With a greater percentage of employees working from home, many small business owners are finding themselves more vulnerable to cyber attacks than ever. So what type of precautions do you and your employees need to take in order to protect yourselves from hackers? In this episode, Gene Marks and Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, discuss several strategies and tools that can help increase the cybersecurity of your small business.

Key Podcast Highlights

  • What Password Strategies Should I Use to Protect My Business from Cyber Attacks?
    • The first thing you should do when you bring any new IOT devices into your home or your business is change the password.
    • It’s also a smart idea to avoid using the same password on multiple devices or accounts, especially if you’re part of a flat or unsegmented network, since a single breach can compromise your entire system.
    • Use a password manager on all your devices.
  • What are the Benefits of Using a Password Manager?
    • It provides an additional layer of security to your data by using strong military grade encryption to protect your passwords.
    • It prevents you from entering your data into illegitimate sites.
    • It will notify you if your password is weak or if you’re using it on too many sites.
    • It will prompt you to save your passwords whenever you visit a new site or create a new account.
    • It can quickly generate long and complex passwords for all your different accounts and devices.
    • It can provide additional protection in situations where multiple people require access to a single account or device.
  • What Kind of Damage Can a Hacker Do If They Breach My Security?
    • Hackers can do severe brand damage if they get control of your social media account since there’s no customer service to help you in these situations.
    • They can use your social media to attack other people.
    • If they get into your primary network system, they can steal your data.
    • Business email compromise attacks can fool you into surrendering a significant amount of money.
  • What Other Security Measures Do I Need to Implement at My Small Business?
    • Always upgrade your computer’s operating system to fix any security holes and bugs.
    • To combat the increasing cases of deep fakes, you and your employees should make it a habit to always verify requests before responding to anything.
    • Set up multifactor authentication on all your accounts and devices; these can be in the form of a text, an authenticator app, or even a physical USB key.
    • Before you slide your card into any device, always check to see whether the slot has been tampered with.
    • Avoid using a debit card if possible since the withdrawals from your bank account are immediate and are not protected from fraud.
    • Always log off once you’re done with an app; failing to do so will make it easier for someone to hack your account if they get a hold of your phone.
    • Your authentication process should include some form of facial or bio recognition.
    • Keep yourself up-to-date on all the latest security practices.

Links

Transcript

The views and opinions expressed on this podcast are for informational purposes only, and solely those of the podcast participants, contributors, and guests, and do not constitute an endorsement by or necessarily represent the views of The Hartford or its affiliates.

You’re listening to the Small Biz Ahead podcast, brought to you by The Hartford.

Our Sponsor

This podcast is brought to you by The Hartford. When the unexpected strikes, The Hartford strikes back for over 1 million small business customers with property, liability, and workers compensation insurance. Check out The Hartford’s small business insurance at TheHartford.com.

Gene: Welcome to the Small Biz Ahead Podcast. We interview great experts that offer advice and tips to help you run your business better. Hey everybody, and welcome back to another episode of The Hartford Small Biz Ahead Podcast. I’m really happy that you are joining us, whether you’re listening or watching us online as well. My name is Gene Marks. Today we have Lisa Plaggemier, who is the Executive Director of the National Cyber Security Alliance, talking about things that I know are going to be impacting all of our businesses. So first of all, Lisa, thank you very much for joining.

Lisa: Thank you for having me. Happy to be here.

Gene: Glad that you’re here. Where am I talking to you from? Are you in D.C. or are you-

Lisa: I’m in Austin, Texas. We are based in D.C., but I live in Texas.

Gene: That’s right. You just said that before we went online as well. And you’re undergoing severe storms right now as we are talking about, or at least a lot-

Lisa: It’s dark outside at 8:00 in the morning. It doesn’t feel right.

Gene: Yeah, it is. There’s nothing like Texas rains. It is different than rain anywhere else in the country. It really does make a statement, but okay. Well listen, I’m really glad that you’ve joined us. So this conversation is all about cybersecurity, particularly as it impacts small and mid-size businesses. So let’s first of all, talk about the alliance. What do you guys do and what is your role with the alliance?

