The belief that your business is too small or too insignificant to be a target of cyber criminals is precisely the problem. In fact, that’s the kind of thinking that cyber crims are quite literally banking on.
The damage caused by security breach cannot be overstated. It directly affects your brand, can cost a lot of money and, ultimately, even close down your doors.
And yet, small businesses commonly make the same mistakes over and over again when it comes to cyber security. Dynamic Business spoke with Sean Duca, Chief Technology Officer at McAfee Asia Pacific, part of Intel Security, about protection for small businesses. Check out these few quick tips:
1) Your information is valuable: Chief Technology Officer at McAfee, Sean Duca, told Dynamic Business it’s a mistake to assume a small business’s operations are of no interest to cyber criminals.
“Every organisation, even small businesses have sensitive information, they have their own intellectual property, they have information that keeps the doors open and business running. For those businesses, they need to think about how they can adequately protect themselves across the board.”
Targets for cyber criminals vary and many operate in environments similar to small cottage industries where information can be on-sold to others who place a higher value on the stolen information.
2) The basics: Acquaint yourself with your network and be sure which devices are connected to it. A small business owner will usually acquire a range of computers and laptops that will be connected to the network. You will need to ensure you are familiar with your operating system and install comprehensive security software to protect your information.
Passwords are critical. “The big thing is that you want to ensure you are using a complex password but something you can remember,” Mr Duca said. One option is to use password management software. This will create long and complex passwords, remember them and use them to log you into various accounts.
Patch management is key to ensuring you minimise your vulnerabilities. Patches help to strengthen weak spots in various programs that you have on your system.
It pays to protect sensitive data about clients. Recent changes to privacy laws now mean that incorporated businesses that breach the Privacy Act may be liable for civil penalties of up to $1.7 million.
3) Disaster Recovery: One key question to address is what happens in the event of a disaster? For example, if your business burnt down overnight, would you be able to recover vital information?
Normally, business owners wouldn’t leave sensitive documents casually lying around in the office. Sometimes copies will be made of sensitive documents and stored in secure environments. A similar approach should be taken in the digital world.
Data should be backed-up and encrypted. It can be kept onsite in the form of DVDs or thumb drives or it can be kept offsite in a remote server which can be accessed directly or via the cloud.
One idea is to write down a form of emergency plan setting out the steps to take to recover your information in the event of a disaster.
4) Staff education: Make sure your staff are clued-up about the security risks facing the organisation. Employee laptops and mobile platforms should be subject to strong passwords. It is well known that Password1 and QWERTY are still all too common forms of passwords.
It’s also unwise to access sensitive information in some environments. For example, people may be “watching in” if you access confidential material on free public wifi.
Some staff may not see security risks as clearly as an IT administrator and accidentally expose the business to risk by clicking on something they shouldn’t have.
“Cyber criminals don’t sit there and say ‘Lets focus on the top end of town. What segment should we or should we not touch?’” said Mr Duca “Wherever there is an opportunity, they are going to go after it.”
