It’s not a matter of if your small business will be targeted by cyber-criminals – but when. That’s the warning from the Australian Small Business Ombudsman.
Small businesses make appealing targets for ruthless online attackers operating from around the globe because they are much more vulnerable than larger enterprises, which invest heavily in protecting themselves.
Yet astonishingly, 80 per cent of Australian SME owners feel their business can respond adequately to a security breach, making them even more confident than some ASX-listed companies.
This false sense of security puts them at a high risk, both from cyber-attacks and from ‘insider threats’ either accidental or deliberate, from people working in the business.
Unfortunately, many SMEs lack the resources to recover from a cyber-attack. After a spate of ransomware attacks on Australian small businesses in 2017, over 20 per cent were so devastated that they were ultimately forced to shut up shop.
With attackers and security experts engaged in a constant game of cat and mouse, no business is ever 100 percent safe from cyber-attack. But ensuring that you have the basics covered will go a long way to reducing the threat.
Here are our top 5 cyber security tips for small businesses
1. Involve everyone
Cyber-security starts at the top, and it is important that as a small business owner or manager you are seen to be actively engaging. But a chain is only as strong as the weakest link, and it is just as vital that all staff at every level feel involved.
Make cyber awareness part of your business culture. Train and educate your staff and clients. Share a “security rules” document that explains what people are allowed and not allowed to do with regards to cyber security, covering internet, social media, email and device use.
Teach your team how to spot potential phishing, malware and ransomware attacks before it is too late. Keep cyber-security constantly at the forefront of everyone’s minds.
Sign your staff up for the federal government’s Stay Smart Online service, which will alert them to recent online threats and advise how they can be managed. Download and share the Small Business Ombudsman’s Cyber-Security Best Practice Guide.
2. Passwords, PINs and pattern locks
Over half of all successful cyber-attacks involve weak or stolen passwords. Make sure passwords are strong, changed regularly, and not used repeatedly for different systems. Wherever possible, use two-step verification together with passwords.
Phones, tablets and other portable devices must be secured with passwords, PINs or pattern locks, which should be changed regularly.
3. Check your operating system
Whether you use Windows or Mac, the older your operating system is, the longer attackers will have had to try to find weaknesses in it, and the more vulnerable it will be. Microsoft and Apple are constantly tweaking their software to fix known weaknesses, so ensure you always have the latest version installed. Turning on automatic updates can take care of this for you.
Use the firewall security provided by your operating system. If you use Microsoft Office, configure your macro settings to block untrusted macros.
4. Restrict access
Who has permission to access your sensitive data, such as banking details and customer information? How many employees need to know the admin password to your systems? Cyber issues arising internally can be a result of accidents or negligence, or they could be malicious.
By restricting access only to those who really need it, you can minimise the damage that can be done from the inside, while also limiting the chance of sensitive passwords being leaked or compromised.
5. Backups and business continuity
Every business needs a data backup system and a business continuity plan. This will ensure you don’t lose everything in the event of a successful cyber-attack.
Backups can be stored on external hard drives, on the cloud, or both. Backup applications can automate the process for you and ensure it is performed consistently. Multi-layered back-ups (e.g. yesterday, last week, last month) can protect against partial data losses or infections that are not detected immediately.
If you were locked out of your computer systems, what steps could you take to keep your business operating while you fixed the problem? You should prepare for this as part of your overall business continuity and contingency planning.
Lastly, consider investing in cyber-risk insurance, which can help protect you against the direct costs of cyber-attacks as well as the costs associated with claims from other parties such as for loss of information.
For professional, customised advice from experts on all the latest and best IT solutions for your small or medium-sized business contact EMPR Solutions, who have a 20-year track record in serving the Australian IT industry.