Security Defenses for Solo Entrepreneurs and Smaller Businesses

I was recently talking to a person who expressed their concern about protecting the data he processes in his business. He is a solo practitioner, so he does not have an IT department that can take care of this for him, and he asked me for some advice. How could he keep things private? Fortunately, this has become a lot easier as Apple, Microsoft, and cloud service providers have taken steps to make the process simpler. While not a complete list, here are few my recommendations.

Turn On Disk Encryption

It used to be trivial to copy data off of a computer that you couldn’t login to. Someone would simply remove the hard drive from the computer and attach it to another computer. It would show up as a new drive and the data was completely visible. When this became a serious concern to businesses the options for deploying disk encryption were available, but not easy to deploy. That has changed over time. Both Apple macOS and Microsoft Windows have device encryption built into them now.

Windows will automatically enable BitLocker when you log into a new Windows 10 or 11 Pro, Enterprise or Education with a Microsoft account. Note that Windows 10 or 11 Home is excluded here. Also, the computer hardware must support as well. Newer hardware should support BitLocker, but you will want to verify this before you buy a new computer. You can check if you have BitLocker running by checking this article by Microsoft.

Because Apple controls both the hardware and operating system for their computers, FileVault is supported on all of their systems. You simply enable FileVault when setting up a new computer and your data will be safe should someone steal your computer. If you haven’t enabled it already, this article will tell you how.

Safely Backup Data

We also talked about backing up data securely. The simplest way to handle this is with a cloud-based backup service. I use Backblaze and it has worked great for me during unexpected system failures and new computers. The data is encrypted when transmitted and when stored on Backblaze’s systems. There are other services that you may prefer, so just verify they encrypt your data when they store it.

The nice thing about these services is that I don’t have to remember to backup my data. It just syncs automatically. Now I’m only annoyed at the inconvenience and expense of fixing or replacing a computer when it fails. I don’t worry about whether I can get my data back.

Passwords

Ah, passwords… Who doesn’t hate dealing with passwords? We have to change them all the time, we can’t reuse them on anything else, we can’t write them down, we can’t… well, you get the idea. The point is that we depend on passwords for pretty much everything and they are pretty easy to compromise. (I used to test businesses’ security. We got passwords all the time.) Basically, there’s no way we can do this by memory.

Fortunately, there are pretty good apps for this. I recommend selecting and using a reputable password manager to create and store your passwords. I use 1Password and they have a free version and a subscription service. At first I used the free version, but eventually I paid for the subscription to have my passwords synced across all of my devices. There are other apps that you may prefer, but this is what I use. Yes, there are some concerns about what happens if someone gets access to your password manager, but that’s usually much harder to do than the other ways attackers get usernames and passwords.

Candidly, I don’t even know what 95% of my passwords are now. I have my password manager create a long, randomized password whenever I create a new account somewhere and save it in the password manager. Just make sure you select a strong and lengthy password to access your password vault. And a strong password doesn’t have to be hard to remember. For example, “I-Hate-Dealing-With-Stupid-P@sswords” is memorable and difficult for attackers to guess or break. And I only have to remember a few of these.

Don’t Only Depend on Passwords

The last thing I’ll bring up here is using multi-factor authentication. There are a couple of ways that this can be done. You are likely most familiar with getting a text message when you login to your bank account from time to time. This system isn’t perfect, and some criminal groups are adept at getting around it, but it does reduce your overall risk. A stronger mechanism is setting accounts to use a mobile application like Authy or Google Authenticator to provide an additional code to enter in when you login to a site. Not all sites support this, but many of the major ones do. Setting up and using multi-factor authentication is a bit of a hassle, but it does prevent an attacker from using a stolen password against you.

Final Thought

Just one more thing. None of this is limited to your work computers and applications. It works on your spouse or significant other’s computer, your kids’ systems, and family. I even got my dad using a password manager and he’s quite happy with it! So please, feel free to use these recommendations at home. Unfortunately, we have too many intelligent criminals that will happily cause any of us harm.

– Jason

P.S. If you’d like, I can do a presentation to your employees about this stuff and answer their questions. We can do it in person or online. Just drop me a line and we’ll figure it out.

Jason Wood