The Heartbleed bug has been a huge wake up call for anyone using the internet. Like me, you’ve probably had a plethora of emails about it show up in your inbox lately. Since you’re likely not going to stop using the web for personal and business use, here are some key recommendations for small business owners that might be wondering what they should do about it:
- Get a password manager. Password managers like Lastpass use strong encryption for the long secure passwords you should have for every account on the web. All you need to remember is one strong master password. For company wide control, use Lastpass Enterprise. This way you can enforce policies for your staff and audit them. Lastpass personal accounts can also be linked with Lastpass enterprise accounts which is also handy for those companies where both accounts make sense to use.
- Use strong unique passwords for every account. For most of you, this means changing a lot of passwords and keeping track of them with a password manager as mentioned above. Yes, this is tedious but necessary. There are no quick fixes to this issue so be wary of any that you may come across. If a hacker gets access to password that you use on multiple sites, you are asking for trouble. Mitigate your risk by using strong passwords. For more detail on this subject, refer to our blog post called 5 Tips for Keeping Your Company Accounts Safe.
- Take advantage of multi-factor authentication. The first factor is something you know (a password), the second factor is something you have in your possession (a smartphone). Larger cloud companies like Google offer multifactor authentication (or 2 step verification as they call it) using a phone call, sms text message or via their Google Authenticator mobile app. Regardless of method you choose, you are provided with an OTP (one time password) that has a short lifespan. Until we have reliable biometric technology (something you are), a smartphone app or I prefer the app as it’s not dependant on cell coverage. So if you have a personal Gmail account or Google Apps account, take advantage of it. Here’s more information. Password managers like Lastpass also typically can be setup to work with common multifactor technologies. Lastpass works with Google Authenticator which is very handy for Google users.
- Consider SSO. Another way to secure your company accounts is via SSO (Single Sign On). If your company uses the Enterprise version of Salesforce, you have access to SSO as part of Salesforce Identity. Other options include Lastpass Enterprise and OneLogin. Essentially, once you log into an IAM (Identity and Access Management) app, it does the work to authenticate you to other sites. This reduces password fatigue for your staff, eliminates phishing attacks.
- Consult with an IT Security specialist. It takes a little getting used to the ideas mentioned above so educate yourself but don’t try and be an expert. Speak with a company you trust to help set up you and your company to mitigate any risks.
At Perpetual West, we use all of the technology mentioned above to keep our accounts secure. Let us show you some of the best practices we’ve learned during the process. Given all the benefits that cloud computing offers, it’s worth the effort to keep your data secure. Contact Perpetual West at (877) 388-6400 to learn more about security best practices and how we can help your business leverage the best solutions the cloud has to offer.