Security for Small Business
As part of an ongoing series, we’re taking a look at security for small business, the tools that are available, and the best practices that keep your business ahead of the curve.
Cryptography and security are difficult topics in general. They’re hard for developers to implement correctly. They’re hard for end users to independently understand the implications of. Unfortunately, these two topics are as important as they are difficult.
Especially when viewed from the context of a small business.
For the next few weeks, we’ll take a break from deeper code-level walkthroughs and cover the various dimensions of security that affect the owners and managers of small businesses. These questions can be difficult to ask and even more difficult to answer; we hope to dive deep enough to answer questions you already have, and maybe a few you didn’t even know to ask. Our business is helping to keep your business secure.
Every web application is comprised not just of user-facing features necessary for implementing the application, they’re also built upon a foundation of other tools, libraries, and extensions that make those user-facing features possible. The most complex applications include the most complex foundations and tools.
As the degree of complexity increases, so do the risks of improper security implementations. We’ll cover some of the most straight-forward steps you can take to increase the security inherent in your website or web application’s underlying architecture.
Assuming your application stores data on customers’ behalf, the security of that data in storage is critical to maintaining your business. Who has access to the data? What can they do with it? What happens if the physical machines housing the data fail? How does the application ensure it’s the only entity capable of manipulating the data? What kind of disaster recovery plan is protecting your business?
We will walk through the implications and solutions for each of these questions. Understanding how to properly protect the integrity of data is critical to the security of a small business; we’ll arm you with tools and techniques to gauge the relative security of your own implementations.
Applied cryptography is one of the most difficult and nuanced specialties in computer engineering. The mathematical underpinnings make many topics in crypto unfathomable to the average user and even more mystic to non-technical end users. At the same time, having a strong, properly-implemented crypto system protecting your data and web application is vital to conducting business in the modern world.
Having a strong system such as this in place is also achievable and presents even better security for small business. In this series, we’ll disambiguate the critical terminology surrounding crypto and present you with several simple steps you can take to protect both your business and your customers.
Every business will, at some point, face the pressure of government or industry regulation. These rules exist to help guide businesses towards keeping their customers safe and protecting the market in general. However, the rules can often be complicated and confusing, particularly when security is involved.
Instead of merely citing ambiguous acronyms, we’ll walk through some of the various security-related regulations that exist and how they might impact your business. We’ll help you grasp the steps you can take right now to both understand and move towards compliance with these varying regulations.
One Thing Right Now …
In March, we covered several tools available to developers for managing secrets across teams. Two of these tools were 1Password and LastPass, the two most popular password managers available online. If you could do just one thing right now to help improve the security of your small business, it would be installing a password manager.
Our recommendation is 1Password, which works for individuals, entire families, or businesses with shared institutional secrets. The biggest enemy of security for small business is shared passwords between different services or accounts -- 1Password helps you maintain distinct, strong passwords for every site or service.
The second biggest enemy is time; even if your password is strong and unique, the longer you keep using it the greater the chance that the service itself could leak it to a third party. Services like Have I been pwned help you keep track of when your logins and emails have been leaked by a service provider -- however, they won’t tell you which password was leaked. It’s a good idea to change your passwords regularly. 1Password will make this easier by auditing the lifespan of each password so you know when to change things up.
Installing 1Password today is a simple, straight-forward step you can take to protect the security of both your personal accounts and those of your small business.
Top image credit: User _namtaf_, Creative Commons