Posted on by

How to be secure when you are small (Part 1)

We use technology and data all the time. 

Even in our community groups, side projects, and small businesses. Aside from being small, these groups share a lot in common:

  • They need data – They collect, store, and manage information about members, customers, and suppliers.
  • They need to have an online presence so people can find them – either a website or social media accounts.
  • They need to keep their costs low – they need to make it viable to keep going, which usually means using minimal resources to run the organisation and keeping any IT costs as low as possible.

Small groups are awesome

They can have large impacts in our local communities and it is important to lift them up and support them when we can. They are kind of like Tinkerbell – they need recognition and support to stay alive (and money and resources too, of course).

 

 

Along with all the great things they do, sometimes they carry along some excess baggage – misconceptions about the technology they use and data they collect:

“I am too small to be attacked”

“No one can find my accounts or systems”

“Security is too expensive to put in place”

Sometimes in New Zealand, these misconceptions can be amplified. We are a small island in the Pacific after all! 

Even small fish need their anemone. There are ways that small groups can do security that doesn’t take away from their main purpose and goals.

 

 

Well reader, we are going to take you on an adventure!

If you can give us just one hour of your time, once a fortnight, we can help you build some big security defences for your small group. In this blog series we will show you some steps that just take a wee bit of time to set up and require no fancy tools, experts, or money (!!!) to do.

If you volunteer or run a small group, or know one that has a soft spot in your heart – help them through this list and help them get on the right (secure) foot.

Let’s get started! Get out your stationary kit, because we are starting with making a list and taking inventory.

 

 

Step 1. Make a list

Start a list that keeps track of what kind of data you collect, and what systems and accounts you use. If you don’t know where to start, begin with answering these questions:

  • What social media accounts do you use?
  • Do you have a website? Do you manage the web server yourself? Or do you login to a website to take care of it and pay someone to host it for you?

If you are like me and love a good checklist, try giving this a go

 

Now, anything you have listed in the “accounts” column is likely a “Software-as-a-Service” or SaaS product. Which means you don’t have to worry about the underlying technology; you just have to focus on protecting your accounts and controlling the data that goes into them. 

Anything listed in the “technology & systems” column will require a bit more effort. You will have to think about both protecting the accounts and the technology underneath them.

Believe it or not – that is it for step 1! That wasn’t so bad.

Understanding the tools and technology you use is honestly the first step in your small group’s security journey.

The next step in this adventure is going to be all about passwords. Throughout our digital lives we have been told different tips, tricks, and advice for doing passwords right. We are going to clean that slate and teach you what you really need to do to make passwords secure.

See you in the next blog for part 2!

Related posts
  • Secure development: Top ten security training topics for your team
  • How to be secure when you are small (Part 2)
  • Secure development: Detecting attacks in your software