Here are some simple methods that won’t deplete your profits and apply to businesses of all sizes (1 person to 100,000 employees).
1. Encrypt your mobile devices. Laptops, tablets and cell phones are treasure chests full of goodies. We store everything on them. The days of the rolodex and the personal organizer/binder have given way to the electronic organizer. It used to be that if we misplaced or day planner we would feel lost and maybe even anxious as a lot of information was stored in that book.
All that information has migrated into the digital age and is now present on all sorts of mobile devices. Newer phones have enough processing power in them to encrypt the contents of the phone until the device’s owner enters a password to decrypt them. The encryption is part of Android and Apple IOS. It is also possible to encrypt the hard drive of your laptop in a similar manner. If you use Microsoft Windows, spend a little extra money and purchase the professional edition. It includes BitLocker, Microsoft’s utility for encrypting hard drives.
If you lose the mobile device, you are not likely to lose the encrypted information to unwanted eyes.
2. Use complex unique passwords for every account. I know, I know! I hear it all the time. I have this large number of accounts that I need to remember, how do I do it? There are number of articles out there for crafting complex passwords that are easily memorized. However, I offer that you only need to remember one or two. Use technology to help you create and remember the rest.
Use password managers such as Sticky Password, LastPass, KeePass, etc. Each offers certain capabilities that should fit with your business model. Check out http://lifehacker.com/5529133/five-best-password-managers for a review of some popular ones.
For the one or two passwords you need to remember, create passwords that really have nothing to do with you. One of the first things an attacker will do is profile their target. Anything on the Internet about you can be used against you to build a list of words. So when you choose a password, don’t use your favorite team, vacation place, family member names, etc. For example choose three or four letter character unique nouns that are some related, but not directly. Maybe you have three foods you don’t like, lasagna, buffalo wings, and prunes. These three items make an excellent password as it is something you are not likely to write to the world about. So let’s make a password out of it….
or plainly buffalo prune lasagna. (sounds nasty!) But it is a set of words that when in plane text don’t make sense and if you apply some character substitution to them it becomes a long (in this case 19 character) complex password. Come up with a consistent method in changing the letters. In this example I:
Choose a similar way to develop your own password and apply your own password style and use that password to control access to your password manager. Then let the password manager create complex random passwords for everything else.
These are just two quick examples of KISS that improve information security and don’t require a lot of cash. I will write more examples in later posts.
by Peter Lipa, Regional Director for the Americas for Sticky Password
Talking with small business owners, all too often I find that they have an authoritarianmentality in regards to their customers, as in: “the more customer data I have, the greater control I have over them!” This is particularly true of online businesses, where customers (and their money) are hidden behind the virtual invisibility of the Internet. (I intentionally do not use the word anonymous, because the Internet is anything but anonymous!) The thinking being that more data/information will hopefully translate to more opportunities to monetize all those contacts.
If you really do need passwords to restrict access to your website, then make sure you require customers to follow best practices in creating their passwords.
Implement an automated password system that: