Put your hand in the air if you know the password to the back end of your website!
Put your hand in the air if you know the login and password to any one of your virtual properties that is currently accessed by only one of your employees.
Do you know where your employees store their logins and passwords? In my case – I had them written down on a piece of paper and tacked to my bulletin board where I could always find them. But then again, so could everyone else in the office.
Security culture is a relatively new term. In the online world it refers to the policies and procedures that a company establishes to protect its offline and online identities.
When it comes to developing and enforcing a security culture, small business can learn from the corporate world. Perhaps the stakes are not as high but the consequences of lack of security are just as disastrous. Imagine losing your online business identity to a careless mistake or worse to some hacker.
What would a security culture look like? At minimum it would cover the following areas:
Company –Wide Password Protection –
> Encourage employees to adopt a robust password to protect company property. (12-14 characters with capitals, symbols and numbers).
> Reset passwords not just for employees but for all programs at least every 6 month. It may seem like a daunting task and it probably is the first time you do it.
> Password hierarchy. Online sites used company-wide (dealer logins, online purchasing sites) might benefit from one common log-in and password that everyone can access. That makes it easier to change the password company-wide if you need to exclude a user.
Multiple Users –
It’s probably wise to ensure that no one employee has control over a particular offline or online property. Even though only your bookkeeper requires access to the accounting software, either the business owner or a senior employee should also have ‘administrator’ rights.
Keep Your Virtual Inventory Current –
Create a systematic list of all of your online properties, their passwords, online security questions or Ids. This includes your website, social media properties and your accounting or sales management software. Having full information will help you or someone else reinstate or recreate your online identity.
An cloud-based password protection site or even an password protected excel spreadsheet is one step closer to security than a sheet of paper in your drawer. It will also help keep things organized. Employees with multiple logins should be encouraged to use at least the excel method over paper shoved in a file folder.
Back Up! Back Up! Back Up! –
Internet strategist Jesse Hirsh suggests having a disaster recovery plan. It sounds pretty heavy but if you’ve just lost access to all your online properties, it might feel like a disaster.
Develop a plan to make sure that you have a way to reclaim your online identity. A lawyer maybe of assistance here. Keeping a printed copy of your plan in a safety deposit box might help you fend off any potential liability issues. At least you’ve done what you can.
Employee Exit Strategies –
You don’t want the last words to your most trusted employee to be, “By the way what’s your password?” Trusted or disgruntled, it just makes sense to restrict employee access to your company property and not assume that they won’t ever bother you.
Create a strategy where you can erase anyone’s access to your company files. Consider your virtual presence equal to your bricks and mortar operation. Take measures to get the keys to the shop returned.
How do you get the buy-in from your employees? It begins with management awareness and commitment. If the security culture goals and messages are regularly communicated and implemented then it simply becomes just one small part of your overall business culture.
Learn more about protecting your password – Protect Your Password! Are you doing the best job you can?