Hackers love to go after small businesses. There are many businesses to choose from, and many don't invest in good IT security. Plus, many business owners and their employees have bad cybersecurity habits. They do things that increase their risk of a malware attack or a cyber-attack.
Here are five bad habits that can lead to a hack and what you can do to reduce your risk.
1. Giving out your e-mail
Just about every website wants your e-mail address. If you share it with a vendor or e-commerce site, it's usually not a big deal (though it varies by site - some are more than happy to sell your e-mail to advertisers). The point is that when you share your e-mail, you have no idea where it will end up - including in the hands of hackers and scammers. The more often you share your e-mail, the more you're at risk and liable to start getting suspicious e-mails in your inbox.
If you don't recognize the sender, then don't click it. Even if you do recognize the sender but aren't expecting anything from them and do click it, then DO NOT click links or attachments. There's always a chance it's malware. If you still aren't sure, confirm with the sender over the phone or in-person before clicking anything.
2. Not deleting cookies:
Cookies are digital trackers. They are used to save website settings and to track your behavior. For example, if you click a product, cookies are logged in your browser and shared with ad networks. This allows for targeted advertising. There's no good way to tell who is tracking online. But you can use more secure web browsers, like Firefox and Safari. These browsers make it easy to control who is tracking you.
In Firefox, for example, click the three lines in the upper right corner, go into the Options menu, and set your Privacy & Security preferences. Plus, every web browser has the option to delete cookies - which you should do constantly. In Chrome, simply click History, then choose "Clear Browsing Data." Done. You can also use ad-blocking extensions, like uBlock Origin, for a safe web-browsing experience.
3. Not checking for HTTPS:
Most of us know HTTP - Hypertext Transfer Protocol. It's a part of every web address. However, most websites now use HTTPS, with the S meaning "secure." Most browsers now automatically open HTTPS websites, giving you a more secure connection, but not all sites use it.
If you visit an unsecured HTTP website, any data you share with that site, including date of birth or financial information, is not secure. You don't know if your private data will end up in the hands of a third party, whether that be an advertiser (most common) or a hacker. Always look in the address bar of every site you visit. Look for the padlock icon. If the padlock is closed or green, you're secure. If it's open or red, you're not secure. You should immediately leave any website that isn't secure.
4. Saving passwords in your web browser:
Browsers can save passwords at the click of a button. Makes things easy, right? Unfortunately, this method of saving passwords is not the most secure. If a hacker gets your saved passwords, they have everything they could ever want. Most web browsers require a password or PIN to see saved passwords, but a skilled hacker can force their way past this if given the chance.
Protect yourself with a dedicated password manager! These apps keep passwords in one place and come with serious security. Password managers can also suggest new passwords when it's time to update old passwords (and they remind you to change your passwords!). LastPass, 1Password, and Keeper Security Password Manager are good options. Find one that suits your needs and the needs of your business.
5. You believe it will never happen to you:
This is the worst mentality to have when it comes to cybersecurity. It means you aren't prepared for what can happen. Business owners who think hackers won't target them are MORE likely to get hit with a data breach or malware attack. If they think they are in the clear, they are less likely to invest in good security and education for their employees.
The best thing you can do is accept that you are at risk. All small businesses are at risk. But you can lower your risk by investing in good network security, backing up all your data to a secure cloud network, using strong passwords, educating your team about cyber threats, and working with a dedicated IT company. Good IT security can be the best investment you make for the future of your business.