This is National Small Business Week. I was looking at the official agenda for the event. There are seminars being held in venues around the country, discussing the issues that are of top concern to SMBs, like social media, supplier diversity opportunities, and the Affordable Care Act (a very popular session and repeated a number of times). However, I was dismayed to see only one session that discussed cybersecurity, and maybe not surprisingly, that breakout session was during the event held at the Microsoft campus.
I’ve said it before: Security has to be a top concern of SMBs. All of those other agenda items are important for the growth of the business, but if you fail at cybersecurity just once, you risk ruining your reputation and losing those new customers. If that’s the case, you might not be around for next year’s National Small Business Week.
And yes, SMBs are being targeted specifically. For instance, earlier this month, InformationWeek warned that the Zeus Trojan is back in action, this time with small businesses in its sight.
On behalf of the Certificate Authority Security Council, Wayne Thayer, CTO of GoDaddy, developed five tips to better cybersecurity, particularly for those companies that conduct business via ecommerce sites, and he was kind enough to share them with me. I’ve included them below. The tips are pretty straightforward, but it is always good to get periodic reminders on basic cybersecurity tips.
1. Create unbreakable passwords: Strong passwords are essential on any account related to your online presence (domain registrar, hosting account, SSL provider, social media, PayPal, etc.). Brute-force attacks, where a computer is used to rapidly guess your password, are surprisingly common and effective. To prevent your business accounts from being hijacked, we recommend that you use a password generator to create strong passwords and a password safe to store them. Many services now also offer a two-factor authentication option and we recommend that you take advantage of this whenever possible.
2. Consider an SSL certificate: In today’s world of e-commerce, consumers need to have trust in your brand and your authenticity. If you’re a small business and don’t have the brand identity that your larger competitors enjoy, verifying your identity and trustworthiness with an SSL certificate can make a major difference in your online success. Extended Validation certificates enhance the assurance provided to your customers by displaying your company name in green in their browser’s address bar. Even if your website doesn’t do e-commerce or collect private information, you should consider an SSL certificate to authenticate your business to visitors.
3. Regularly scan your website for vulnerabilities and malware: It’s common for sites to become infected the same way that your PC can. When this happens, the website might load slowly, display unwanted advertisements, and infect your customer’s computers with more malware. Just as you should run a virus scanner on your PC, it’s a good practice to monitor your site for problems. There are many vendors that will do this automatically and alert you if they find a problem.
4. Don't forget updates and patches: Make sure that someone is regularly patching your website. This is especially important if your site is built using popular software like Wordpress or Zen Cart. This software is constantly being updated to address security problems, but those updates must be installed on your website, just like installing the latest Windows Updates on your PC. We recommend that you check with your hosting provider or site designer to find out if they are updating your website’s software on a regular basis.
5. Maintain control: Make sure that you have control over your domain name, SSL certificate, and website. It’s all too common for business owners to hire someone to build their website, and leave that person as the only one with access to the SSL, domain name, and hosting account. When these services come up for renewal or need to be changed, you can run into big problems if you can’t reach the person who originally built the site. We recommend you make sure that someone at your organization is also listed as a contact on these accounts so that you will still be able to maintain continuity with and otherwise manage your certificate, domain name and hosting account.