Three Rookie Mistakes That Can Expose Your Small Business to Cybercrime

Technology has helped many people find a sense of freedom through entrepreneurship. If it weren’t for the technological advances of the past two decades, many people wouldn’t be able to work on their own to create a flourishing business. Hence, cybercrime.

However, while technology has created a pathway for many people to find success, it has also created many new hurdles that business owners need to tackle. Unfortunately, unless you have an education in computer sciences or computer engineering, there’s a chance you’re not entirely aware of all the potential dangers that come with even moderate technology use.

Cybercrime is a constant, ever-growing concern for many business owners and entrepreneurs, but how can you do your best to prevent your new business from being exposed to threats? What are some common mistakes that business owners make early on that could be prevented with preparation? The safety of your business and data should be a top priority, so here are three rookie mistakes that you can avoid to prevent exposing your business to cybercrime.

1. Encrypt Websites and External Devices

Encryption is the process of converting digital information (or data) into a code in order to prevent unauthorized access. Typically, all encryption requires from a user is a password, and then anyone with access can view the data. There are many different forms of technology that can utilize encryption — from encrypted emails or attachments to encrypted domain hosts and websites.

Encryption is luckily fairly easy to get. There are many different free and paid reputable programs that can encrypt information for you, and even Google Drive programs (such as Sheets and Docs) can restrict access so that outside users can’t view or edit your information.

Encrypting Websites

If you have a website — as almost every small business should — then you can typically request encryption or purchase additional security certification from your domain host to increase the security of data on your site.

If you’re operating an e-commerce store, then encryption is especially vital, as customers will be less likely to use your online payment portal if it is not hosted on a secured (encrypted) website. Purchasing SSL certificate services means you’ve created an “encryption in transit” between your site server and the customer’s bank for any purchases made through your site. That way if any information is intercepted, it cannot be read without granted access or a password. You might also consider additional website encryption with HTTPS or HSTS, although it’s important to recognize that SSL, HTTPS, and HSTS can still have vulnerabilities.

Encrypting Devices

However, encryption is important for more than just website security — it can also be vital for any devices that you or your employees use for business purposes. Anything from computers to external hard drives should be encrypted, as any business information on those devices could easily be stolen by thieves or hackers. The more crucial the information is to your business, the more you should invest in encryption and security.

Additionally, backup systems (such as cloud storage or data recovery) can always help in a pinch if you are the victim of theft or lose access to your information.

2. Train Employees to Prevent a Knowledge Gap

Another common issue you may face as a business leader is the knowledge gap in cybersecurity. Unfortunately, not everyone has the technological know-how that you may have, and not everyone is going to be as eager as you are to ensure the safety of your business and information.

Defining the Knowledge Gap

Multiple studies have shown that this knowledge gap is one of the biggest threats to modern businesses: without everyone being on the same page, there are simply too many vulnerabilities exposing your data. Many employees may be completely unaware of when a breach has happened, or even how to avoid exposing your business to threats. It’s not an intentional thing they are doing — it’s just a lack of common knowledge around cybersecurity.

However, a 2016 Devry University study also found that: “44% of hiring managers indicate that employees aren’t keeping up with the skills needed to utilize evolving technology, and only 15% agree that employees actively seek out available training.”

Luckily, there is an easy remedy to help close the knowledge gap: continued education and constant communication.

Training and Best Practices

Since technology is constantly changing, it’s important for employees to keep up with all the changes and stay on top of best practices. In turn, it is up to you to communicate those best practices and notify employees of important security updates or changes.

You can even create courses or utilize training programs that further explain some of the most essential cybersecurity updates, why your best practices matter to employees and the business, and how employees can modify their work schedules or behaviors to ensure cybersecurity is always on their mind.

Finally, as important as education may be, it’s also important for employees to take your concerns seriously. If you find an employee is aware of security procedures but still doesn’t take them to heart, then it could be time to let that employee go. It’s important to be firm in your expectations and even more firm on the potential consequences. Even if they helped you open the business from day one, you don’t want to fall into the trap of retaining risky employees.

3. Improving Password Strength and Diversity

Finally, the most common mistake that many people — not just business owners — make in terms of cybersecurity is not using complex or diverse passwords online. It’s far too common for people to only use one password with a couple variation, or to use simple passwords such as “password123!” — a Fortune list from 2017 shows that “password” and “123456” are the two most common variations.

Password Management

Unfortunately, this is far too easy for hackers to figure out, and with all the important data that is tied in with your business, using a poor password is simply too great of a risk. Instead, you should create a password that utilizes best practices — as famous internet comic “xkcd” puts it, four simple but random words can often provide the best protection and be the easiest to remember.

However, you should also take it a step further, and ensure that every online account you have — from email to payroll service — utilizes a different password. If you have to, you can use password manager services like My Glue, 1Password, or True Key to help you remember your passwords and find the most secure options.

You can also use these services to remind you when you need to change your password: about once every 30-180 days, although some experts argue that changing your password doesn’t always increase security.

Additional Password Tips

However, one thing you should always do is immediately change passwords for systems whenever an employee has been terminated. The sooner you change the password, the less chances there are of that employee potentially stealing information or changing documents.

Another tip is to avoid saving password, username, and credit card information on a website. Although things like Chrome wallet or “remember my password” shortcuts can save you time and seem more convenient, they can easily be stolen by outside bad actors.

Websites regularly collect cookies on your information, and one visit to a bad website or an unsecured server that’s been hacked can result in all those cookies being stolen or replicated, meaning all your information on passwords, usernames, and credit cards could be stolen.

Final Thoughts on Cybercrime

As an entrepreneur and business leader, it is up to you to ensure your business is secure and following the best practices for preventing cybercrime. Don’t allow your business to fall victim to common mistakes — educate yourself and your staff, communicate best practices, purchase encryption, and follow through on improving your passwords.

No one is immune to identity theft and cybercrime — not even small startups — and it’s important to recognize that both your personal information and the information of your business are vulnerable.



This site uses Akismet to reduce spam. Learn how your comment data is processed.