Blog

Top 10 Security Tips to Keep Your Website and Business More Secure

Security is a hot topic for any business these days, and keeping on top of everything that’s happening is mind-boggling. But it doesn’t have to be. You can improve your security a lot with just the right mindset and a few simple practices.

Top 10 Tips to Be More Secure

1) Use a Password Manager

Using a secure password manager is the first step to improving your security. It helps keep your passwords safe, and allows you more easily do the next tips in this list, like having stronger and unique passwords. Not only that, but it saves you and your employees a ton of time not having to remember and type in your password. Some popular managers you may want to check out are KeePass, LastPass, 1Password, and Dashlane.

2) Make Stronger Passwords

Once you have a good password manager, you can make much better passwords. And you should. Because lists of existing passwords obtained from major hacks in recent years are freely available online.

One way to tell if your account might be exposed is to use Have I Been Pwned. Enter your email and it will tell you if a password you’ve used before exists in some online hack database. If you have never changed your password, it means somebody knows your password right now. Stop reading this and go change it.

A good password should ideally have some lower and uppercase letters, numbers, symbols, and not use common words or any information related to you (or your family, dog, etc.)

Another strategy which is effective is to make it a sentence, like “Horses have saddles sometimes but birds are better” This sounds ridiculous and long, but it’s actually easier to remember than some crazy “84U*R@3UR(UJ” type password, and it’s actually more secure cryptographically.

Either option is certainly more secure than something like ‘password123’.

3) Change Your Passwords

Change your passwords regularly, but especially change them whenever you have staff turnover. Maybe your former employees may be 100% trustworthy, but they have little control if a virus or hacker hacks them, and now your company is exposed through them because they have your password recorded or saved somewhere. The idea here is to reduce your footprint – keep the least amount of people accessing your network, data and resources as possible at all times.

4) Never Share Your Password

It seems like a basic tip, but generally speaking you should never share the password to your account, even if you know and trust the person you’re sharing it with.

5) Don’t Just Rely on Passwords

Many services now offer “Two Factor Authentication”, which is a fancy term for using more than just a password to make sure it’s you. Often they will have an app you can download to verify your identity when you login to a sensitive service. You should use this on all services you can, but especially on any that contain sensitive information or have your credit card information saved. It’s a pain, and an extra step, yes… but you’ll be sure glad you have it if your password is ever compromised and somebody is trying to steal your account.

6) Don’t Use Phone Numbers to Recover Passwords

The exception to Tip #5 above is avoid using a phone # as your password recovery or second authentication method. The reason is that it’s surprisingly easy for a hacker to take over your phone number, as it’s been found that many phone and mobile providers have weak security in their customer service departments. There have been stories of hackers socially engineering their way in a support department to take over a phone number and use it to break into an account. Until these issues are resolved, using SMS/text password recovery or authentication is not recommended, especially if you have a high profile or control of valuable resources through your account. Use an authentication app instead, like Google Authenticator (Android / iPhone) or your vendor’s preferred app, before using a phone number.

7) Never Email Your Credit Card Info

Never, ever put your credit card information into an email to send it to somebody. It’s much more secure to provide it over the phone or via a secure online form.

8) Keep Really Sensitive Things Out of the Computer

The truth is nothing on a computer is ever 100% safe. If you really value it, keep it offline. Off your computer, off your network, and off the Internet. If it’s connected to the Internet in some way, it’s likely vulnerable to some degree. That might be very minor, but if you approach security with the assumption that everything is breakable, you’ll likely make better choices.

9) Back up your data—and verify it.

You’ve been told this a million times before. So just back up. And if you already are, make sure the backups work. The rule of Occam’s Razor applies to backups… they aren’t really backups until you restore them.

10) Hire an IT Firm

If you’re reading this list and thinking “who has time for all this &$#@!?!”, then hire it out. Hire a competent, security-minded IT firm to help you secure your network and computers, teach you best practices, and actively monitor your systems to make sure they are safe. It seems like a cost on the surface, but them stopping a major loss of data or a hack before it happens can save your entire company.