Using Two-factor authentication

Do you need a business domain name, world-class WordPress hosting or other Web services for your business? We provide affordable digital marketing strategy help along with our technical support. Check it out at

Using Two-factor authentication Video: Source Switched on IT is produced and hosted by the PowerTV Australia and co-presented by Ray Sidney-Smith, Author of “SoLoMo Success” (2nd Edition coming soon), Digital Marketing Strategist, and Managing Director of W3C Web Services, providing

For World Password Day: Why Use a Password Manager, and How

Do you need a business domain name, world-class WordPress hosting or other Web services for your business? We provide affordable digital marketing strategy help along with our technical support. Check it out at

On this hardly-known but highly-important World Password Day (, let’s discuss my password manager of choice, and why you should use it (or one of its competitors), too! I know, I know…how unsexy is the password!? But, the risk is

How to Make Your Digital Business Life Safer Today on Safer Internet Day

How to Make Your Digital Business Life Safer Today on Safer Internet Day

How to Make Your Digital Business Life Safer Today on Safer Internet DaySafer Internet Day is today. But, your digital personal and professional world are under attack every day. So, it’s with this in mind, here is the advice I give to loved ones and clients alike when asked about how to protect themselves online.

User Account Management

First and most important is to start with the basic security of your user accounts on your desktop computers, laptops, smartphones and mobile tablets. Actually, anything with a username and password should have it enabled.

It’s convenient to have your devices simply have no password or passcode login, but this compromises your security if or when someone covertly accesses your device or snatches it off your table at a café or restaurant when you least expect it. On Windows, you want to make sure your Windows user account settings are activated and updated with a strong password (see below) and, on Mac OS X, walk yourself through each tab within your Security & Privacy settings in System Preferences (especially File Vault).

Password Managers Are Your Friend

Next, with so much of our world being digital today, passwords have become the banes of our existence. We have passwords upon passwords. And, we simply cannot remember them all. So, we cheat and create a password that we can remember, that’s simple, and we use it for all our online accounts. (In case you can’t tell, I’m metaphorically slapping my forehead.) Let’s change this practice through a simple set of security principles.

One, your username is a kind of password, too. When you enter a username into the field on a website, then another, then another, you get to be known by the username across many services. If your password on one site is compromised on one of these sites, hackers know to start checking other sites for that username. If you use different usernames one each site, you create a far smaller digital persona for hackers to track when the inevitable password hacks happen at Target, Equifax, Yahoo, or otherwise.

N.B. This is tough to avoid when your username is your business email address. But, where you’re required to use your email address as your username, you can use multiple business email accounts across the Web; create one for your important accounts, another for public marketing communications (e.g., those on flyers, postcards and business cards), and perhaps a tertiary one for less secure environments (e.g., Social Media accounts).

Two, the complexity of the password doesn’t make it a strong password as much as the length of the password; choose one that is the maximum length allowed by the service.

Third, you can no longer comfortably rely on your memory now to remember your usernames and passwords if you’re making them different on every site you use. The simple solution is a password manager. Now, you can even use randomized usernames and strong passwords without the need to remember any of them! I recommend LastPass (my preferred password manager) and 1Password to all of my clients, because they are available across all major mobile and desktop operating systems, and they have Web browser extensions.

User Two-Factor Authentication, When Possible

Password hacks happen every day in far more frequency than I believe any analysts and journalists are reporting. The main reason is that these hacks are too small in the eyes of the media to warrant grabbing audience attention. But, make no mistake, your passwords are being reaped from sources without your knowledge and you need to take precautions.

A simple way to do this is use what’s known in the cybersecurity industry as multi-factor authentication (MFA) or two-factor authentication (TFA/2FA). In short, you install a software such as Google Authenticator, Authy or LastPass Authenticator (separate app from LastPass) on your smartphone and/or mobile tablet; there are also physical 2FA devices available if you feel the need for that kind of security. Then, go to Google, Apple, Facebook,, Evernote, and any other online services you use that allow it, and enable two-factor authentication. (Text messaging (SMS) is not a second factor. Phone-based text messages can be easily spoofed or intercepted, so it cannot trusted as two-factor authentication.)

N.B. If you use two-factor authentication, make sure you print (yes, physically print on paper) the backup codes each service will provide to you. Then, secure those in a very safe place (from theft, fire and water damage). If you lose access to your 2FA app and can’t get back into a service, you will need those backup codes.

Enable Your Routers’ Firewalls

One of the most potent ways to stop hackers is to stop them from ever seeing your devices connected to your Internet. The way to do that is through the use of software called firewalls. So, go ahead, enable your routers’ firewalls and browse more securely.

