If the progression of technology and its use in business kind of freaks you out, you’re not alone. The pace of technological change has continued to accelerate, and there is no reason to believe that it is going to slow down.
Technology is not only a great tool for your business, but it has also become simply unavoidable in our day-to-day lives. Without technology, companies like our own would not exist. Unfortunately, with this dependence on technology, the consequences of falling prey to any sort of breach or failure can, at best, be annoying and time consuming. At worst, it can be disastrous to a business.
Crucial to every business is protecting its systems from breakdowns or threats regardless of whether they are malicious or accidental. You want to make sure that if one thing breaks down in your business, you aren’t caught in a tornado of subsequent failures that leave you hanging and unable to progress.
Actions to Take
Your ideal course of action is to avoid as many problems as you can. Practically though, avoidance isn’t often an option, but managing the risk is! In order to do so, you need to first know what those problems or risks might be, which can be tough if you don’t understand the intricate workings of your technology in the first place. Fortunately, you don’t have to be an expert, and you have options!
There are four ways to manage risk:
Accept it: yup, it's going to happen, but I've got a backup plan
Avoid it: nope, I'm not doing that
Transfer it: somebody else can do it and take responsibility for it, or we share responsibility if something goes sideways
Reduce it: such as with insurance for “after the damage”, or proactive planning, like overall good technology habits - if damage is going to occur, you’ve taken steps to limit the exposure
We did say that you don’t have to be a technology expert to protect yourself properly. You may, however, want to connect with one.
Having your head in the sand and hoping nothing will go wrong is never the right answer. If you haven’t seriously thought about the technological risks to your business, we recommend this affordable yet in depth resource: Basic Cybersecurity: For Small Businesses Ready to Protect Themselves Against Rising Cyber Threats. If you purchase the Kindle format, a PDF version is available through Admin Slayer.
Let’s get started with some of the basic things that you and your team can, and should, take care of.
Have a Backup
Your data is crucial to your business, and you can’t afford to be without it. Wherever you have your data - locally on your computer, on a server, or in the Cloud - don’t assume that nothing will ever go wrong, that no one will ever accidentally delete an entire drive, or click on a link that installs ransomware that spreads through all your files.
If you haven’t given any thought to what “Business Continuity Planning” (CBP) or “Disaster Recovery Planning” (DRP) looks like for your business, make some time for this.
2 Factor Authentication
There’s a lot of talk about 2 Factor (also called MFA or Multifactor Authentication). There’s also a lot of reluctance to use it - maybe an unfamiliarity, or maybe it’s a little inconvenient. What it definitely is, though, is the most effective way to protect your critical accounts from unauthorized access.
Fortunately, not every account needs to have 2 Factor enabled. But there are some that are a must - those accounts that if someone gained control could cause a lot of disruption, destruction or expense:
M365 - Yes!
Google Workspace - Yes!
Online banking - Yes!
Password Manager - Yes!
Password Management
If you don’t already have an online Password Manager, go get one. Now.
Encrypted password management tools can store your passwords, generate passwords, notify you of duplications, and prompt you to update. They can also help you share individual passwords with team members, executive assistants and family members who need to access these programs on your behalf, avoiding the incredibly poor practice of sharing via email.
Oh yes: don’t share passwords by email. Why? Emails can not only be intercepted or hacked but also forwarded and shared. Once you’ve sent an email, you’ve lost all control of its contents.
Education and Training
As our resident technology experts like to tell us: The weakest link isn’t the system - it’s the user.
Your programs and online systems can have amazing encryption and protection in place, but it won’t matter even a little bit if your cybersecurity practices are poor. One of the most common ways that criminals gain access to accounts is with people falling for phishing attempts.
Email & Text Message/SMS (Phishing & Smishing)
The best way to protect yourself is to remain aware of common phishing techniques and to always keep your guard up.
As an example, let’s say that you’ve already updated your M365 password to something unique and complex and you’ve got 2FA enabled. You receive an email that appears to be from your M365 Administrator that you need to change your password. You click the link provided, enter the password and now some hacker has your complex password. Good thing you have 2 Factor enabled on that account - they can’t log in with just your password.
Most importantly, do not click on anything that is supposedly from a financial institution or tax department. The vast majority of these organizations do not send you emails or texts. Anyone that is asking for your account information or requesting (or offering!) money should be treated suspiciously.
An excellent and easy to read resource on this is: The 7 red flags of phishing published by the Government of Canada.
Implement Team-Wide Protocols
Every individual user who accesses your business system is a potential cybersecurity concern. That includes you! Make sure everyone understands the risks inherent in technology, and the rules you’ve implemented. Lead by example. If you don’t take your business’ security seriously, why should your employees?
Consider working with technology experts who can teach you and your team, along with reviewing your systems to ensure you are doing all you can to protect your business.
Cyber Perils Insurance
If you don’t already have insurance that covers Cyber Perils, talk to your agent. The rate you pay may depend on showing what measures you’ve taken to protect yourself.
This is another great reason to implement cybersecurity protocols. Not only does it protect you from the day-to-day, give you faster recovery in times of disruption, but it also saves you money on cyber insurance.
Ask us about implementing cybersecurity protocols on your team.