Have you ever thought about how much of your business information is stored on a smart phone, computer or online? Or what would happen if you lost access to that information or it became compromised?
When you consider the volume of vital business information that gets stored electronically, the need for good cybersecurity practices is a necessity for all small business owners and their staff.
It is thought that nearly 90 per cent of all cyber breaches are caused by a mistake by someone working in the business.
Here are some practical steps to take to help protect your business.
Use strong passwords
Do you re-use the same password across lots of platforms, have kept the same password for a long time, or include the names of pets of children? If you have answered yes to any of these, your password may not be very secure.
The longer and more complex your passwords are the better. A good start is to have a mix of upper and lower case letters, numbers and symbols. If you find these hard to remember, try a passphrase – a combination of three of four random words that, when combined, provide a longer and harder to guess password (for example: PurpleDoorBananaFloor).
When it comes to your computers, networks (such as your Wi-Fi) and mobile devices, ensure that you have strong passwords that are regularly changed. In particular, if any devices come with default passwords (for example: your modem may have a default password to connect to Wi-Fi) you should change this password as soon as possible. You can check if any of your passwords have been compromised by a data breach on the website Have I Been Pwned.
If you employ staff, you may also want to consider providing access to systems and passwords on a ‘need to know’ basis.
Action to take
Enable two-factor authentication
Two-factor authentication provides an extra layer of security to your online accounts (such as your email, social media or internet banking) and makes it harder for someone to gain access, as they will need more than your user name and password.
It usually requires you to take an extra step to access online accounts, such as entering a personal identification number (PIN), responding to a notification on your smartphone or using fingerprint or facial recognition.
Most online platforms will allow you to enable two-factor authentication under their security and login settings.
Secure your devices and networks
There are a few practical things you can to do keep your devices and network secure, such as:
- Having up-to-date security software installed and running regular anti-virus scans.
- Avoiding the use of storage devices, like USBs or hard drives, that have come from unfamiliar sources (unless you can run an anti-virus scan on them first).
- Ensuring all portable devices, such as smart phones and tablets, can only be unlocked by PIN.
- Limiting the use of public Wi-Fi networks which may be unsecure or vulnerable. In particular, you should never use public Wi-Fi to make online payments and/or access financial records.
Regularly back-up your data
Having one back-up is a good start, but ideally, you should also have a back-up of your back-up too. Don’t worry, this isn’t as hard as it seems. Online and cloud storage are a popular back-up option, but unfortunately can also be compromised. Ideally, you should not only keep an online back-up of your data, but also have a physical storage device, like an external hard drive, that you regularly back-up your files to.
Read the Australian Cyber Security Centre's Small Business Cloud Security Guides to find out more.
Update your operating systems
One of the most effective ways to protect your business is to ensure that all your systems and devices are regularly updated, so that weaknesses in the operating system can’t be exploited. It’s a good idea to switch on automatic updates so this important job doesn’t slip your mind.
If your device is no longer supported with security updates because it is too old, it may be time to consider investing in a new device.
Educate your employees
If you employ staff, take the time to talk to them about the importance of cybersecurity and protecting any information relating to your business that they may store on computers or mobile devices. Explaining what you deem to be an acceptable use of business information and devices will ensure they have a clear understanding of your expectations.
You can also consider creating a cybersecurity policy for your workplace that sets our your expectations of staff and how you will handle sensitive data.
Be aware of the latest threats
Major cybersecurity threats are regularly reported in the media, so keeping up-to-date with the news can give you a heads up on the latest threats and attacks so you can stay one step ahead.
Make use of free resources
A range of resources is available to help you protect your business from cyber threats.
- The Have you been hacked? tool from the Australian Cyber Security Centre can walk you through a series of scenarios to determine if you have been hacked and provides practical steps to follow to manage the situation.
- A cyber security assessment tool on the Business.gov.au website can help you determine how secure your business is, and get recommendations for any improvements.
- Sign up to the ACSC’s email alert service to provide you with information on the latest online threats and what you can do to keep them at bay.
- Download the ACCC's Little Black Book of Scams to learn more about common scams and how to protect your business.
- Learn to spot and report scams including email compromise scams and protect your business from scammers.
- If you have been the victim of a scam, ScamWatch explains the steps to follow to limit the damage and protect your business from further loss.
- CyberWest has published useful articles about cyber security, including a list of Australian cyber companies who provide services to small businesses in their document Cyber Security for Startups and Small Business.