Wednesday, February 8, 2012

Protect your passwords, protect your business

Managing your business, even if it's a real-world store with a physical address, is increasingly moving into the online space. With that comes the need to maintain good online security practices to protect both your own information and that of your customers. Behind your password lies a wealth of data that can be very interesting to your competitors and criminals. You should see this data as a commodity, just like the product you are selling. And just like your product, you don’t want it to fall into the wrong hands.

Here’s what you can do to help protect your business online:

Use strong, unique passwords. Cyber-criminals use sophisticated tools that can rapidly decipher passwords. Did you know that one of the most common passwords is actually ‘password’? It’s recommended to use a password with a mix of letters, numbers, and symbols. Create a unique password that's unrelated to your personal information. For example if you sell flowers, don’t have ‘flowers’ in your password.


Memorize your passwords or keep them secret. Would you leave the key to your office in the door when you leave? Obviously not. Yet many people leave notes by their desks with their most used passwords or leave their screens unlocked. This leaves the door to your systems available to be unlocked by anyone who discovers its passwords. If you have to write down your passwords, keep them in a secret place. If you have to save your passwords on your computer, avoid giving the file an obvious name, such as ‘my passwords.’

Don't re-use passwords for important accounts, especially important accounts like email and online banking. Re-using passwords is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address, and even your money.

Add extra security. If you have a Google Account, you can install 2-step verification which will add an extra layer of security by requiring you to have access to your phone--as well as your username and password--when you sign in. This means that if someone steals or guesses your password, the potential hijacker still can't sign in to your account because they don't have your phone.

Run regular anti-virus scans. If you get malware on your system, it may be programmed to look for passwords either typed in or saved. And it doesn’t hurt to change your passwords every once in awhile too.

Share these resources with your colleagues to help keep them safe and secure online:


Posted by Katrina Blake Buffini, Risk Analyst