Even if your business is a small bakery, it won\u2019t get far without a computer. At the very least, selling and buying these days is not possible without a computer, so not having at least one is unimaginable \u2014 not to mention mobile devices, which are not just ubiquitous but essential. Therefore, anyone starting a business had better be able to handle modern technology. Here we discuss the most common cybermistakes we\u2019ve seen from budding business owners.<\/p>\n
Funny \u2014 ironically funny \u2014 but still unfortunately true: Passwords to all kinds of resources shared across organizations often end up scribbled on sticky notes and stuck to employees\u2019 displays<\/a>, where any casual office visitor can see them. The consequences depend very much on what resources the password unlocks \u2014 your website host, the accounting system, or the computer that stores the customer database \u2014 but the typical result of such carelessness is stolen information or money.<\/p>\n Solution: <\/strong>Ensure every office computer and every employee\u2019s computer and mobile device <\/em>is protected with a unique password. Use a password manager to avoid weak, reused, and forgotten passwords. Users of our solution for small offices<\/a> can use the same license code to activate our password manager as well.<\/p>\n Another thing about passwords: Keep them private. When some employees have more access rights than others, they sometimes share, for convenience or by necessity. \u201cHey, Chris, I\u2019m in bed with a cold. Would you send a file from my computer to the boss? Here\u2019s my password.\u201d Later, Chris quits in anger, and even if her password is revoked promptly, she knows the other guy\u2019s login credentials and can wreak havoc.<\/p>\n Solution:<\/strong> Emphasize the importance of password security to staff, and use two-factor authentication wherever possible.<\/p>\n If the password to your accountant\u2019s e-mail is password123<\/em> or the like, cracking it on a simple home computer takes about six seconds<\/a>. Something like MyPaSsWoRd123<\/em> takes two days to crack, and that\u2019s not at all secure either. However, even something like P\u2019@\u2019s\u2019s\u2019w\u20190\u2019r\u2019d<\/em> or something like that would take more than 10,000 years to crack (at least, without access to data-center-level computing powers). A cybercriminal trying to brute-force that password doesn\u2019t have that kind of time to spare.<\/p>\n Solution:<\/strong> Passwords also have to be different from one another, which makes them just about impossible to remember. Employ some sort of mnemonic rule<\/a> or install our password manager<\/a> and forget it all with a clear conscience. Truth be told, even complex passwords can be leaked, so you should turn on two-factor authentication<\/a> everywhere you can, which offers you protection in the event of a leak.<\/p>\n Your databases, your accounting records, your all-important tables, and your other indispensable documents are stored somewhere, be it on a personal computer, on a server, or someplace else. To be safe, copy them regularly to another location as well; then if a hard drive dies, or a server is compromised, your files should still be safe. Your website needs regular backups as well.<\/p>\n That said, making backups is a drag, and easy to put off. You really need to make backups, though, and often. No one expects an emergency, but one day, the janitor will pull out the power strip, or the hard drive (and the account system database on it) will break down, or malware will lock your critical files. Will this happen tomorrow or in one year and thirty-three days? No one knows, but we\u2019d bet whatever the \u201csomething\u201d is, it\u2019s not something anyone anticipated. Your current janitor may be very careful, but what about his eventual replacement? Accounting may have all new computers, but every hard drive has a life span. What if a pipe bursts right above your server room? The point is, you can prepare for all sorts of possibilities, but no one expects the unexpected.<\/p>\n Solution<\/strong>: Back up important data and update all firmware and software regularly, which at least will minimize the number of holes in the system and software through which someone uninvited can get into your network. Use a dedicated backup solution. If you already use a Kaspersky Small Office Security<\/a>, then you already have a \u00a0secure backup automation utility as well.<\/p>\n Employees and companies often part ways on less than the best of terms. If a website developer, for example, quits in a huff, they could potentially delete parts of the site. Access revocation is a critical part of any separation, but even before that, limit employee access to those resources they need for their work.<\/p>\n Solution:<\/strong> Whether a member of staff quits, changes position, or is asked to leave, immediately assess their rights and revoke or transfer as necessary.<\/p>\n Even a bakery needs a router. Did anyone set yours up properly? In lots of cases, an ISP employee\u2019s priority is just to get you connected, so they key in the ISP\u2019s settings and call it a day. But default administrative login and password combinations leave your network essentially open. Getting hacked and being added to a botnet is not the worst that could happen. For example, someone might install a sniffer \u2014 a tool that scans all of your traffic \u2014 at which point no complex passwords will save you. In a nutshell, it is vital to change the default settings on routers and other network devices and it is just a good thing to do so for every other device.