Lisa: So we’re all about making sure that people feel empowered to use technology in ways that are secure and safe for themselves and their families and their organizations. So we do a lot of education for small businesses, consumers, even large enterprises. We’re all about educating people on how to stay safe online. Our URL is staysafeonline.org, and you’ll find articles that cover topics from what to know when you’re giving your kid their first phone, how to tell if my computer has a virus, all the way through to the latest challenges with things like AI and ChatGPT. If it’s happening in technology, it probably has a security implication, a cybersecurity implication. And security people like to say, if it’s online, it’s hackable.

Lisa: So we’re just there to demystify the topic, because a lot of people hear cybersecurity and they think of the hacker in the hoodie or binary floating across the screen on the news last time they heard about a data breach. And that isn’t really helpful to your average person. That kind of FUD, fear, uncertainty and doubt, it just scares us, but we don’t really know that we have any role to play or we can do anything about it. And our mission is to show you that you actually can do something about it and you can have some peace of mind by just changing some little habits. Taking some small actions can go a long way.

Gene: I want to dig into some of those actions and some of your thoughts on those actions. And first of all, in the limited time that we have, Lisa, I don’t even think it’s necessary anymore to scare people about security issues. I’m sure you go out socially with your friends or family, and everybody’s familiar with ransomware and getting hacked and data breaches and all that, and everybody’s terrified about it as well. One thing for certain though is that the number of these incursions and hacks have significantly increased since we’re all working from home or a lot more of us are remote working. And I wanted to, first of all, let’s dig inside a little bit. Every client that I have and most of the companies, most of the business owners that are watching or listening to this, they have remote workers. It’s part of, it’s almost a required benefit nowadays. They themselves might be working from home. And I always joke around that the reason why hackers are targeting us is because we’re dopes. We’re sharing our devices with our seventh graders.

Lisa: I won’t say that we’re dopes. I’ll say that we have some bad habits.

Gene: I’m talking about myself, okay, dope. Doing all the wrong things. The password on my Linksys router is the same password, you can probably go on linksys.com and get my password.

Lisa: You can actually Google, that’s a really good point. You can Google the model number and name of your router and find the default password online. And that was done to make it easier for service people to come out and service your router if you’ve got a problem, if fiber shows up at your door or AT&T shows up at your door. So you absolutely want to change the default password on those things. Any IOT device that you have in your home or your business, a connected appliance, your thermostat, any of those things, you want to make sure that the minute you take them out of the box and when you’re all excited and you’re plugging it in, you’re saying, “This is going to make my life easier,” change the password and don’t use the same password on multiple devices or accounts.

Gene: So a couple things you brought up here. First of all, the IOT, which everybody, that’s internet of things device, and you’re right, we now have smart refrigerators and we have thermostats in our homes that control that. And speaking about Alexa, which is listening to everything you and I are talking about right now and will be sending me advertisements about these topics within hours. But on top of the IOT, I wrote a piece, it was either for Entrepreneur or Forbes, just to give you guys some context that there was a casino in the east-coast that’s unnamed, but they were hacked through their thermometers in their fish tanks. I don’t know if you ever saw that story.

Lisa: Yes, it’s true story. What a lot of people don’t know about the target hack was that that happened through their HVAC vendor. So their heating and cooling vendor had a weak password and they didn’t have their credit card system protected from, once you got on their network. As a friend of mine says, it’s as if you broke into one store in the mall and you could get into every store in the mall, if you don’t have a segmented network. So that was the problem there. And people had a very good business reason for giving that vendor access to their network, because they can control the temperatures in their stores.

Lisa: They could save them money on heating and cooling. Takes less of their manpower, it’s all automated. Sounds great from a business perspective. But that’s the problem I think when we contract for new products and services, very often we’re excited about the upside. We don’t think about the downside, because the reason we’re buying the product is because it’s going to make us more money or save us money at the end of the day. And we get very excited about that and forget to ask what could possibly go wrong.

