Protecting your small business against cyber threats

Australian small businesses rely on the internet to get their work done. Selling an item online, promoting your services on social media, or using email to communicate with your customers are just a few of the ways that you might be putting the internet to work for your business.

The internet might be an essential tool for your business, but it can also put you at risk. Hackers are increasingly targeting small businesses to gain sensitive data, steal money, and disrupt normal operations. Like other Aussie businesses, you may want to consider ways to protect yourself against cyberattacks and learn how you can prevent serious damage to your business and public image.

Here are seven ways you can help protect your small business against cyber threats:

1. Back up your data

Losing data because of a cyberattack or computer failure can be a nightmare for business owners. A serious data breach or loss could make it hard (if not impossible) to resume business as usual and could cause your professional reputation to take a massive hit.

Regularly backing up data could help minimise the damage caused by a loss of vital business data. Several back up methods, such as an external hard drive and using the cloud, can provide extra protection against fires, burglaries, hacks, and other events that can cause data loss.

Set a reminder to back up your data on a regular basis (such as each week, once a quarter, or yearly) and remember to actually follow through. Alerts are no help if you keep hitting snooze! Also, remember to test your back up data to make sure it can be restored if the time comes.

2. Secure your network and devices

Hackers are skilled at finding ways into computer systems. But their job is a lot easier if your network is unsecured. Taking steps to lock down your business devices and network could add some protection to your system.

You don’t have to be a computer genius to start securing your business network. There are many relatively easy steps that small business can take to improve their cyber security:

• Install security software on all computers and devices used by your business, including anti-spam, antivirus, and anti-spyware. Enable automatic updates to keep this software current and to download the latest security upgrades and patches.
• Install a firewall, a hardware or software “gate” between your system and the rest of the internet. Like security software, a firewall should be installed across your entire network and updated in a timely manner when upgrades are released.
• Uninstall old software and disconnect old equipment. Outdated software and devices can act as a back door for hackers wanting to enter your system. Make sure old and unused software is removed from your system and hardware is wiped clean before it is recycled or disposed of.
• Install spam filters. Email is a common way for cybercriminals to deliver viruses and other types of malware (malicious software). Phishing, attempting to gain sensitive info by impersonating a trusted sender, is also commonly done through email. Spam filters can help reduce the number of spam and phishing emails you receive and help prevent anyone from accidentally opening them.

3. Use encryption for important information

Encryption turns your data into a near-impossible to break code before it is sent. It can only be decoded by a recipient with the right key to do so. This greatly reduces the chances of it being stolen, tampered with, or destroyed.

Network encryption is typically available in your router settings. You can also install a virtual private network (VPN) on your business devices to protect them when you are using public networks.

4. Use passphrases and multifactor authentication

System logins are often a weak spot for many networks. You and your staff can be tricked into giving up passwords (often through phishing scams), but you might also be using ones that are easy for hackers or programs to guess. Passphrases and multifactor authentication make it harder for cybercriminals to enter your network.

Passphrases, a string of words used to login to a system, are typically harder to crack than a simple password. These can be made even more secure by using a mix of upper- and lower-case letters, numbers, and special characters within the passphrase. A password manager can help you create and store complex passphrases.

Multifactor authentication (MFA) requires at least two proofs of identity to login to an account. For example, you may be prompted to enter your password and then a code sent to your mobile phone. This two-step process is harder for cybercriminals to crack because they must compromise two devices or accounts instead of one.

5. Check on your users

Unfortunately, former employees can cause a cyberattack on your small business. Even if they leave on good terms, their access to your system could create a way in for hackers and other cybercriminals seeking to do harm.

When an employee leaves your business, make sure they return all business devices. Remove their credentials on their last day to ensure they can no longer login to your network. If someone is changing roles within your company, check their network access and remove any they will no longer need in their new position.

6. Educate your staff on cyber security and your policy

Every member of your staff should do their part to keep your network and devices safe. Educating them on how to identify cyber threats and what to do if an incident happens are great ways to help protect your small business.

You should also have a clear cybersecurity policy that outlines your staff’s responsibilities when it comes to protecting the business. Your employees should understand your cyber procedures and the consequences of not following them. A typical cybersecurity policy covers:

• How to safely share data within the business, with external stakeholders, and your customers
• Proper use of company computers and devices
• Rules for accessing internet sites
• Accessing business networks from personal devices when working from home
• How to correctly store and back up data

7. Consider cyber liability insurance

Following the above steps, as well as others, could help you avoid many cyber threats that could put your small business at risk. But things can still go wrong despite your best efforts. Cyber liability insurance could help protect your small business if this happens.

A cyber liability policy helps lessen your financial losses if your business experiences a hack, data loss, or other cyber-related event. This may include paying the costs of data recovery, covering fines and penalties, and crisis management costs to help restore your professional reputation.

Facing cyber threats head on

Cyberattacks are a growing risk for all types of Australian small businesses. Taking steps to help you avoid them and recover after an incident could make all the difference in your business’ future.

Next Steps

• Download our risk assessment checklist
• Download our scenario planning template