The move to remote working has opened the door for cybercriminals to exploit weaknesses in systems, and there is no business, big or small, that is safe.
Globally, cyberspace has become a battlefield, with skirmishes between hackers and cyber security experts through the networks of unsuspecting individuals and businesses.
Critical infrastructure networks from healthcare to telecommunications are increasingly being attacked worldwide, bringing major organisations and governments to their knees.
And with Australians having the highest average wealth per person globally, according to a 2022 Credit Suisse report, cybercriminals are following the money and targeting Aussie businesses.
But given the headlines in the news are dominated by big business, it’s simple for small business owners to underestimate the risks to themselves.
What are the risks to small businesses?
Thinking that cybercriminals only target large businesses is an easy – and dangerous – assumption to make.
A total of 43% of cyberattacks in Australia were targeted at small and medium-sized businesses, according to Melbourne-based cyber security firm Kaine Mathrick Tech.
Given that small businesses are in the line of fire, you would think many would be worried –and many justifiably are.
But the difference between concern and action wherein lies the risk to small businesses.
A 2020 report by the Australian Cyber Security Centre (ACSC) found 80% of small businesses surveyed rated cyber security as ‘important to very important.
Yet the same research found almost half of SMEs only spend less than $500 on cyber security per year.
More recently, while 31% of small businesses cited cybercrime, including fraud and data breaches, as their most concerning risk, only 7% had taken out cyber insurance, according to BizCover’s 2022 Small Business Bravery Report.
For cybercriminals, these businesses are the proverbial low-hanging fruit. Not only are small businesses easy targets, but they also offer a considerable payoff in the form of stolen credit card data, banking information and ransom money.
These crafty cybercriminals can avoid the risk that comes with big business and government entities and target SMEs with low or no investment in cybersecurity.
So what can be done?
Fortunately, there are many quick things small businesses can do to protect themselves from cyber-attacks. This comprehensive guide will offer cyber security tips to help you avoid threats and protect your business from hackers.
1. Ensure you use password management best practices
Passwords act as cyber security guards that separate the rest of the world from your business’ data and sensitive information.
If your security is weak, then it’s easy for cybercriminals to access your files to be used for malicious purposes.
While it’s tempting to use the same password, which is your pet’s name and the year you were born, across multiple sites, this type of poor password management is a sure-fire way of inviting cybercriminals into your network.
According to the latest Hive Systems Password Table, a cybercriminal can access any password under eight characters near-instantly, but it would take them 24 years to crack a password that is 12 characters made up of upper- and lower-case letters.
For reference, it would take 438 TRILLION years to hack an 18-character password made up of numbers, upper- and lower-case letters, and symbols.
So, the longer your passwords are, the safer your data will be. This is why passphrases are becoming increasingly popular, as it’s easier to remember a few words rather than a random set of letters and numbers.
Better still, try using a password manager, which can help store your passwords securely.
A password manager allows you to keep one long, unique password and have it updated regularly. This one password will grant secure access to all your passwords.
It is also best practice to use multi-factor and two-factor authentication whenever possible, especially when it comes to critical services such as online banking, remote access, accounting systems, and email systems.
As the name suggests, multi-factor authentication needs the user to provide two or more separate pieces of information in order to crack the password.
This extra security measure may slow down things a bit, but it’s worth it when the consequences can be very costly.
2. Ensure attachments are legit
Are you expecting an attachment? Is the file name a bit off? Does the body of the email seem like it is from someone you know?
Although spam filters have become quite sophisticated, you may want to be still cautious about clicking on links from emails and websites. Verify that the link you click is legit.
Cybercriminals hide malware and other viruses in these malicious links, which can create a whole variety of problems if clicked on.
To see more information about the attachment, hover your mouse cursor over it before you open it. Call the sender if you have any questions.
If you receive attachments or links that are not quite right, and you cannot verify the sender, another tip is to open the attachment on your smartphone instead of your computer.
The risk of traditional virus infection is lower for phones than it is for PCs. If it contains something dangerous, it won’t affect your entire business network like it would if it were opened on your desktop computer.