Gene: Yeah, you’re absolutely right. So the takeaway is guys, any internet of things device that you have, it’s connected to your home network. We’re talking about remote workers right now, because it impacts so many of us. You need to make sure that you update your password. The same thing with your routers, like I have. You can’t just be using the default factory password. You got to update it and you need to update it to something complex. So Lisa, obviously people are like, “Oh, I like to use the name of my dog or my favorite baseball team”, which is those are awful passwords, you should be using a password that’s long with lots of symbols but it’s hard for us to remember that stuff, which is why password managers have become more popular. Give us your thoughts on password managers.

Lisa: Well I have a lot of empathy for the password manager segment of the technology industry, because a couple of them have had some well publicized incidents and that’s scared off everybody from using all the solutions and that’s really a bad thing. So as you said, it’s really important that we use different passwords for everything. The reason for that is because, if we’ve had one password stolen in a breach and the bad guys have your password and they probably do, or at least one of them, if you reuse that on multiple accounts, then that makes all those accounts vulnerable. And I think we have this image in our heads of a cyber criminal sitting there with that one password, trying to get into other accounts, that they somehow have to know which accounts we have or they’re doing this manually. Guess what? They’re using automation to just bounce that password off of every account out there to see if they get anywhere. It’s like a thief going around in your neighborhood checking car doors to see if there’s a door open.

Lisa: So they’re using automation to be really efficient about this. So we don’t really stand a chance against a computer in a situation like that. That’s why it’s so important that they all be completely unique and they need to be long and complex. So like you said, “Okay, they have to be unique, and then they have to be long and complex. How the heck am I supposed to remember them all?” So we’re big fans of password managers. The best ones are, I think practically all of them these days are using strong encryption, military grade encryption to store your password. The employees at those organizations can’t even see your password. Something called zero knowledge architecture is encrypted on their side too, unless the cyber criminals get away with the keys to the encryption as well as the encrypted passwords, you’re safe. And they can help you with other bad habits.

Lisa: A lot of them, if you land on a webpage that’s illegitimate, it’s a fake page, not amazon.com, it’s Amazon spelled with an RN at the end instead of an M. So you don’t notice that and you start to enter your credentials. It notices that before you do and it won’t populate those credentials that are stored in the password manager. It will tell you if you’re using the same password on too many sites. It will tell you if you’re using weak passwords on too many sites. The other thing is, you don’t have to sit down, enter all your passwords of all your accounts all at once. I think people think that’s a monumental task. We have an enormous amount of online accounts these days. If you sit down and put your… And by the way, to choose one, you can read Tom’s Guides, Consumer Reports, there’s tons of reviews out there to help you choose one.

Lisa: Once you choose one, you install it on your browser, you put your most important accounts on there. And I would say that’s things like financial services accounts, obviously your social media accounts, email accounts, social media is really important for a business. You don’t want to lose control of your Instagram and things like that. So then you just let it run on your browser over time and every time you visit a site, go to log into an account that’s not already stored, it will prompt you. Do you want to save this in the password manager? And you just click yes and you’re done. Those will all populate in the password manager. Over time, when you’re creating a new account, it can think of a long complex password a lot faster than you can. It actually helps you go faster in the long run. It can populate your credentials.

Lisa: It can make up new passwords a lot quicker than a human. So actually, even though they seem a little bit time-consuming, you get set up, I think they save you time over the long run and you’re more secure. It’s easy to have business accounts for all of your employees. How many times do you see your employees share a password in Slack or whatever your instant messaging is or in an email? It happens all the time. So the way we coerced our kids to use our family password manager, when they went away to college, we changed the Netflix password and it took about five minutes for them to say, “Hey ma, what’s the Netflix password?” We said, “We, you know that password manager thing we told you you should be using. It’s in there.” So if you want to coerce your employees to use your password manager, all you need to do is change the password to something that everybody uses and they’ll be knocking on your door asking you.

