There’s a New Major Cybersecurity Vulnerability: You
We talk a lot about preventing threats from seeping into your company, and hoo boy, there are a lot of them. From ransomware to zero-day exploits to targeted social media attacks, there are a lot of threats out there that business owners need to be aware of. We’re not going to talk about any of those today.
Why? Because you, as the business owner, are likely a threat to your own business.
You Might Be Putting Your Own Business at Risk
There. We said it.
It feels good to get it off our proverbial chests.
That’s right, you! The one who (more or less) calls the shots, runs the show, and signs the checks; you might possibly be one of the larger risk-factors when it comes to the safety and preservation of your data.
And believe us when we say that we want to help.
What the Heck are We Accusing You Of?
Let’s not beat around the bush. If you are a client of ours, you likely pay us to keep your business safe. We keep your IT running so your staff can be productive, and we’re protecting your network from outside threats like ransomware, malware, and the like.
We’ve carefully set up protocols and access controls so your staff can’t get into things they shouldn’t, and make sure everything that happens is managed centrally so if you need access to data, or an email inbox, or anything else, you can get it. All company data is backed up, and your users are taught to store data only on the company server so that it can be backed up.
Combine this with everything else we do, and your IT should be running like a well-oiled machine.
But sometimes, the business owner is the wrench that gets tossed into the gears.
Business owners want their staff to comply, but in our experience, often get a little too lenient on themselves. It comes in a ton of different scenarios, but it all boils down to breaking compliance and putting your business at risk.
Here are a few things we are asking, no, begging that business owners stop doing to help keep their business secure.
Stop Using That Old Third-Party Email Account
You’ve got that old AOL, Yahoo, or Hotmail account that you’ve been using since 1997, or worse yet, one of those stny.rr.com email accounts. We get it—if that’s been your email address all this time, it’s tough to let go of it.
You don’t have to let go of it, but you definitely should not use it for work at all.
Want a perfect example?
Basically, every single Yahoo account ever was hacked. Back in 2017, over 3 billion Yahoo accounts were hacked. Yahoo made everyone change their passwords, but we all know that people don’t really do a great job coming up with secure passwords. Adding an exclamation point or a couple of characters to your hijacked Yahoo password probably doesn’t add much as far as security.
Plus, it just looks unprofessional. You’ve got a business! You’ve got a domain name! You don’t need to represent AOL or Hotmail on your business card! Most of these free, third-party email providers don’t do much to offer good spam protection either. You start getting that with Microsoft 365 and Google Workspace, which are great email platforms that can be accessed from any device, get pulled into Outlook, or simply be used in a browser.
On top of all of that, it’s downright impossible for us to guarantee a level of support for, say, an AOL account. If something happens to your business email, we can dive in quickly and resolve it before it devastates your productivity. If there is a mail flow issue with AOL, Hotmail, Yahoo, or some other third-party email provider, we can only help you by sitting on hold with that provider. They dictate the timeline.
Stop Giving Yourself Administrative Privileges
Even as a business owner, you don’t need administrative access to everything. That only makes your endpoint more of a risk to the rest of the network. If you get infected, and your user account has full admin access to everything, then everything is likely going to get infected too. You can certainly be elevated so you have more permissions than most, and can access everything you need, but you shouldn’t ever need total access to make and change everything across your network.
We encourage you to have an admin user and keep it extremely close to the chest, but lock that password in a safe. Don’t ever use it for day-to-day stuff.
Stop Using Weak Passwords
We tell your staff this all the time. Passwords should be complex. They shouldn’t contain your birthday, or birth year, or any other identifying information. All passwords should either be a random mix of capital and lowercase letters, numbers, and symbols, or you can use an easier to remember system by chaining together several random words and a few numbers and symbols.
When we say random words, we don’t mean the make and model of your car. These words need to be random and uncommon.
When we say symbols, we don’t mean sticking an exclamation mark at the end. That’s what everyone else does. You don’t want your passwords to be predictable.
Your passwords should always be unique. That means every single account and every single password you use needs to be completely different from every other one you have and use. As a business owner, you likely manage a lot of passwords, so we recommend a good password manager, such as Keeper.
Don’t Be Your Company’s Weakest Link
You’ve worked so hard to build and grow your business, don’t be the one to put it at risk.
If you want some help getting your own IT in order, give us a call at 607.433.2200.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.