Four simple steps to implement security in your business
Solid security measures for your business are critical for privacy protection, data protection, business continuity, financial security, and defense from cyber threats. Here are four simple steps to implement security processes in your business.
Kellie Parks is the founder of Calmwaters Cloud Accounting Resources. She crafts processes and automation for future-thinking accounting professionals and business owners who believe in the mightiness of online technology. Certified, partnered, or affiliated with over a dozen cloud applications, she’s also a proud member of the Intuit International Trainer Writer Network and the FreshBooks Partner Council.
Step 1: Implement login best practices.
Here are a few password best practices.
- Use a string of upper and lower case letters, numbers, and special characters.
- Do not use words such as your pet’s name, your family member’s name, your address or your favorite food!
- Regularly update your passwords.
- Don’t reuse, recycle, or share your passwords.
Generating and remembering strong passwords is tough. Spreadsheets, sticky notes, and resetting passwords when you can’t remember them is messy, time-consuming, and confusing.
A password manager app can alleviate most of your password pain. It does take time and effort to set one up, but once it is up and running, you will wonder how you ever lived without it. One of the keys to setting up a password manager app and using it successfully is to make sure you add it to all of your devices. If you do this step first, you will have a much higher implementation and usage rate.
Most password apps are solid, so don’t overthink which one to set up. One thing to consider is how well it can be used across multiple people. Many apps are built for teams and have built-in user permission levels.
“A password manager app can alleviate most of your password pain.”
Another very simple security measure is to enable multi-factor authentication (MFA) on your cloud applications. Multifactor (sometimes called “2 factor”) authentication adds a second layer of login protection. When signing into cloud programs, a code is sent via text or email or accessed using an authenticator app on a mobile device.
An authenticator app is more secure since you need to retrieve the code; it can not be intercepted when it is being sent. However, sharing MFA codes using an app can be challenging across teams, so setting them up to be sent to a text number or email address that everyone has access to may be easier than using an authenticator app.
Some programs give you the option of security words as well. These are another great way of providing an extra layer of friction to keep the bad people out.
Step 2: Back up your business data.
Backing up your data is an important part of a security plan.
- Computers can fail or be stolen.
- Applications can be hacked, go down, or go out of business.
- Data can be deleted or changed by humans and/or by apps.
- There can be natural disasters.
By having two or three-location data redundancy, you will ensure your business can continue to run smoothly in the event of an unfortunate incident.
Data location redundancy does not include backing up your computer to a hard drive that sits in the exact physical location as your computer, and it does not include backing up cloud applications using back-ups native to the application!
Imagine using Google backups to back up your Google Workspace, and then you are locked out of your Google account. Or using Intuit’s native QuickBooks Online backup program to back up your financial data housed in QBO, and then you are locked out of your QBO file.
“By having two or three-location data redundancy, you will ensure your business can continue to run smoothly in the event of an unfortunate incident.”
There are many cloud-based programs and protocols to ensure your data is stored across multiple platforms. Invest in ones that allow you to secure backups in a few locations and seamlessly re-install data into your applications or back onto your device.
Step 3: Practice simple computer security.
There are a few very quick-to-implement rules you can establish in your business to negate computer hacking.
Turn computers off at night so that no one can access them remotely. Hackers love to attack computers when there will be stretches of their activity going undetected. Evenings and weekends (especially long weekends) are their favorite times to break into systems. You can actually set up schedules to have your computers turn off automatically at night, ensuring you won’t forget to do it.
- Turning your computer off at night has a few other benefits:
- You gain energy savings.
- It improves the wellness of computers; their cooling systems get a break, and their systems get a reboot to install updates and system optimizations.
- Make sure you have unique PINS for each of your devices, including mobile devices, laptops, tablets, and desktops. Enabling a PIN or password to open your computer is a quick way to make it harder for others to open your devices and access information on them.
- Set up proper malware on your computers. Many services offer this, often when you purchase your computers. Make sure you keep it up to date, which is often available through subscriptions.
Step 4: Set up a passphrase for your business.
Not only can Artificial Intelligence now generate a voice clip with only 3 seconds of a recording, but scammers have also gotten very good at cloning email addresses to make them look legitimate. Protect your business (and personal life) by setting up a passphrase.
A passphrase is a few words that key decision-makers or those with banking/credit card access in your organization should know. They can ask for the phrase before they commit to unusual requests. If a call or email comes in asking to perform a duty, move money, or make usual purchases, requiring a passphrase is a way of weeding out nefarious characters.
Your passphrase doesn’t need to be as complicated as a password, but just like login passwords, it shouldn’t contain easily identifiable words.
“Your security is only as good as your weakest link, whether it is you or a team member following the procedures, so make sure the guidelines are clear and the implementation is followed through!”
Summary
Setting and implementing these simple security measures in your business is a great start to securing your data and your private information and ensuring you can keep your business running smoothly even in the event of an incident.
Make sure you document your policies and share them with your team to create conformance in your security practices. Your security is only as good as your weakest link, whether it is you or a team member following the procedures, so make sure the guidelines are clear and the implementation is followed through!