Since 1963, the President of the United States has issued a proclamation announcing National Small Business Week. This year it was for the work week beginning May 4 and ending today May 8.  The purpose of the week is recognition of small businesses in the U.S. where more than half of Americans either own or work for one, and who collectively create about two out of every three new jobs in the U.S. each year.

As someone who works in a small and growing business, this really is a week to celebrate.  In fact you have to like the promotional graphic below from the U.S. Small Business Administration and the tagline, “Dream Big. Start Small.”  

One of the areas of small business growth is not just the number of entities focusing on changing the world through technology, but also the role being online has played in enabling commerce and allowing anyone with ingenuity to appear like a big guy on the Web.  In many ways the Internet has been the most important accelerant of small business growth in history. 

That said, while the rewards of being online are amazing they are not without risks.  In fact, one of my go-to experts on Internet security matters, Bill Carey, VP of Marketing and Business Development, Siber Systems—creators of the popular RoboForm free password manager app—passed along 7  tips that small businesses should use to stay safe on the web. 

It may seem that many of these fall into the category of the obvious, but what is most amazing and disturbing is the continuous flow of research from security professionals regarding just how few small, and large, businesses take even the most basic precautions. It is why you may wish to keep the list below as a handy reminder of what to do and what not to do.

1. Strengthen your password: The best strategy for protecting your information is to use a strong password that contains upper and lowercase letters as well as numbers and symbols. Consider using numbers and symbols that resemble letters to strengthen your password while keeping it easy to recall, e.g., “B@seb@11” instead of “baseball.”

2. Use a different password for each secure site and change it every 30-60 days: When a data breach occurs, cyber criminals often sell the information to third parties before the theft is detected. If you change your password regularly, you’ll have a better chance of ensuring that a new login protocol is in effect when the third-party buyer tries to use your password.

3. Password-protect mobile phones and tablets: Many people these days use their personal devices for work, and if the device is lost or stolen, cyber thieves may be able to log in and collect sensitive company data – as well as personal account information. Use a strong password on all of your devices to keep information safer.

4. Don’t fall for phishing scams: So-called “phishing” scams occur when a cyber thief calls or emails while posing as a banking or merchant account official and attempts to collect login information. A sophisticated scammer can create a website that looks very much like a legitimate site. Never give out account information via email or over the phone.

5. Don’t leave desktops or laptops unattended in the office with a browser open: It only takes a few seconds for someone to use an open browser to collect login information and copy passwords, so make sure to shut down the browser or lock your screen if you’re going to be away from your computer, even for just a minute or two.

6. Consider a password management system: Passwords are the first line of defense, but creating strong passwords, changing them every 30-60 days and using unique passwords for every site can be a hassle. Password management software automatically handles password creation and changes—and only requires users to remember one password.

7. Make sure employees know how to keep company information safe: In the “bring your own device” (BYOD) era, it’s more important than ever to make sure team members understand how to operate safely online using their own devices or company equipment. Provide employees with the training and resources they need to operate devices safely.

Yes we are gradually inching our way to a world of multi-factor identification. In addition, there is no lack of intense work being done to ultimately eliminating passwords. They are constantly being tested by the bad guys for weaknesses with an alarming rate of success when best practices arenot employed.  Plus, they really are a challenge to manage.

Whether you are a small business owner, employee or even are rightfully concerned about your exposure when you are in personal rather than professional mode, realities are that passwords are not going away as quickly as we all would like. Indeed, it really is the reason to have a password manager. 

Happy Small Business Week, and let’s be careful out there!