Yep I agree with you.
Security is complex, boring and doesn’t directly add to revenue. However it does become extremely important and relevant right after your business has been “hacked”.
Now you wouldn’t leave the front door of your business premises unlocked when no one is there would you? Its kinda natural that you lock the door and turn on the alarm when you leave the office right?
Would you leave your business chequebook lying around on a cafe table while you went to order your coffee or go to the loo?
Of course not! Thats stupid!
Right – so you have all these security practices already locked in your subconscious so now you need to extend that security mentality to the online world and make online security second nature.
Imagine your website has a front door to the main city road. Imagine that you leave that front door open when you leave the office.
Does that seem unnatural to do something like that? Especially that within the online world the cities “main road” is in fact the Internet with millions and millions and millions of people walking around and of those millions walking around there are thousands and thousands and bloody thousands of burglars checking every front and back door of every office in the entire Internet.
When your business systems such as your website, online CMS are hacked you are potentially exposing your customers data to criminals. Its like walking to the front door of your office and finding the front door wide open and all your customers private files taken or thrown out onto the main city road for anyone to pick up and read.
As a business owner you need to take responsibility to protect your customers data – if you don’t care enough about security then thats your issue but your customers will and will not be happy when they find out that you don’t even have virus protection on your office computers or you don’t bother to “lock the front door”.
I am a big fan of NetSafe which provides masses of good information for Kiwis to read and learn about cyber security – not only business but your personal use as well. I located this article on their site titled “One billion reasons why you DO need anti-virus software” and was startled to learn that there are still people out there who do not use virus protection!
If I found out one of my suppliers did not even have the very basics like virus protection on the their office computers they would find their contract with us instantly terminated. No if’s, maybe’s or “gee its not that important” statements would give them a second chance.
10 Basic Security Tasks You should be doing
Here are some of the absolute basics you as a business owner must be doing to protect your customers data.
1) All office computers and your own personal computers must have virus protection and an automatic update schedule in place – I cannot even believe I am still having to recommend that!
2) All your web browsers must be up-to-date – NO IE6!!! Do not install any extra tool bars unless they are well known and trusted and you need them as part of your business tasks.
3) Use strong passwords and have a different password for each system you have an account on. This is vital – imagine the damage a hacker can do if you use one password for all your business systems as well as your social media profiles!
4) Do not open any attachments unless you have expected the attachment and know the sender.
5) Use strong passwords – use this free tool to generate passwords for you – http://strongpasswordgenerator.com then use a password manager so you don’t have to remember them.
6) Backup – every night and keep a weeks worth of backups.
7) Implement a basic disaster plan.
8) If someone from “Microsoft” or anywhere rings you or your staff to state you have a virus then put the phone down. Its a scam.
9) Use professionals when dealing with your systems maintenance, security etc… do not use your mates 16 year-old kid because its cheaper – thats really dumb.
10) Trust no one – if you give system access to third parties then make sure they have an access account solely for them – do not give them the “god” account details. Then when they have finished de-activate the account.
This is the very basics so I hope you have enough respect for your customers to make sure you implement the above at the very least.