Gene: Great advice. And it’s funny, I’m thinking about my own social media accounts. I just made a note that I really got to make more complex passwords, because if somebody gets one of my social media accounts from my business, once they get into it, they can first of all, change my security settings so that any text messages about other loggings or whatever, they can make it to their phones and their emails and then I’m out. I am locked out of my account, right?

Lisa: Yeah, you can suffer terrible brand damage with what they can do. They can use your social media to attack other people. It reflects on your brand. And then like you said, there’s no 800 number to call for Facebook. There’s not customer service in the way that we had it 20 years ago. I have heard stories of one individual who lost control of their Instagram account. It took them four months to regain control, because how do you prove that you’re you when you go to Instagram and say, “Hey that’s my account and I lost control of it.” How do you prove that to Instagram? How do you prove that to anybody online? If you’re not standing there in person with your ID or whatever, saying this is me, it’s a really laborious process, because they have to make sure that they’re not actually giving control of the account to somebody malicious. And you’re there saying, “No, I’m not the malicious person. I’m me. This is my account. Somebody malicious has my account.” It’s a difficult process to go through.

Gene: Okay, so great advice so far. We have to change our passwords and make them more complex on all of our internet of things devices, including our routers for our remote employees. In addition, we should be using a password manager for our companies and everybody should be using those complex passwords and storing them there. Let me get your thoughts on some other things to do. I was told to really make sure that you are minimizing, you can never eliminate security breaches as you know. The Department of Defense gets hacked, so there’s never 100% security, but we’re looking to minimize it to make it that much harder for any potential hacker to get access. So one of the things I was told is always make sure to upgrade your computer’s operating system. In other words, don’t blow off Microsoft when they say it’s time for you to upgrade your-

Lisa: Right. Don’t click, remind me later. Yeah.

Gene: Talk to me about that. Why is that so important?

Lisa: Because most of those updates, they don’t tell us this, but most of those updates are to fix security holes. They’re to fix security bugs. And I know for a small business, I spent the first 20 years of my career in automotive, working with car dealers and it can be really hard to explain to a dealer principal why that old machine running Windows XP in the back of the parts department needs to be replaced, because it’s working just fine. Nothing’s broken. It’s broken in ways you can’t see. And it’s not broken from a business perspective for the person using it. It’s broken from a security perspective and it in that case, makes your entire car dealership vulnerable. And car dealers have on average 50,000 social security numbers and driver’s license numbers in their database, and they have pretty deep pockets. It’s a cash rich business.

Lisa: And so, they’re a good target for cyber criminals. So any one security weakness in your business that way can put your whole business at risk. That’s really the problem. The other thing I’d like people to think about is that it’s not just about the catastrophic doomsday scenario, where a hacker gets into my network and steals my data. It can be things that are almost less technical in nature. Business email compromise, where somebody sends one of your employees, god forbid, an accounts payable or finance an email and convinces them to do something to send money somewhere that it shouldn’t go.

Lisa: Very large, very sophisticated businesses, as well as small and medium businesses have fallen prey to this. The amount of money that is lost to cyber-crime in the U.S., the most common attack is that business email compromise attack. It’s the most costly to all American businesses. So that’s all about people and process, more than it’s about technology. So it is cheaper to prevent, I’d argue. And by that I mean, have processes in your business. If we’re going to wire money somewhere, this is the process that has to happen that, where we verify before we send our hard-earned dollars to another business or to pay an invoice.

Gene: Don’t just do that on an email that you’re receiving… is coming from an executive that looks legit, there still should be hoops to go through.

Lisa: Pick up the phone and call. This type of phishing has gotten to be so common. We do some research every year on people’s habits and behaviors and beliefs about cybersecurity, and 75% of people now think it’s the right thing to do and they will actually pick up a phone and call a business if something doesn’t seem right. If they’re being asked to change an account number on a bank account, before they send money or anything like that.

