability to set up two-step authentication for all users, adding a layer of security to all Xero accounts and protecting them from being compromised by phishing and malware.
Be aware of the location of your assets
Keeping track of your business’ non-physical assets is just as important as maintaining visibility of your physical assets. Being aware of where your customer names, phone numbers or your organization’s strategy are stored is integral to the health of your business’ security, says McKeown.
“It’s about knowing where your information is and where it’s going into your organization and where’s it coming out,” McKeown says. “Ask yourself, ‘is there a way it is leaking out of my organization?’.”
Think about who has access to your systems that no longers needs it. Former employees or even customers may fall into this category. By asking yourself important questions like these, you move closer towards eliminating your business’ digital vulnerability.
Have good computer hygiene
Having good computer hygiene doesn’t mean giving your laptop a good scrub. McKeown says the large part of the problem with the online security of small businesses can be attributed to poor computer hygiene; this means making sure your computer is up-to-date on every level.
“Having good computer hygiene means protecting every layer of the organization and installing multiple gates and layers of defense,” McKeown says. “Small businesses have got information on all of their devices, this is why they need to protect every layer.”
There are many simple steps you can take to apply this strategy within your organization. Use good, up-to-date anti-virus software. Ensure you and your employees aren’t using the same password for every login.
Moving from desktop software to cloud technology means you are leveraging teams of security experts who are constantly working to harden the ecosystem, ship updates and evolve best practices.
You can read the full article over on Inc.