<\/p>\n Solution:<\/strong> Set up your router and network appropriately. It\u2019s not a fun task, but it\u2019s quick. At a minimum, change the administrator name and password, but also take a moment to make sure your network uses WPA2 encryption and disable remote management of the router, and check for (and install) any available firmware updates.<\/p>\n \u00a0<\/strong><\/p>\n It\u2019s tempting \u2014 and popular \u2014 to think you\u2019re too small to be a target. Other delusional excuses include: \u201cI\u2019m smart and safe, so nothing bad will happen to me\u201d; and \u201cI have a Mac, so I won\u2019t get infected.\u201d Being smart and using a more secure system targeted by fewer malware programs is good. But all of your employees should be smart and safe \u2014 and malware is only one of many dangers. At the very least, consider phishing<\/a>, which is every bit as risky to Macs as it is to Windows, not to mention immensely popular with scammers attacking organizations.<\/p>\n Solution:<\/strong> Install and configure a strong and reliable security solution such as \u00a0Kaspersky Small Office Security<\/a>. Set it up to check for and automatically install updates. This solution specifically designed for small businesses has an antiphishing module that will help you avoid Web pages aimed at stealing your login credentials and other data.<\/p>\n\n The first step is understanding that you have a problem; employees who aren\u2019t well-versed in modern security protocols are unlikely to advertise the issue \u2014 if they\u2019re even aware of it. So, good job identifying a big problem! However, unless you pass your knowledge on to everyone working alongside you \u2014 in an understandable and actionable way \u2014 one of them will end up being the weak link.<\/p>\n Solution:<\/strong> Train existing employees, and new ones as they arrive. The basics of safe digital literacy include not opening e-mail attachments from unknown senders, not following links without checking their targets, using reliable cloud services with two-factor authentication<\/a> for sensitive data, not downloading software from unreliable or illegal sites, and so on. No time for training? Use an automated learning platform<\/a>.<\/p>\n\n","protected":false},"excerpt":{"rendered":" When it comes to information security, we\u2019re seeing the same mistakes over and over again.<\/p>\n","protected":false},"author":2581,"featured_media":16329,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917],"tags":[2088,1229,521],"class_list":{"0":"post-16328","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-tips","10":"tag-smb","11":"tag-threats"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/common-smb-mistakes\/16328\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/common-smb-mistakes\/20385\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/common-smb-mistakes\/8141\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/common-smb-mistakes\/21386\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/common-smb-mistakes\/19629\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/common-smb-mistakes\/18419\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/common-smb-mistakes\/22382\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/common-smb-mistakes\/21307\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/common-smb-mistakes\/28057\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/common-smb-mistakes\/8081\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/common-smb-mistakes\/34757\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/common-smb-mistakes\/14645\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/common-smb-mistakes\/14897\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/common-smb-mistakes\/13311\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/common-smb-mistakes\/23740\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/common-smb-mistakes\/28098\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/common-smb-mistakes\/25285\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/common-smb-mistakes\/22020\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/common-smb-mistakes\/27241\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/common-smb-mistakes\/27077\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/smb\/","name":"SMB"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/16328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=16328"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/16328\/revisions"}],"predecessor-version":[{"id":16399,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/16328\/revisions\/16399"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/16329"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=16328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=16328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=16328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}2. Shared passwords<\/h2>\n
3. Simple passwords<\/h2>\n
4. No backups<\/h2>\n
5. Forgotten access rights<\/h2>\n
6. Default settings<\/h2>\n
7. Lack of antivirus protection<\/h2>\n
8. Uninformed employees<\/h2>\n