Lisa: If you’d have told me five years ago I need to pick up the phone and call when I got an email and something didn’t feel quite right, I’d have said, “No, that’s socially unacceptable. They’re going to think I’m paranoid.” With 75% of people doing it, I’m telling you it’s normal, because we can’t trust email the way we want to or the way we could when it was a new thing. So those kind of people and processes, have robust processes where you have double and triple check, verify things before you do them, and then train your employees on those processes. And if there’s ever a time when they’re being asked to go outside of that process, they need to raise a red flag. And that’s free.

Gene: So you mentioned about emails. I’ll tell you what’s been terrifying me, Lisa, of late is the expansion, the explosion of deep fakes. And I know that’s got to be something that your organization is looking at. It’s alarming. And again, I wrote a piece on this. Within the past year there was a bank in Saudi Arabia that the accounting manager, the control of the bank transferred out $35 million to a hacker, because the person was deep faked. He got a call from what he thought was the chief financial officer of the bank, a phone call, and on that call the chief financial officer says, “I’m authorizing you, we need to be…” whatever.

Gene: And the person did and it’s because the technology has become so advanced. And we’re going to be seeing this in the 2024 elections I’m sure, but in our businesses the technology become advance that people can, I’m online a lot, I’m doing these conversations, this is going to be on YouTube. People can grab a lot of audio of me and then create a very, very similar depiction of me speaking, and then use that in situations of course, that I don’t authorize or approve. So is that a concern to you guys as well? Is it a red flag for businesses to be aware?

Lisa: Absolutely. Yeah. And if that person would’ve hung up after that call and then called the CFO back at the number they knew to be the CFO’s number and said, “Was this you that just called me?” That’s why I say you really need to double and triple check. And if that’s part of the culture of your organization, that everybody feels like this is what we do to protect this organization, then it won’t feel weird. Because I know it sounds a little bit laborious, but if you just make it part of the thread of the fabric of your business, then it’s how we do things here. We double and triple check, because we work too hard to have a cyber criminal profit off of our business.

Gene: Right. Okay good. That’s great advice. Let me ask you some other questions. I hope you don’t mind jumping around, but these are all things I think that our audience needs to be aware about. Authentication, my understanding is, I read this somewhere and I’m pretty sure it’s if you work for a big tech company, and I’ll use Google as an example, because I know this for a fact. You are not just using a password to log into Google’s network. In fact, I don’t even think they’re using multifactor authentication they way that you even get a text message, which a lot of people do. They use these keys, these flash drive keys. One of them is called a YubiKey. And so, authenticate that it’s you, you literally have to have that key in your device. It’s a USB key. And then that way it knows, because you’re carrying that around with you on your person.

Lisa: Right. I’m actually doing a webinar later today, with Yubico, the-

Gene: It’s Yubcio. That’s exactly what it is.

Lisa: It’s all YubiKeys, yeah.

Gene: That is really funny. Okay, so tell me about your thoughts on that. I have 10 employees in my business. Is that something I should be doing in addition to-

Lisa: It’s one option. So we’re big fans of multi-factor authentication. And for that reason I said earlier, the chances are, people have your password or some of them. And it does take more than just a password to keep something secure. Passwords by and large have been a complete failure. You look at the history of the internet and technology, it was the best they could think of at the time, but it really hasn’t worked, because we have bad habits around them and they’ve been easy to steal.

Lisa: So I will tell you that whether it’s a YubiKey or any other physical key or an authenticator app on your phone, my least favorite form of multifactor authentication is the text, but it’s still better than not using MFA at all. And that’s the most important thing I think to understand about a lot of the stuff you hear in the news about cybersecurity is, we’ll come up with some great new way that we’re going to hold the bad guys at bay, like MFA. And somebody, a bad guy’s going to figure out how to abuse that, like calling T-Mobile and getting them to do a swap on your phone and suddenly they’re getting the MFA text, not you, which has happened.

Gene: Yes.

Lisa: And then those things hit the news and then people think, “Well I’m not going to do that. That’s not safe.” And the reality is that those incidents are few and far between, because either the bad guy has to go into the phone store and convince a customer service person to do this one sim swap, or they have to get on the phone with a customer service person and convince them. That’s time-consuming. Just like us, they’re trying to make as much money in a short period of time with as little effort as they possibly can.

