The last few months have been difficult for Australian small businesses. Facing shutdown orders and the sudden need to reinvent their daily operating procedures, many scrambled to support their newly-remote employees. The good news is most have been able to do so with at least some measure of success.
Even though there’s reason to believe that the worst may be behind us in terms of the Coronavirus threat, Aussie small businesses can’t let their guard down. That’s because there’s growing evidence that they may face a less obvious threat, a cyberattack. Data gathered by a variety of global internet infrastructure providers and security firms points to a startling increase in the number of cyberattacks since the beginning of the pandemic.Since a single attack can cost hundreds of thousands of dollars, businesses cannot afford to ignore the risk. A loss like that would be a death blow for the average Australian business. That means now is the time for small businesses to take steps to lower the odds that they will be targeted. Here three tips for small businesses:
Increase Employee Education
One of the big reasons for the surge in cyberattacks is that the number of possible targets has increased as many employees work from home. Rather than a business having to guard a single office network from attack, they must now contend with multiple individuals working on personal devices. Without any central authority to govern their use of company remote access systems and company-owned data, the threat environment became unmanageable.
To reduce the associated risks, businesses need to educate employees on how to spot common threats like:
- Phishing scams
- Social engineering attacks
- Infected email attachments
The more employees learn how to defend against these common threats, the safer the whole business will be.
Mandate Strong Passwords and 2FA
One of the simplest ways to secure digital business assets against outside threats is to restrict access in the first place. To do that, all business accounts should be subject to mandatory strong password policies and two-factor authentication should be in place wherever possible.
A strong password policy should require passwords to be at least 14 characters in length, made up of at least four unrelated words. Passwords created in this manner are exceptionally difficult to guess using computer-automated methods, which are the primary means hackers use. For two-factor authentication, it’s also a good idea to use an authenticator app rather than SMS messaging. Since cellular phones are vulnerable to SIM swap attacks, they shouldn’t be trusted to add additional security to business accounts.
Apply Software Updates and Deploy Endpoint Security
The last and arguably most important thing a business should do to protect from cyberthreats is to make sure that all software on business-owned (and employee-owned) devices is up to date. The majority of attackers are looking for targets that don’t require much effort to breach, so throwing up any kind of roadblock increases the odds that they’ll move on to an easier target.
On top of keeping software updated, it’s also critical for small businesses to invest in an endpoint security solution that can cover both company-owned devices and any employee devices which will connect to business systems. Security experts now agree that providing endpoint security on employee hardware is critical to maintaining operational data security. It also takes the onus off of employees to secure their devices and unifies all hardware under a single enforceable security policy.
Managing the Risk
By taking these three simple steps, small businesses can make sure that they don’t fall victim to a cyberattack. With each passing day, the odds that they will get hit by a successful attack grow, and the chance that these defences will be enough to blunt the damage decrease. Those that fail to heed the warning had best start training for a new career – because there are plenty of cyber criminals working hard to make sure that they won’t have their current job for very much longer.
“The opinions expressed by BizWitty Contributors are their own, not those of BizCover and should not be relied upon in place of appropriate professional advice. Please read our full disclaimer."