Tanya Janca is the founder of We Hack Purple, an online learning academy, community, and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to the tech sector.
During the COVID-19 pandemic, how has working from home affected the cybersecurity world?
There have been two main changes:
- Users are now on their home network and physically in their home
- COVID-19 themed phishing schemes
We need to have our employees connect to our networks over VPN, protect their machines and other work equipment from accidents, and always lock their screen when they are away from their machine (unless they live alone). We also need to educate them about current phishing attacks, and how they play off our emotions about the pandemic.
When starting a business, what are some of the biggest challenges faced while implementing cybersecurity measures?
Most small businesses are unaware of the cybersecurity threats they face and the risks they pose. I would say lack of awareness of what they need to do to protect themselves is the main challenge.
Why is cybersecurity often not considered to be a priority for small business owners?
Small business owners usually concentrate on whatever their business is about, which makes perfect sense! If you’re an expert at floral arrangements, that’s what you need to ensure your business handles perfectly. That said, education can help you protect your businesses from threats online.
What are three best practises that you recommend for business owners?
I suggest that all small businesses get an email filtering and web filtering system, to protect them from phishing attacks. The second thing is to get a company-wide password manager, to use for storing all of your work-related passwords, and teach your employees good password hygiene (different password for every site and long random passwords generated by your password manager). The last thing would be turning on multi-factor authentication for all your important accounts. Watch the video below for a more in-depth explanation of all three!
To what extent can business owners be their own cybersecurity experts?
I honestly feel that every business owner doesn’t actually need to be an expert, they just need to know when to call in an expert. If each small business could follow those three pieces of advice (web & email filtering, good password hygiene, turn on multi-factor authentication), they would be an in decent spot. Then call in an expert if you need something past that, for instance; if you are going to handle credit card information over the internet, why not outsource that to company that only does that one activity as a service? It’s cost effective, and they are experts at this one thing. Then you can spend your time worry about your business, instead of each different security detail, because you know you’re in good hands.