The move to remote working has opened the door for cyber attackers to exploit weaknesses in systems, and there is no business, big or small, that is safe.
Critical infrastructure networks from healthcare to telecommunications are increasingly being attacked, which are compromising the stability of major organisations and governments worldwide.
And with Australians having the highest average wealth per person globally, according to a 2022 Credit Suisse report, cybercriminals are following the money and targeting Aussie businesses.
But since most of the focus is directed to cyberattacks done to big businesses, it’s simple for small business owners to underestimate the risks to themselves.
What are the cyber risks to small businesses?
Around 200,000 home offices and small businesses are vulnerable to cyber threats, according to Melbourne-based cyber security firm Kaine Mathrick Tech.
Based on the latest ASD Cyber Threat report, the average cost per cybercrime report has also risen by 14%, costing small businesses $46,000 per incident.
Despite the worrying statistics, only 7% had taken out cyber insurance, according to BizCover’s 2022 Small Business Bravery Report.
For cybercriminals, these businesses are the proverbial low-hanging fruit. Not only are small businesses easy targets, but they also offer a considerable payoff in the form of stolen credit card data, banking information and ransom money.
These criminals can avoid the risk that comes with big business and government entities and target SMEs with low or no investment in business cyber security.
Here are a couple of common cyber threats SMEs often find themselves subject to:
1. Data breaches
Imagine your customer’s personal information, such as their names, emails, and payment details, ending up in the wrong hands. Not only does this harm your reputation, but it can also lead to hefty fines.
2. Ransomware
Ransomware is a type of malware that encrypts the files on a victim’s computer or locks the user out of the system. Attackers will then demand a ransom in exchange for restoring access.
3. Hacking
Hacking is an activity that exploits vulnerabilities of computers and networks, to gain unauthorised access or control. These cyber intruders commit data theft by slipping through weak spots and seeking out sensitive information they can exploit.
4. Email phishing
Phishing is where attackers present themselves as legitimate entities to lure your business into revealing sensitive information. These fraudulent emails often mimic the look and feel of authentic communications, tricking unsuspecting employees into clicking on malicious links.
So how can small businesses protect themselves?
Fortunately, there are many quick things small businesses can do to protect themselves from cyber-threats. This comprehensive guide will offer cyber security best practices to help you avoid threats and protect your business from hackers.
1. Train your staff to be cyber safe
As a small business owner, it is your responsibility to keep the personal information of your clients and employees secure.
But while you can do everything you personally can to be cyber safe, the only way to keep hackers out of your network is to ensure your staff also promote business cyber security.
Various private companies offer comprehensive cyber training across Australia.
It will likely improve your business’ resilience and response to an attack and minimise the impact of data breaches or data theft.
2. Create a cyber risk management plan
A solid cyber risk management plan will help ensure you are prepared for not only how to prevent an attack but what to do during and after an attack occurs.
The first step in your plan is to identify where the risk is. Many will likely be covered in the previous steps.
Next identify what is at risk and how expensive it would be if that information or data was lost, stolen, or leaked.
Compare the risks against each other and protect against the most damaging and most likely risks first.
This will help you identify what is the greatest threat to your business.
After that, think about what you would do during and after an attack occurs. This could establish how you will get your operations and networks back up and running and plan on how you will deal with any media fallout.
3. Ensure you use password management best practices
Passwords protect your business’ data and sensitive information from the rest of the world.
If your security is weak, then it’s easy for cybercriminals to access your files to be used for malicious purposes.
While it’s tempting to use the same password, which is your pet’s name and the year you were born, across multiple sites, this type of poor password management is a sure-fire way of inviting attackers into your network.
According to the latest Hive Systems Password Table, a cybercriminal can access any password under eight characters near-instantly, but it would take them 24 years to crack a password that is 12 characters made up of upper- and lower-case letters.
For reference, it would take 438 TRILLION years to hack an 18-character password made up of numbers, upper- and lower-case letters, and symbols.
So, the longer your passwords are, the safer your data will be. This is why passphrases are becoming increasingly popular, as it’s easier to remember a few words rather than a random set of letters and numbers.
Better still, try using a password manager, which can help store your passwords securely.
A password manager allows you to keep one long, unique password and have it updated regularly. This one password will grant secure access to all your passwords.
It is also a cyber security best practice to use multi-factor and two-factor authentication whenever possible, especially when it comes to essential online services such as online banking, remote access, accounting systems, and email systems.
As the name suggests, multi-factor authentication needs the user to provide two or more separate pieces of information in order to crack the password.
This extra security measure may slow down things a bit, but it’s worth it when the consequences can be very costly.
4. Ensure email attachments are trustworthy
Are you expecting an attachment? Is the file name a bit off? Does the body of the email seem like it is from someone you know?
Although spam filters have become quite sophisticated, you may want to be still cautious about clicking on links from emails and websites. Cybercriminals can hide malware and other viruses in these malicious links.
Verify that the link you click is legit. To see more information about the attachment, hover your mouse cursor over it before you open it. Call the sender if you have any questions.
5. Set up a firewall
Installing a firewall can add a strong layer of protection against unwanted intrusions and data breaches. Once your firewall is installed, it will work quietly in the background, checking everything that tries to enter or leave your network and stopping cyber threats in their tracks. Make it a point to keep it updated, so you’re always covered against the latest tricks out there.
6. Update your software
Like thieves attempting to break into someone’s house, cybercriminals will always look for the easiest way to break into your device.
One of the most common ways they do this is by exploiting weaknesses and vulnerabilities in your business’ software.
When you update your software, you’re effectively closing off potential entry points that might be manipulated to gain unauthorised access into your system.
Fortunately, software developers release updates for their products to patch up any security concerns and improve functionality. Most software will ask the device holder to update when a new version is released, and it’s cyber security best practice to do this as soon as possible.
Another thing to avoid is keeping software that has surpassed its ‘end-of-life’. Essentially, this means your software will not be supported by the developer to fix any new bugs or security problems leaving you an easy target for an attack.
7. Backup your data
One great cybersecurity best practice is to ensure you have backups of important data such as financial records and documents.
These files and information can be stored in the cloud, or on physical mediums such as external hard drives.
It is important to consider how valuable the data you are backing up is and what impact it would have on your business if it were lost.
A regular backup routine will help you keep your files safe and current. You might back up once a week, once a month, or hourly. How often you back up your data will depend on the data you have and how important it is.
You can even make this process automatic to ensure you don’t waste any time you could be spending on your business.
8. Use a safe connection
Your devices can only be as secure as their network. Hackers can gain access to your Wi-Fi network, even if it is connected to the Internet. Securing your Wi-Fi network using powerful encryption software can help to protect your business.
However, it’s possible to connect to Wi-Fi insecurely when travelling, for work, or to access public Wi-Fi networks abroad, at airports, hotels, and other places. To protect your data, you will need to use a Virtual Private Network (VPN).
Use a VPN to protect your connection when you use public Wi-Fi. The VPN encrypts all traffic between your device (and the VPN server), making it much harder for hackers to access to your data.
If you don’t have VPN, give public Wi-Fi a miss. Instead, use your mobile network.
9. Check and monitor third-party accesses
Businesses often rely on third-party vendors for digital services, such as cloud computing or customer relationship management. While these partnerships can offer significant benefits, they also introduce new vulnerabilities, since third-party access points can serve as potential gateways for cyber threats.
You can mitigate those threats by closely monitoring any third-party vendors that can gain access to your network. Make it a routine to audit these access points, ensuring that only the necessary ones are active and up-to-date.
Regularly checking in and updating these permissions helps keep your business safe and sound. It’s also okay to ask questions how these third parties protect your data too.
11. Protect the physical security of your devices
Keeping your devices safe from physical threats is as important as defending against cyber threats. Make it a habit to secure your gadgets as you would any valuable item in your office. This means locking away your laptops, smartphones, and other tech tools when they’re not in use.
A simple yet effective strategy is to use cable locks for laptops in open spaces, adding an extra layer of security. Also, consider setting up a sign-out system for any shared devices to keep track of who uses what and when.
12. Report cyber-attacks to the authorities
If your small business faces a cyber-attack, don’t stay silent. Report it to authorities like the Australian Cyber Security Centre (ACSC), via their website www.cyber.gov.au. By informing the relevant channels, you help not just your business but also contribute to a safer digital environment for everyone.
Once you’ve reported it, it’s time to get to work. Review your security measures, patch up any vulnerabilities, and communicate with your team and clients about what’s happened and how you’re securing things moving forward. It’s all about bouncing back stronger!
13. Establish a disaster recovery plan
Getting ready for a rainy day is smart, and that’s just what a disaster recovery plan is all about. Start by backing up your data regularly and storing it somewhere safe, like the cloud or an external hard drive.
Then, create a clear, step-by-step guide on what to do if things go south, like a data breach, data theft or a system crash. Make sure everyone on your team knows the plan and can jump into action when needed. This way, you can get back on your feet quickly, with minimal fuss and maximum efficiency.
Part of your disaster recovery plan should also include having Cyber Liability insurance. If you’re insured with BizCover, filing a claim is a breeze. A few simple steps and you’ll be well on your road to recovery.
14. Consider Cyber Liability insurance
Cyber Liability insurance* provides protection against claims and supports your profitability in the event of a data breach or cyber threat. Cyber Liability insurance also covers costs that arise as a result of defending a cyber claim.
Your coverage may generally include cover for expenses and restoration costs relating to the following:
- Data breaches including data theft or loss of client information
- Network security breaches
- Business interruption costs
- Forensic investigation into the cause or scope of a breach
- Data recovery costs
- Cyber extortion
- Crisis management costs (to protect or mitigate damage to your businesses reputation resulting from a cyber event)
- Loss and legal costs, including fines and penalties resulting from a third-party claim for data or network security breach against your company
The bottom line
Ensuring you have great cybersecurity practices is paramount to the success of your business. The threat of cybercrime is ever-growing, putting small businesses at increased risk.
These online security tips can help you avoid cybercrime or safeguard your business if a cyber attack does occur.
This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording.
© 2022 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769
ABN 68 127 707 975; AFSL 501769
