For those of you who missed the news, Ashley Madison, the cheat-on-your-spouse website whose tagline is “Life is short. Have an affair.,” was hacked into and 9.7 gigs of incriminating data was posted online. The data leak could affect as many as 37 million website users who trusted that this dating website would keep their usage, private conversations and credit card info private.
As divorce lawyers drool over this news, Internet users are getting increasingly more concerned about their own cyber activity. One thing the news reaffirms is that no one can guarantee privacy on the web.
As entrepreneurs, many of us have assumed the roles of data guardians, without knowing a thing about cyber security. If you are processing credit card payments, storing passwords, hosting online forums, or sending email newsletters, you are the guardian of customers’ precious data. Unlike large companies who may spend millions on cyber security consultants, what measures can a small business take?
Here are some common sense things to consider:
1. Protect your devices: If your company laptop or mobile phone is stolen today, what data can be found? Be sure to password-protect all vital documents on every device. This may not prevent serious hackers from getting into the data, but will deter the majority of thieves who would’t spend the time to crack through your passwords.
2. Verify email addresses: In Ashley Madison’s case, email addresses were not verified, so anyone could have created an account using YOUR email address. Be sure to verify email addresses, particularly if the business you are running is vulnerable to email misrepresentation.
3. Delete data. We all make mistakes, such as revealing too much in a forum or posting a photo we later decide to delete. If you promise to delete your customer’s data, be sure to follow through and delete it on your servers and backup files as well. This is another thing Ashley Madison failed to do.
4. Don’t use password aggregators. Even password aggregators have data breaches. In June, LastPass, a password aggregator site, was hacked, exposing encrypted master passwords.
5. Protect the data within your company. Make sure that sensitive data is not available to those you hire unless they absolutely need it to do their jobs.
6. Back up your data. Take some time each week to back up your website, photos and any other documents. You may think your business is not hack-worthy, but you never know until it happens to you.
7. Encourage “complex” passwords: Protect your users from easily guessed passwords. Encourage them to create more complex passwords with a combination of words, numbers and punctuation.
8. Learn about cybersecurity. Take time to educate yourself and your staff, and have a plan in place if a security breach occurs.