Cyber Insights

Small Business Cybersecurity in 2019: What You Need to Know

Terry Griffin
Written by Terry Griffin

Today, technology changes at a rate most businesses can’t keep pace with, and it’s this lag that introduces risk into organisations’ business operations.

With the threat to cybersecurity growing each year, it is important to understand its potential & learn how to protect your business from a breach.

What is driving the recent increase in reported data breaches in Australia?

The introduction of the Privacy Amendment (Notifiable Data Breaches) Act 2017 requires organisations to notify the Office of the Australian Information Commissioner (OIAC) when a breach has happened and to alert staff when personal information has been compromised. As a result of this, data and security breaches are now being tracked and reported which is one reason why we are seeing the increase.

These data breaches are happening globally, and as businesses expand digitally, storing valuable data and conducting business online is creating high vulnerability to a cyber attack.

According to IBM & Ponemon, the average breach is costing US$3.9 million, therefore, businesses need to be well prepared when it comes to the prevention of cyber hacks.  

The type of cyber threats to look out for in 2019

Ransomware Attacks

Put simply, ransomware is a form of malware which disables your system, until a ransom is paid to the hackers.  This type of attack is the most dangerous in the hacker world. Cybersecurity Venture predicts that this year it will cost a whopping US$11.5 billion worldwide, averaging an attack happening every 14 seconds.  This type of attack likes to infect your system through phishing emails, this is when an email is sent to you containing a fatal link, clicking through to this opens the door to the data breach.

Phishing emails can contain the following traits;

  • Poor grammar or spelling
  • Asking for personal information   
  • Threats
  • Suspicious address

Personally Identifiable Information Attacks

The Facebook Cambridge Analytica political hack in 2018, which was a breach of personal information on Facebook used for political purposes. This a reminder of how much information can be stolen from the internet. This type of attack can take sensitive information like credit cards, birth dates, addresses etc. Credit cards are used in everyday business routines and it is alarming that online fraud, according to Australian Payments Network, is the most common type of fraud for credit cards.

Cryptojacking   

Another threat is cybercriminals using other people’s computers to purchase Cryptocurrency. In simple terms, cryptocurrency is a virtual form of money, which is not supported by the government. Cryptojackers don’t necessarily hack your data, like a ransomware attack, instead, they use your computer as a host to conduct these purchases. Although this attack doesn’t (normally) affect your data, it can negatively impact your time and resources in the following ways;    

  • Slowing your computer/system down
  • Above average electricity bills  
  • Wear & tear on your computer
  • Potential threats to your data

Home & Business Systems Attacks

The popularity of in-home systems is giving hackers access to another world of information.  These systems include including smart speakers, security cameras, baby monitors etc.  With many businesses using assistants such as Amazon Alexa in the workplace, this can be threatening for a breach. The issue here is that when people set the device up, they neglect to change the default admin account leaving the door wide open for hackers to do what they please.  

Weak Passwords Attacks  

Something as simple as a weak password can create a lot of issues for businesses, according to IBM, over 80 percent of data breaches are from weak passwords. If businesses can improve on their passwords, they can save the money spent on resolving a breach and put it back into the business profits instead.  Read below for handy tips on password protection and creation.

How to protect your business  

Store data offline:

Businesses are always reminded of the importance of backing up your files regularly. To ensure your data is accessible and safe after a breach, have a secondary back up to a hard drive.  Using both a hard drive and a cloud system will ensure your information is a lot safer. This will also help your business transition back after an attack without the loss of data.  

Educate & train your staff  

By training your staff on the risks, they will not only be able to share a potential threat but understand the next steps when they do feel under threat.  If they are aware of the security measures & steps, then the protection can start from the ground up.  

You could train your staff internally or outsource to a training provider such as DDLS. DDLS offer a range of vendor-certified courses from security professionals to equip the attendees with the necessary skills and knowledge that will help them avert a cyber conflict

Find out more about the Cybersecurity courses here.  

Make a game plan

If your business is under threat, then you need to act fast. These threats can take over before you have even realised. Create a simple step-by-step plan for what to do once a breach has been made, this plan should involve;   

  • Cybersecurity preparation
  • Detect the threat
  • Access how big the threat is
  • React to the level of threat
  • Reviewing the plan and cybersecurity measurements

This can be shared with your staff, so everyone is on board and reactive to potential threats.

Two Factor Authentication

Secure your password logins with two-factor authentication, it is a method where a user is granted access after they have proved authenticity, this can be through a verification code sent to a mobile device. This creates stronger protection over your accounts and is particularly handy for email, as a lot of personal business information can be found in an email account.

Password changes

It is a great idea to encourage your staff to spring clean their passwords on a regular basis.  These passwords should also be hard for a hacker to guess, avoid using easy passwords that include details such as date of birth, name, street address or pets. These may seem easy for you to remember but they are also easy for a hacker to find out.  If your business has it’s passwords stored on the cloud, LastPass is a great alternative that safely stores your encrypted passwords online.  

IT Check & Software Update

Updating your passwords is a great start for protection, but to go that step further install hacking software & anti-virus protection. These security subscriptions can expire & forgetting to renew can be a big issue, regularly check that these are valid and updated. Software updates improve protection efficiency and catch suspicious work in its tracks.  

Use Mobile Payment Methods

Interestingly, instead of using credit cards for businesses try switching to a mobile payment method such as Google Pay. When we use a mobile phone and Google Pay, we need to unlock the phone.  There are various ways to do this – proximity to an Android/Samsung watch, fingerprint, facial recognition, iris scanning, the list goes on.  The point is, that the owner of the phone needs to be effectively holding the phone for Google Pay to work, making it much more secure than a credit card transaction.  

Why is it safer to use Google Pay than a credit card?

1. When we use a credit card, we pull it out of our wallet, and either swipe it or tap it and enter a PIN.  The numbers impressed on it can be photographed during this action, as can the name, expiry date and on the flip side, the three-digit CVV as well as the PIN.  The card can now be used for online purchases without the PIN, or cloned for large transactions with the PIN.

2. A credit card can be stolen or lost. The effect is identical if the wrong person ‘finds’ your card.  There is nothing to stop the holder of a lost/stolen credit card from using it for online transactions.  The proper owner of the card must contact their bank to cancel the card, if they know it is lost or stolen.

3. PINs are sometimes stored on the credit card, albeit encrypted, but as we should all know, any form of encryption is susceptible to cracking, and PINs can be extracted.

4. A black market clone credit card called a Yescard can be purchased on the dark web and used to clone the card number of a card and the Yescard holder can program it with his own PIN and thus use it in the same manner as a genuine credit card.

5. If a stolen credit card is swiped through a card reader, the service code can be modified and rewritten to the card to enable the card to be used without a PIN.  

With the advancements in technology, the threat to cybersecurity is at an all-time high ensure you follow these tips to protect your business. After all, it can take one quick move from an outsider to attack your system.   

“The opinions expressed by BizWitty Contributors are their own, not those of BizCover and should not be relied upon in place of appropriate professional advice. Please read our full disclaimer."

About the author

Terry Griffin

Terry Griffin

Terry Griffin is a Principal Technologist, specialising in security at DDLS. DDLS offer an extensive range of training options all tailored to your businesses needs, these courses include vendor-certified courses to customised training. You can catch Terry on LinkedIn here.

Leave a Comment