The internet helps business flow, but it also comes with a risk--every day, individuals and companies suffer from cybercriminal attacks. So in honor of Safer Internet Day, I turned to one of the biggest, most trusted, and widely used technology companies in the world--Google--for some recommendations on how to avoid problems.

Five tips for better security.

Mark Risher, Google's head of account security, says the following strategies are essential for keeping your information out of the wrong hands.

1. Keep your software up-to-date.

Developers routinely find exploitable bugs and vulnerabilities in even the best programs. Updating regularly ensures you have the version of the software that's addressed any issues the developers have found.

"Visit the settings in your app store and enable auto-updates. When you receive notifications to update your software, do so as soon as possible."

2. Use unique passwords.

Strong, complex passwords are a great start, asserts Risher, but their security quickly falters if you use the same one for a lot of the accounts you have.

"Using the same password across multiple accounts is like using the same key to multiple houses," says Risher. "It increases your security risk."

Risher recommends using a password manager, such as is built into Chrome and Android, to keep track of the passwords you've racked up.

3. Set up a recovery phone number or email address.

Adding this information to an account means you can regain access to that account if you ever get locked out.

4. Protect your accounts with two-step verification.

"Two-step verification helps keep out anyone who shouldn't have access to your account by requiring you to use a secondary factor on top of your username and password to log in to your account," explains Risher.

This strategy is increasingly important the more tools or information you can access with the same password, such as on Google where your password is used to access email, Drive, Docs, and other options. A common example is where the provider sends a text message to your phone when you try to log in. You can't log in to the account unless you enter the messaged code into the sign-on page.

5. Take the Google Security Checkup.

"The Security Checkup analyzes your Google Account security status and provides you with personalized and actionable guidance to address any issues it recognizes as potentially dangerous. This is one of the easiest things you can do to strengthen your account security."

Other companies, such as Facebook, offer checkups with different levels of service, as well.

We're not as hot as we think.

Risher points out there's a big disconnect between how people think they're doing with security and what actually happens. A poll by Google and Harris found more than two-thirds (69 percent) of Americans over age 16 give themselves an A or B for protecting their accounts, and 61 percent say they're too smart to fall for a phishing scam. (Let that influence of ego sink in for a moment.) But two out of three people use the same password across accounts, over half say they've got a favorite password for most of their accounts, and a third aren't using or don't even know if they're using two-factor authentication.

How leaders and employees can bridge the gap.

Good leaders can protect their companies by making sure workers use unique passwords for all accounts, making two-step verification mandatory from the outset, and setting software to update automatically when users log in.

"Security works best when it's built in from the get-go," says Risher. "While entrepreneurs may think that security is something they can handle once they reach critical mass, implementation is significantly harder the bigger you get. Not to mention, the risks associated with things like Business Email Compromise (BEC) and phishing are profound even for small companies. Entrepreneurs should devote time to security -- including choosing cloud providers who handle it by default -- so that it never becomes an issue."

Risher also says that cybercriminals are more and more well-resourced, which lets them manipulate more flaws. But as they gain insights about vulnerabilities, like the best marketers, they're savvy about messing with your feelings, too.

"They'll play to their victim's emotions by impersonating the victim's boss, making it seem like a response is required immediately. Then, once a victim learns they've been breached, there's often a rush of shame, fear, and anger. [...] Business professionals are also human and are susceptible to powerful, emotional reaction that can cause them to freeze, not report an attack or fail to take further preventative action."

The answer is to make sure you have a security strategy that takes this human element into account and that, rather than just serving as defense, lets you triage when an attack happens so the repercussions stay as small as possible.

Right now, two of the biggest trends Risher says you should watch for are an uptick in credential dumps (obtaining account login and password information from the operating system and software) and spear-phishing (sending fake emails to targeted individuals). Regarding the latter, attacks are more sophisticated, growing in number and increasingly targeted at businesses. But more advanced forms of two-factor authentication (e.g., security keys) can protect people like entrepreneurs who have increased risk. Options such as Google's Advanced Protection Program can keep criminals out, too.

As for the future, Risher says companies likely will bear greater responsibilities for protecting users. Newer technologies, such as FIDO, biometrics, and WebbAuthn, will become table stakes, and two-factor authentication probably will become mandatory. Nevertheless, it's important for individuals to take initiative for their own security.

"That's the purpose of the tips I shared above," Risher concludes. "We want to encourage everyone to better protect themselves from known risks. And as an entrepreneur, you can better protect your business by having employees follow these simple, but effective best practices."

Published on: Feb 5, 2019
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.