When I ask for the reasons, I most often hear a lack of information, an insecurity of dealing with the technologies and a general overwhelm with this topic. Security is perceived as a demanding taskmaster, as hackers and attackers today often come across as industrious, always coming up with new and better ways to infiltrate networks and computers. What can be done? A lot. There are a lot of really, really good steps that can be taken. Even though there is no 100% security ever in life – each step you take is better than not doing anything at all.
A good Security Strategy for Small Business Owners
The best thing you could do for your business is to implement some security basics right from the beginning.
There are four building blocks of security that one needs to be aware of.
I am an advocate of making backups, and I have several good reasons to recommend that to others. I cannot imagine that anyone longs for the stress that occurs when a computer dies.
“When you know you are capable of dealing with whatever comes, you have the only security the world has to offer.”
— Harry Browne
Basically, there are two areas you need to apply a backup routine to:
1) Your Computer I recommend you invest a few dollars for at least one external hard drive, but two are better. External storage disks aren’t that expensive, for less than 100 dollars, you can get a good quality product with 1-2 TerraByte of disk space where you can save your backups.
Why do I recommend two hard drives? I found it a good strategy to do backups in a weekly rhythm as well as in a monthly rhythm. If one of the external hard drives dies, there’s at least one other drive with backups of your computer’s hard drive still available. Indeed, a hardware failure of our backup devices needs to also be incorporated into the overall backup strategy.
2) Your Website As an online entrepreneur, your website is the central spot of your business. It would be an act of carelessness to not consider backing up the site, as there are many ways imaginable that could cause the sudden loss of your website data. Developing the habit of backing up your website is a way to manage your risks, and is also a very healthy attitude for every entrepreneurs.
If you run an online business, it is important to secure your website. There’s a difference between making backup and taking security precautions, even though both serve the same purpose. As an online business, your website is where your business takes place. Making sure it is protected against common threats is self-evident, and a precondition that your business is seen as trustworthy.
I know that many entrepreneurs understand the urgency behind this topic, yet they lack the knowledge of how to implement basic security features into their websites. How to apply security to a website does very much depend on the website platform.
WordPress is today the most dominant website platform, and because of its flexibility and wide functionality, very popular among entrepreneurs. Because of this dominance, I’ll put my focus on making your WordPress installation more secure.
WordPress has had a long history of security breaches, but it is fair to say that the developers of WordPress learned something from it: the software today is much safer than it has been in the last years. If you want to read some experiences I’ve had with WordPress and malicious attacks, you can read this blogposts, and the follow up, where I am applying a strategy that finally helped.
As some first handy steps, I am going to name those procedures that every user, even the least tech-inclined, can apply. I call it the FIRST SECURITY LAYER. The level of difficulty appears to be moderate. You should be able to install a plugin, be knowledgeable about the basic menu structure in WordPress and do some basic configurations.
- Delete the default admin user from the system
- Make sure you have a good, solid password
- Update the WordPress security keys
- Secure your login screen
- Monitor your WordPress site with a good security plugin for intrusions and other suspicious activity
What I call the SECOND SECURITY LAYER targets a set of maintenance procedures: actions that need to be taken with a certain regularity. I encourage every WordPress website owner to develop a sense of importance for this matter and commit to applying these tasks to keep up your sites’ protection.
- Always keep your WordPress software up-to-date
- Always keep your theme up-to-date
- Always keep your plugins up-to-date
- Remove or rename the readme.html from your WordPress installation directory
- Rename your WordPress tables prefix
- Set file permissions
Storing all our computer data in the cloud sounds enticing, but is it really a good idea?
Storing data in the cloud is an incredibly convenient thing, and has been the catalyst for the rise of many useful web services in the last years. It has changed the way we work, as being able to access the locations of documents and files has allowed us to adapt new working routines and even new lifestyles. Productivity gains is one major factor that makes the use of online data storage so beneficial.
However, as with everything, there is a downside to it.
As convenient as it may be, we should keep up a healthy awareness as to how much we want to give away our control to cloud storage services. Discernment and consideration of the vendors’ policies should be integrated in our decision process on which tool to use for which purpose.
Services like Dropbox are convenient and easy to use, and play a crucial part in the streamlining and automation process of a business. However, using these cloud storages for extensive private and business data storage should be considered twice. Moving all of your data into the cloud just because your computer’s hard drive is running out of space isn’t the most considerate action.
As a rule of thumb, I suggest you to think about which documents and files would really hurt you personally or your business if they were suddenly publicly exposed.
Everything like contracts, password lists, internal calculations or similar files shouldn’t be stored in places that lack security barriers.
“People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems”
— Bruce Schreier
Every web service you use requires you to identify yourself with at least an email and password combination. As some of these web applications hold sensitive and confidential information about your business, your business structure or even some financial details, you are of course interested in them being secured. You want and need safe passwords to protect your business.
The one thing you don’t want to do is to use some of the most common passwords, like
- qwerty or qwertz
- your name
- default, or
Maybe you don’t want to hear or know it, but did you know that research in the last 40 years has shown that around 40% of user-chosen passwords are readily guessable by programs? Don’t be stupid when it comes to choosing and disclosing usernames and passwords!
of user-chosen passwords are readily guessable by programs
How do you deal with that?
Do you have a clipboard with a dozen pages of all your passwords? Do you manage to remember them all or are you looking for an elegant strategy to get along with all your passwords?
How do you create passwords that you can actually remember and that are solid and safe and don’t put your business at risk? I have described a very good technique in this article. Adopting it puts you into the position of always having a different but highly secure password that is easy to remember but hard to guess.
That is a win-win-win-win!
Over To You
I have outlined the 4 building blocks that make up a decent security strategy for your business, but also apply to keep your personal data safe and sound. I know it’s sometimes challenging to change behavioral patterns that ignored security issues. But it’s possible and I would always recommend to implement at least the basics, because you don’t know what you don’t know!
If you want to go deeper and learn more detailed how to apply security to your data and website, you can get my eBook Digital Security Basics in which I discuss the steps you can take more detailed. I am also pointing out tools and techniques for each building block.
However, if you don’t want to go deeper but have understood the necessity of implementing a basic security setup, you can still ask someone for help. You can subscribe to a maintenance service for your WordPress website that takes care of updating all the bits and pieces of the site, checks for broken links and creates backups of the site. Or, alternatively, you can ask someone to implement a backup strategy for your website and data, so should your website get hacked or your computer dies you always have something available to make a restore from.