How comfortable are you with your small business’ online security?

We already know that a large portion of cyber attacks reportedly target small businesses. SCORE put out a useful summary report earlier this year and this article by People Driven Solutions gives a good overview.

CURRENT STANDARDS

What should we do about it? Most of my clients follow these basics standards:

1. Keep software up to date with the latest versions and patches
2. Use available built-in or third party security software including two factor authentication
3. Use separate randomly generated passwords for each account or web site
4. Use a secure password manager
5. Use a secure portal for sensitive data
6. Use secure email (not using encrypted mail)
7. Include an up-to-date Security Policy and Privacy Policy on all web sites and in all client engagement agreements

I’ve covered these topics for small businesses in prior blog posts. This index of security posts lists 18 of these topics. Some are dated but still relevant today.

FUTURE

Now I’m revisiting the topic of online security for small businesses¹ and will consider expanding security with several new standards:

1. Use a VPN for internet access
2. Turn on random hardware location tracking features
3. Use DuckDuckGo for web searches
4. Use a secure messaging service
5. Expand use of virtual currency

I’m learning and testing options in each of these areas for my own businesses. More to follow!

¹ The recent release of the book “The Drowning of Money Island” immediately raised some increased online attention to my controversial environmental justice activities. The author candidly discusses my other offline security issues including the possibility of an arson attack or another physical attack.