Gene: And you can’t automate that either. It’s not like they can have some AI or some advanced script that accomplishes that. They liter canally call up T-Mobile or go into the iPhone store and ask for that. And you’re absolutely right, it’s not profitable-

Lisa: It’s not scalable.

Gene: So many people have such lousy security, there’s a lot of low hanging fruit.

Lisa: Exactly. So they’re not going to waste their time, unless they’re targeting a specific individual-

Gene: Or McDonald’s.

Lisa: Cisco had an incident like that. Or maybe it’s a movie star, who they’re trying to get control of their social media accounts or something. Unless it’s somebody they’re specifically targeting, they’re not going to go to that much effort. People like to say they’re lazy, but I actually think they’re just trying to be really efficient, which is not laziness. That’s pretty smart. So using MFA on everything that offers it is really, really important, even if it’s text MFA. My favoe or is an authenticator app with facial recognition, all I have to do is look at my phone and boom, I’m in my account.

Lisa: More and more organizations like you mentioned, Google, are moving toward, well, we’re not sure what we’re going to call it yet if it’s passwordless or password free, doing a lot of marketing testing on what kind of language resonates with the public. People think passwordless means it’s not going to be secure, but it’s about using multiple sources of data to make sure that you’re you. Things like your location, the time of day that you’re logging on. If there’s a log on attempt from China at 3:00 in the morning, that’s probably not me, because there’s no other data to indicate that I’m actually in China, if you can’t corroborate it.

Gene: I heard this one story, I think it was on a podcast where somebody had hacked their Uber account and they’re getting rides around in Moscow in the middle of the night.

Lisa: In the middle of the night, probably not you. Yeah. So I’ll say this, if you’re a small business using a local financial institution, a local bank that doesn’t offer MFA, get a new bank. It’s that important.

Gene: Okay. That is all extremely good advice. And I have some more questions. You mentioned banking as well. Again, I’d written about this, because I was given advice about never using a debit card for your business, or personally. And I’m wondering what your thoughts are on using debit cards for transactions. The rationale was, and I don’t want to take the words out of your mouth, is that if I use a debit card, and hackers put these reader things on the devices.

Lisa: Yeah, sometimes you’ll see stories in the news about those being installed on gas pumps or being installed on… So those are card readers that are going to read your card, whether it’s a credit card or a debit card. Just make sure before you slide your card anywhere, insert it anywhere, just look at the slot, make sure it doesn’t look tampered with. But those have been installed on ATM machines. Those have been installed on gas stations. Again, I don’t think my hair would be on fire, because it’s not scalable. That’s organized crime running around to different card readers in the middle of the night and installing these things. It has happened.

Lisa: I’ve never seen one in person at any location I’ve been to, but I’ve seen them in the news. I would say the biggest reason not to use a debit card is because it just goes straight to your bank account. It’s cash and you’re not protected from fraud. So that’s a really good reason to use credit cards, even if you just pay that balance off every month. And it’s really no different financially than a debit card. It’s because there’s the fraud protection there and they’ve got a lot of security in place. If you knew the thousands and thousands of people who work in security and fraud at all the major credit card companies, you’d be astounded at the amount of resource that they put behind that.

Gene: And this on them to collect, to go after that. Whereas if use a debit card, it comes out of your bank account…

Lisa: We had an organized crime gang pick pocketing phones from bars in young people’s pockets here in Austin, a couple months ago. And one of the other bad habits we all have is, we stay logged on to everything all the time. We don’t log in and log out. So these were young people that didn’t have their phone locked. So no facial recognition or pin code to get into the phone. And then they were permanently logged into their Venmo, and of course their Venmo went straight to their bank account.