Secure Your Web Browsing on Public Networks

Your next line of defense when you leave the safety of your private office or home network, is browsing and connecting to public Internet connections securely. Start with a virtual private network (VPN), a tool that creates a secure connection between your computer/device and whatever online services you’re connecting to. (My current favorite service is TunnelBear. They have a free monthly plan for light browsing at cafés, and have reasonably priced plans for those who work at coworking spaces and on public networks often.)

Following on the heels of any VPN, that doesn’t fully protect you. You need to actively protect yourself while Web browsing. Simply clicking on anything on the Web is a surefire way to download malicious content and software. Pay attention to every link you click on while browsing when on public networks.

Backup Your Devices (Cloud & External Drive)

Last but not least, you should backup your devices. It’s been discussed ad nauseum on the Web about best cloud backup solutions, external backup hard drives, and strategies for backing up your data. Sadly, small business owners especially are not listening well. Please, please, please backup your data. When you’re on the frontline, I can assure you it’s tough to answer each and every call or email from a business owner who has lost access to data because of ransomware or some other kind of cybercrime. Please don’t become another statistic.

So, that’s it. Six tactics for Safer Internet Day to help you be more secure on a daily basis. Here’s to keeping your digital identity and data safe!

Do you have a question about something discussed in this article about your cybersecurity? Leave a comment below (or click on Contact Us if you’d like to private message us) and we’ll be happy to see if we can help you out.

Cybersecurity for Small Business: It Doesn’t Keep You Up at Night? It Should!

Cybersecurity for Small Business: It Doesn’t Keep You Up at Night? It Should!

Cybersecurity for Small BusinessIf you want a pleasant Sunday morning read, check out this list of data breaches of major companies, organizations and government agencies. These are entities with IT departments, security professionals monitoring their networks, cybersecurity policies, and a budget to support their cybersecurity efforts. At least one of these data breaches included data about you. And, these cyberattacks were not even the primary targets of most attacks in the world. Hackers today find it lucrative to target businesses and, more specifically, North America-based small businesses.

Hackers have breached about 14 million small businesses in the last year, and most don’t know it. Cybersecurity for Small Business might sound obscure if you’re in business on “Main Street” and don’t sell online. However, it’s one of the most important management areas of your business to focus on today. Cybersecurity itself means protecting your digital world from attacks in a variety of forms so you can focus on running and growing your business.

Unfortunately, gone are the days when you can buy antivirus software for your desktop computer and all your digital worries can go away; it’s part of the solution but it’s not the whole solution. There are many ways in which hackers can penetrate your personal, your business, your employees, and your customers’ machines and access data with intent to steal or get access to that equipment for nefarious reasons. Frequently, the reasoning doesn’t make sense on the surface so you aren’t suspicious, and this can be the most dangerous cybersecurity breaches because you are unaware for so long.

I’ll use the colloquial term “cybercrime” throughout this discussion to cover the wide variety of crimes, unethical tactics, and downright immoral practices of individuals and companies against personal and business systems and their data. These cybercrimes include, but are not limited to,

  • hacking your digital devices (which could be your smartphone, computers and laptops, Point of Sale terminals, credit card machines, and similar devices),
  • hacking your digital services (think about your website, email, cloud storage, and online services),
  • blatant physical theft (ergo, larceny) of digital equipment to get the underlying data,
  • data theft,
  • phishing,
  • stalking,
  • identity theft,
  • wire tapping,
  • denial of service (DoS) and distributed denial of service (DDoS) attacks against your servers to shut down your websites,
  • email bombing (the equivalent of a DoS/DDoS attack, but with a volume of email messages sent to you instead of HTTP requests to the server), and
  • injection of malware (malicious software), ransomware (taking data to make you pay to gain get it back), and other types of software that do dubious actions to your digital environment.

Now isn’t this a Charlie Foxtrot, eh? I know it’s daunting and it might scare and overwhelm you. It’s understandable that you may feel this way. But, as a business owner in the Internet Age, you must head cybercrime off at the pass, or risk losing time, money, and clients. Thankfully, there are some common sense ways to deal with cybercrime, so you can rest at ease knowing your digital world is safe and get back to running your business.

Physical security of hardware

Every Small Business should have physical security protocols for all digital devices (phones, external hard drives, computers should be secured in place so they cannot be easily picked up and run away with, laptops / tablets / credit card readers should be secured in locked storage when not in use.

Your next best defense since people are fallible, is to have an off-site backup. This can include making a full copy of your encrypted data on an external hard drive and taking it someplace away from the business location, and/or using a cloud storage backup service such as Carbonite, Crashplan, or even Google Backup and Sync.

