Cybersecurity has been in the news a lot lately. Australia recently witnessed large-scale data breaches that affected some of the country’s most prominent corporations. These highlighted that no business is impervious to cyber-attacks, which is why it’s especially important for small business owners to protect their businesses against cyber threats.
The Australian Cyber Security Centre (ACSC) Small Business Survey revealed that a staggering 62 per cent of the small to medium business owners surveyed had been victims of cyber-crime.i
And these attacks come at a significant cost to businesses. Companies lost over $300 million last year due to cyber-attacks. Notably, the average cost per cybercrime reported to the ACSC rose to over $39,000 for small businesses.ii
Given that digital data breaches can have a massive impact on a business, what are the challenges faced by small business and what are the best ways to keep yours safe?
Antivirus and malware security is an obvious starting point but there is more to cybersecurity than signing up to a plan or downloading an app.
Identify what needs to be protected
It’s important to understand what data your business holds, and in what locations. You might have data stored across numerous devices or services whether they are cloud-based or not, which increases the number of applications you need to keep secure. Multiple and numerous systems can also create more opportunities for a cybercriminal to attack so streamline where possible.
Identify what information needs to be protected, thinking about legal requirements and confidentiality and security of information as well as what assets are most important to your company, including financial data, customer information and intellectual property.
Password protection and access management
The next step is protecting that information, which at the company level means encryption and using secure passwords. Consider implementing multifactor authentication for an additional layer of security to let the right people in and keep the wrong people out. This involves adding a secondary factor to your password, for example a mobile phone number to receive an SMS with an access code.
Once you’ve reviewed your password protection it’s time to think about how you keep track of them. Most businesses use a lot of applications, so password management tools are the best way to keep track of multiple, unique logins and passwords.
Back up data regularly
Backing up data doesn’t just protect against cyber-attacks but also against human error and malicious actions as well as hardware failures and natural disasters. If you are using cloud-based applications, data back-up may seem easier as you are not having to manually back up things like hard drivers and servers. However, a note of caution – while the cloud is extremely secure, some providers still recommend doing regular backups with third party services.
It’s also important to update software regularly to protect against the latest threats. You should regularly update your operating systems, web browsers, and other software to protect against malicious intent.
Staff training and education
Of course, maintaining a secure environment is also about educating your staff on how to avoid cyber- threats.
As well as having policies that describe how your business manages its infrastructure, it’s important that staff are up to date on how to actively avoid threats. All it takes is one person to click on a link in a dodgy email and your business could be vulnerable. The Australian government provides a useful resource for small businesses at www.cyber.gov.au/learn which includes modules and quizzes to help businesses educate their personnel.
Incident response management planning
Finally, despite your best efforts, there is always a chance that your business may experience a cybersecurity incident. In such a scenario, it is important to respond quickly and effectively to minimise the damage and get back up and running as soon as possible. Make sure you have a defined process in place that describes who responds and what happens in the event of a breach so that you can react quickly.
Given the cost and time involved in recovering from a cyberattack it’s worth putting a bit of thought into preventative measures.
The most common cyberattacks impacting small businesses are:
- Scam emails and phishing attacks designed to elicit passwords or confidential information.
- Business email compromise (BEC) emails impersonating a supplier requesting payment.
- Malicious software including ransomware, viruses, spyware and trojans.