Four cybersecurity steps for small business
Mon 8 April 2019 - 8:00 amDigital | Featured | Hot Tips | Information Technology | Security | Software | Tech
A recent survey commissioned by Prospa found that more than half (54%) of small business owners spend at least 6 days a week on their venture, with one in four (28%) working 7 days. When faced with the pressures of running a small business – from managing cashflow to acquiring customers to organising a new fit-out – finding time to think about a potential cybersecurity threat can be a major challenge.
Many small businesses don’t consider themselves to be as vulnerable as larger enterprises, yet a survey from Chubb reveals the majority (60%) said they have experienced a cyber incident in the last twelve months. Small businesses are actually a more attractive target because their systems are often less advanced. It’s also a numbers game – with more than 2 million small businesses in Australia, it’s only a matter of time before a hacker stumbles upon easy prey.
Gone are the days of protecting a physical network, ensuring firewalls are configured, and buying and installing security software. Today’s tech savvy small business owners are rapidly adopting cloud-based technology because it’s convenient, easy to use, low cost and effective. Fortunately, these benefits also apply to cybersecurity. Any small business owner can take a few simple steps to dramatically improve their protection and give themselves the best shot at avoiding an attack or minimising the impact.
- Backup and Verify
You may have heard this a million times, but often the simplest acts can have the biggest impact. Don’t rely on cloud services alone to automatically backup your information, as they can often be incomplete or not fit for purpose. Take a regular export of the data or generate a backup file, and store at least two copies in different physical locations. Wherever these locations are, ensure only the right people have access. Always test the backups each time you create them. They are useless if they’re not working correctly.
- Multifactor Authentication (MFA)
The cloud brings unprecedented levels of convenience and efficiency, but with this comes different risks. If you’re able to login to your systems from any device or location, so can a potential hacker. If your password falls into the wrong hands, an attempted breach could occur before you even realise. Multifactor authentication (MFA) requires two or more authentication factors such as a password and SMS to confirm your identity. This not only makes it far less likely that a hacker will be successful, it also alerts you to the risk. Luckily, most cloud software allows you to ‘remember me’ for a short period, which saves you the hassle of having to authenticate each time. An app like Google Authenticator allows you to use MFA even when you’re travelling overseas without mobile reception.
- Train Employees
Phishing or fraudulent emails are often one of the simplest ways to breach a business. Employees are often the target, so even if you manage the finances, make sure everyone on your team understands the risks and knows what to look for. Train your staff to be wary of unsolicited calls or emails, especially where the email involves a financial request, file transfer or request for information. In most cases it’s best to contact the sender directly to confirm legitimacy. A quick google search will yield you hundreds of pages about how to identify a phish.
Ensure your systems have antivirus installed. While many attacks such as phishing are malware-less in this day and age, it’s still sensible to have antivirus software set up. Being cautious when receiving and sending emails and browsing is the most effective way to protect yourself, but it’s never a bad thing to have an additional safety net in place, and it’s usually free.
The most important thing to remember for any business of any size is that you have limited resources – whether it be time or budget. Use these resources carefully and protect what matters most to the business. For an e-commerce company, this might mean prioritising the primary website whereas for a café you may want to focus on ensuring email accounts and internet banking platforms are secure.
It’s vital to understand that contrary to popular assumptions, small businesses are not just vulnerable to cyberattacks, they are deliberate targets. And these attacks can be devastating. The above steps however can help strengthen your defences and hopefully give you some peace of mind.
Charn Tangson manages the Cyber Security function at Prospa, Australia’s number one online lender to small business.