Something that some businesses are starting to do as well, when all else fails, is to make sure their business liability insurance cover physical theft. And, you should know that there are cyber security risk / liability insurance policies available for damages and losses from digital means.

Physical access to systems (users)

When it comes to physical access to systems, your users should be guided by an effective Digital Device Policy and include protocols for:

  • How to create employee user accounts and assign only the administrative/user privileges needed for them to perform in their role.
  • Give users physical access to systems only at the times needed to satisfy their assignments, and not give access to unnecessary systems at all. If employees don’t need access to your server room, don’t give it to them.
  • For  how to allow Bring Your Own Device (BYOD) employees at your business. You should have in place a policy for managing BYOD’s. Employees must use and abide by these security protocols on their mobile devices, if they use personal devices at work.

Separation of personal and business devices

You separate your business and personal finances, because you need to track what is yours and what is your business’, even if only for tax purposes. The same goes with cybersecurity. You need separate personal and business logins for online accounts. This may also include hardware, like the phone you use to make and receive personal or work calls. Will your ISP or telecommunications provider have protections in place if you’re using your consumer service for business purposes? Probably not. The fine print matters here.

Software protections

Since the late 1990s there has been antivirus and anti-spyware software. And, yet, business owners resist installing reputable antivirus software on their business machines. While some have costs associated with them, many are free and built into your operating system, such as Windows Defender. You simply need to activate them. But, if you have purchased a license for one not built into your operating system, please make sure that your license is still valid and the software are kept up-to-date (including your mobile phones and devices). Also, firewalls keep your computer, and any devices or routers connected to the Internet safer, especially your Web browsers (all of them, even if you don’t use them all, all of the time), must have firewall protection. Again, on Microsoft Windows, there’s Windows Firewall that simply needs to be enabled.

VPN when on WiFi on anyone else’s network

If you spend much of your time on other people’s WiFi, then you need to use a Virtual Private Network (VPN) to secure your business data trafficking across the network. This includes any open WiFi network at your local cafe and if you’re working at a coworking space or even at your client’s site. No network outside your firewall can be trusted to be secure. A VPN product you can try for 500MB per month for free is TunnelBear and if you use more data than that per month across your business, then you can upgrade.

Web browsing and email protections

As a business owner (and advising your staff similarly), don’t open suspect emails and don’t transact any personal or private information about yourself via email. Period.

At the core of most Web and email protection is antivirus and spam-filtering software, so it’s definitely recommended that your ESP (email service provider) and/or ISP (Internet service provider) give you options for protecting and securing your Web and email traffic. However, that’s simply not enough for a business today.

In addition to such protective software, you should also seek out information on implementing SPF, DKIM, and/or DMARC as available through your ESP.

It also doesn’t hurt to enable two-factor authentication (a/k/a 2FA or TFA) on all online services that have the capability. Where possible, use a password manager, such as LastPass, 1Password, or Dashlane, to not only use unique passwords for every online account you have for the business, but also long passwords with unique passwords to increase its resilience to attacks.

Mobile security

As more and more computing happens on mobile devices, security on them will become the dominant concern for small business owners. But, mobile doesn’t simply stop there. With the advent of Internet of Things (embedded “smart” technology in everyday things), wearable technologies, smart vehicle systems (Android Auto, anyone?), and voice assistants (like Amazon Echo devices, Google Home, and, the newcomer, Apple HomePod), cybersecurity needs expand to have to meet those new frontiers.

It’s so important for Small Business to have their representatives’ support when it comes to combatting cybercrime against them and their customers. In April, a bipartisan small business cybersecurity bill was introduced by nine senators—the MAIN STREET Cybersecurity Act of 2017. Sadly, this bill, according to Skopos Labs as detailed on, has a 3% chance of becoming law. This is a commonsense piece of legislation to get the National Institute for Standards and Technology (NIST), “to disseminate resources to help reduce small business cybersecurity risks, and for other purposes.” Call your congressional representatives and tell them that you support S. 770 and they should support their small business voters by supporting this bill.

Also, if you’re scared senseless and you need help, never fear. Contact the Alexandria Small Business Development Center and we can refer you to professional security consultants who can help you.

Next Roundtable – Sizing Up the Competition

Alexandria Small Business Development Center hosts a monthly Business Development Roundtable from January to November. We meet in our main conference at noon on the third Tuesday of the month, and you can bring a beverage or your lunch, for a different business marketing or management topic that’s pertinent to Alexandria Small Business. Join us on August 15, 2017 at noon, when we gather to discuss “Sizing Up the Competition: How to Create a Competitive Advantage.”