Lisa: And so, as soon as the bad guys got ahold of their phones, and I’m using that term pejoratively bad guys, they were able to empty their bank accounts and there was absolutely nothing that the banks could do and Venmo’s not going to be responsible for that. So log out, keep your phone locked, log out of your Venmo, log out of your bank account. Don’t stay. Most applications, like your bank, the app on your phone for your bank, they’re going to log you out in a matter of seconds sometimes, if they see you’re not active. There’s some other technology that doesn’t do that, and so you need to do it.

Gene: So we only have a couple minutes left and this is great and we’re scratching the surface of all the different things that one could be doing. So let me end on this, Lisa. Putting aside all the privacy concerns, because we get it and you and I both know, I am pretty sure that all of my personal financial information is somewhere on the dark web or it can be found somewhere. I’ve given up on that. You had mentioned earlier about the big tech companies looking to have passwordless ways to verify, where your location is, what your activity is.

Gene: It’s all privacy intrusions and I just think that’s something that we all have to be able to understand and accept in this world. Biometrics though is the next thing. You’ve mentioned a few times about using facial recognition, maybe using fingerprints and all that. So what would you say is a final word? To me that’s where it’s going, putting aside the Tom Cruise movie or the eye scans. It just seems that security is moving towards scanning eyes, doing facial recognition, fingerprinting. Is that something as business owners, we should be expecting and embracing sooner rather than later?

Lisa: I would say that if you look back over time, as I said, passwords were the greatest, best idea we had at the time, but they’ve been a failure. The minute we in the legitimate world think up technology that’s going to keep us all safe and secure-

Gene: It’s no longer safe and secure.

Lisa: So think of it as an arms race. So facial recognition might be my favorite way to use MFA with an authenticator app, an authentication that’s a notification pushed to my phone. A year or two from now, that might not work and we might be on to the next thing. So what I would say is, you got to keep up. And if you’re not technical by nature, I’m not, I work in cybersecurity, but I know that I need a really good IT person to manage these things. Because while I can keep up with how to do these things securely, just keeping track of it all can be really, really difficult in making sure that all your configurations on all of your applications and hardware and software are up-to-date.

Lisa: Making sure all those updates happen. It’s a full-time job for somebody, or you need to outsource it to a managed service provider. So I would say that yes, those things are more secure now than passwords. I think they’re going to be with us for a little while. I think eventually, for bigger companies it’s easier to go passwordless within their organization, but that’s going to trickle down to the rest of us. And you’re going to see more and more applications that are passwordless and they’re using all that other data to authenticate you. So I would say it’s a matter of making sure somebody in your business is responsible and accountable for all of your technology and keeping things up to date and just don’t let it get… If you get too far behind, it can be really hard then to run and catch up to where you should be.

Lisa: Being secure is not an event, it’s a process, just like anything else in your business. Your technology needs care and feeding. It’s not like I’m going to buy this system and install it and I’m going to be fine. It’s a process, it’s ongoing. So if you take that approach rather than, “Oh, I’m going to buy this new gizmo or contract for this new service, and it’s all going to magically be okay”, if you view it as something that you do need to tend to and can’t ignore, I think you’ll be in much better shape.

Gene: Lisa Plaggemier is the Executive Director of the National Cybersecurity Alliance. Lisa, give us your website and how we can reach you guys.

Lisa: Staysafeonline.org.

Gene: Perfect. So for all good documentation, advice and tips for making sure you’re on top of your security issues, that is the place to go. And by the way, guys, for any tips or advice or help that you need in running your business, please visit us at The Hartford Small Biz Ahead Podcast and Small Biz Ahead site. We are smallbizahead.com or sba.thehartford.com. Thanks so much for listening. My name is Gene Marks. I hope you got some good information out of this session, I certainly did. Thank you, Lisa, for joining. We will see all of you next time. Thank you.

Gene: Thanks so much for joining us on this week’s episode of The Hartford Small Biz Ahead Podcast. If you like what you hear, please give us a shout-out on your favorite podcast platform. Your ratings, reviews and your comments really help us formulate our topics and help us grow this podcast. So thank you so much. My name is Gene Marks. It’s been great spending time with you. We’ll see you again soon.

Download Our Free eBooks