Cybersecurity tips for small business owners

02/22/22 • 32 min

Reality check: most cyberattacks and privacy infringements are not a result of sophisticated hacking done by malicious adversaries who want to hold your system hostage or steal all your data. They result from the victim falling into a criminal's trap by clicking on “interesting” malicious links or (re)using weak credentials all over their online accounts.

Most people who aren’t in tech won’t even know their device was attacked or their credentials stolen.

In fact, a majority of infringements on users' privacy and security are not noticeable at the moment they occur. You only perceive it later, when you get bombarded with unwanted emails, tracking-enabled newsletters, and targeted ads on your timeline, among others.

The good news is there are a few basic steps you can take to significantly bolster your security posture across all your devices and digital footprint.

If you are a business owner, this would substantially increase the protection of your business assets, including your clients’ valuable data. It’s also an opportunity to practice empathy towards those who are a critical part of your business. (We’ll show you how.)

Inspired by our experience in the field of cybersecurity, privacy, and the technology we use, we share some tips you can implement to increase your business’ safety.

In this episode, we break down common beliefs business owners have over the issues of privacy and cybersecurity. You’ll also learn how a password manager and two-factor authentication can reduce the risk of your accounts being illegally accessed. Additionally, we’ll explain why you should only collect the data you absolutely need from your clients.

In this episode, you will learn:

Misconceptions many business owners have around privacy and cybersecurity (03:42)
Three principles that will lead to a safer and more ethical behavior (08:55)
Why you should get a password manager (13:16)
The importance of two-factor authentication (15:01)
Why you should avoid collecting more data than you need (24:21)

Resources:

Fathom Analytics (Website analytics tool)
Rose Wintle (Website)
Authy (2-factor authentication tool)
Easy Data Protection Guide
No To Spy Pixels

Connect with Dave:

Connect with Andra:

Most people who aren’t in tech won’t even know their device was attacked or their credentials stolen.

The good news is there are a few basic steps you can take to significantly bolster your security posture across all your devices and digital footprint.

Inspired by our experience in the field of cybersecurity, privacy, and the technology we use, we share some tips you can implement to increase your business’ safety.

In this episode, you will learn:

Misconceptions many business owners have around privacy and cybersecurity (03:42)
Three principles that will lead to a safer and more ethical behavior (08:55)
Why you should get a password manager (13:16)
The importance of two-factor authentication (15:01)
Why you should avoid collecting more data than you need (24:21)

Resources:

Fathom Analytics (Website analytics tool)
Rose Wintle (Website)
Authy (2-factor authentication tool)
Easy Data Protection Guide
No To Spy Pixels

Connect with Dave:

Connect with Andra:

Previous Episode

Cybersecurity books that help us understand technology

“It doesn’t go wrong, it starts wrong.”

This captures the privacy and security challenges that existing and new technologies alike are facing.

When you read about how government agencies are accessing your personal data, don’t get caught up on the actual collection event. You should be just as (or more!) concerned that companies are intentionally developing and promoting software products which allow them or third parties to spy on you.

This is why software developers play a key role in making sure the product they build doesn’t negatively impact the user.

Because the relationship between cause and effect is a very convoluted one in technology, reading books about cyber security is a good way to understand why we need it and how its principles help us. The main benefit of these books is that the pros who write them have done the research and broken down this complexity so anyone who wants to can easily understand it.

Inspired by our recent reads, we have a conversation about ethics in the technology development community and how this impacts our lives.

You’ll learn how the Wannacry ransomware attack triggered a new era in cybercrime tactics with global reach and very visible impact. You’ll also hear about the role government agencies sometimes play in enabling cybercriminals to create and distribute malicious software. Additionally, you’ll learn about the impact that internet overuse is having on people and how it makes bad actors’ “jobs” much easier.

In this episode, you will learn:

What a zero-day vulnerability is (01:34)
How the WannaCry ransomware attack worked (03:53)
Why technology developers need to consider the ethical responsibility for what they build (12:56)
The impact the internet has on our thinking ability (26:34)

Resources:

Cindy Gallop - Advertising Business (article)
Heather Burns - Understanding Privacy (book)
Nicholas Carr - The Shallows: What the Internet Is Doing to Our Brains (book)
Edward Snowden - Permanent Record (book)
Nicole Perlroth - This is how they tell me the world ends (book)
Wannacry
Stuxnet

Connect with Dave:

Connect with Andra:

Next Episode

The empathetic side of secure software development

In the high stake world of software development, it is easy to put aside empathy and prioritize meeting deadlines. After all, developers are key players when you want to reduce time-to-market or deliver regular updates.

This can easily lead to the important aspect of application security not getting as much attention as it deserves. In some cases, it might even be relegated to the “extra-not-a-must” features category.

However, when empathy accompanies the entire development process, it easily extends to the users of the application. For instance, a project leader can take time to clearly explain the need for security features and give enough time for developers to implement them. This helps the developer understand the impact of the requirements they receive as it relates to how people use the application.

We Hack Purple is an online academy where developers go to learn how to create secure software. The founder, Tanya Janca, who is joining us in this episode, is a big believer in practicing kindness and empathy as a means of promoting application security.

Today, you’ll hear about what We Hack Purple does and its ultimate mission in software development. You’ll also hear about how Tanya practices empathy and the impact it has on her team. Additionally, you’ll hear about how they are empowering communities through their diversity scholarship program.

In this episode, you will learn:

How Tanya practices and encourages empathy in her work (01:20)
Practical ways in which empathy can make a difference in application security (04:30)
The reason Tanya opened the We Hack Purple academy (12:10)
Why she came up with a diversity scholarship (18:30)

Connect with Tanya:

Connect with Dave:

Connect with Andra: