Do EOFY Differently with QuickBooks
Get started from $2*
Need help choosing a plan?
Created with Sketch. 1800 917 771 Schedule a call
Need help?
We're here for you.
Schedule call
Created with Sketch.
Simple security for every small business
Running a business

Simple security for every small business

If you’re a business owner, you really have your hands full, every day, with the minutiae of running your business, balancing your books, orders, employees, scheduling, inventory, servicing customers, payroll, taxes…you name it!

But, did you notice something missing from that abbreviated list of what consumes your time?


Security was missing from that list.

You might read that and think your office and systems are secure. Frequently, it’s not in the day-to-day operation of your business, which is why we have statistics like this:

In the first 6 months of 2019, alone, over 3,800 data breaches were reported, with over 4 billion records being exposed as a result. If you broke it down evenly, that would be over 20 million records stolen every single day this year.

Unfortunately, these stolen records can contain crucial information about ourselves, with the most prevalent being an email address, password combination, and/or user credentials. When bad actors get ahold of these credential lists, they usually start a process known as “credential stuffing,” meaning they try to use these stolen credentials at pretty much every financial and social site available on the internet. You can pretty much be assured that some username and password combination you have used on the Internet is on a list somewhere, being used as I type this.

More bad news. Approximately 40% (conservatively) of all breaches targeted small to medium businesses (SMBs). I’ll stop there, as I could fill this article with examples, but I’m sure you get the point: data is a target, whether you want it to be or not.

Grow Your Business with QuickBooks

Steps to protect your data

With this in mind, it’s integral that you take preemptive steps to protect your data and your customers’ data by strengthening the protections of the technology these attackers are attempting to exploit.

The absolute best thing you can do to protect yourself is to utilise two-factor authentication (2FA) wherever you are able to do so. As indicated in its name, 2FA is a second “piece of evidence,” or factor (in addition to your username and password) that you must provide in order to login to a site. That second factor can be biometrics, such as a fingerprint, using a cell phone to receive a short lived SMS PIN code, or authentication software on your mobile device.

With that in mind, if you use remote access to connect to your office and systems (who doesn’t nowadays?), and you are not setup with a Virtual Private Network (VPN) to connect, then you should absolutely be requiring 2FA on that remote login access. Absolutely. No exceptions. Ever.

You should also have 2FA on your office machine logins. Yes, inside the office as well, because like an onion, there are many layers to security. It might seem onerous to get a second code to login everywhere, but that extra 30 seconds is nothing compared to the cost of having your office breached, data stolen, and accounts drained.

2FA is a problem for those hackers, because if they successfully login to one of your accounts protected with 2FA, you’ve now increased the level of effort they have to exert exponentially, and they are going to move on to the next set of credentials.

Why are they going to move on? Because they are automating their attacks, they want to move with speed and scale, and with billions of credentials to cycle through, they are going to use the ones that don’t have 2FA required, going for the ‘low-hanging fruit.’

Using 2FA helps you protect the data behind your login, whether it’s at your office, your payroll service, or your bank, as your password(s) are more than likely already compromised and available, even more so if you reuse a password across multiple sites. 2FA is just one thing you can do among the myriad of measures you can take. I started with this one, as it is one of the simplest to implement, and gives the ‘biggest bang for the buck.’

If you take away anything from this article, make it the following two nuggets of advice:

  1. Your credentials are already out there – it’s wise to accept that and move to point #2.
  2. You can protect yourself and your business by requiring two-factor authentication (2FA) wherever you can. And, if you’re entrusting a business with sensitive information and they don’t offer it, perhaps you should move to one that does.

Editor’s note: This article  was originally published by SmallBizDaily.

Related Articles

Looking for something else?

Get QuickBooks

Smart features made for your business. We've got you covered.

Help Me Choose

Use our product selector to find the best accounting software for you.

QuickBooks Support

Get help with QuickBooks. Find articles, video tutorials, and more.

Stay up-to-date with the latest small business insights and trends!

Sign up for our quarterly newsletter and receive educational and interesting content straight to your inbox.

Want more? Visit our tools and templates!

By signing up you are agreeing to our terms and privacy policy.

A happy small business owner signing up for the QuickBooks newsletter on laptop