However, it’s still beneficial to check before opening.
3. Update your software
Like thieves attempting to break into someone’s house, cybercriminals will always look for the easiest way to break into your device.
One of the most common ways they do this is by exploiting weaknesses and vulnerabilities in your business’ software.
When your software is not up to date, it’s like leaving a window unlocked.
When you update your software, you’re essentially stopping any access points the cybercriminals might try jimmy their way in.
Fortunately, software developers release updates for their products to patch up any security concerns and improve functionality. Most software will ask the device holder to update when a new version is released, and it’s best practice to do this as soon as possible.
Another thing to avoid is keeping software that has surpassed its ‘end-of-life’. Essentially, this means your software will not be supported by the developer to fix any new bugs or security problems leaving you an easy target for an attack.
4. Backup your data
One great cybersecurity idea is to ensure you have backups are digital copies of important data such as financial records and documents.
These files and information can be stored in the cloud, which is similar to storing data on the Internet, or on physical media such as external hard drives.
It is important to consider how valuable the data you are backing up is and what impact it would have on your business if it were lost.
A regular backup routine will help you keep your files safe and current. You might back up once a week, once a month, or hourly. The frequency of your backups will depend on the data you have and how important it is.
You can even make this process automatic to ensure you don’t waste any time you could be spending on your business.
5. Use a safe connection
Your devices can only be as secure as their network. Hackers can gain access to your Wi-Fi network, even if it is connected to the Internet. Securing your Wi-Fi network using powerful encryption software can help to protect your business.
However, it’s possible to connect to Wi-Fi insecurely when travelling, for work, or to access public Wi-Fi networks abroad, at airports, hotels, and other places. To protect your data, you will need to use a Virtual Private Network (VPN).
Use a VPN to protect your connection when you use public Wi-Fi. The VPN encrypts all traffic between your device (and the VPN server) It’s, therefore, much harder for cybercriminals to gain access to your data.
If you don’t have VPN, give public Wi-Fi a miss. Instead, use your mobile network.
6. Train your staff to be cyber safe
As a small business owner, it is your responsibility to keep the personal information of your clients and employees secure.
But while you can do everything you personally can to be cyber safe, the only way to keep cybercriminals out of your network is to ensure your staff also promote cyber security.
Various private companies offer comprehensive cyber training across Australia.
It will likely improve your business’ resilience and response to an attack and minimise the impact of a data breach.
7. Create a cyber risk management plan
A solid cyber risk management plan will help ensure you are prepared for not only how to prevent an attack but what to do during and after an attack occurs.
The first step in your plan is to identify where the risk is. Many will likely be covered in the previous steps.
Next identify what is at risk and how expensive it would be if that information or data was lost, stolen, or leaked.
Compare the risks against each other and protect against the most damaging and most likely risks first.
This will help you identify what is the greatest threat to your business.
After that, think about what you would do during and after an attack occurs. This could establish how you will get your operations and networks back up and running and plan on how you will deal with any media fallout.
8. Consider putting in a safeguard for the risks you can’t mitigate
After conducting a cyber risk management plan, it may become apparent that there are some risks small business owners can’t mitigate themselves.
Large businesses spend enormous sums on corporate cybersecurity, often spending tens and sometimes hundreds of millions to institute very sophisticated, high-tech defences.
Small businesses face most of the same threats but don’t have the means to make anywhere near the investment required to implement comprehensive protection, leaving significant risk uncovered.
Just consider the following:
- What would you do if a hacker blocked access to your business files and demanded a hefty ransom?
- Could you sustain a temporary breakdown to your business interruption if a cyber attack occurred?
- What sensitive business information and personal customer data could be hacked?
- Could you deal with the media fallout afterwards and the legal costs?
9. Consider Cyber Liability insurance
Cyber Liability insurance* is designed to help protect you from claims and support your profitability in the event of a cyber breach or attack. Costs associated with defending a cyber claim are also covered.
Your coverage may generally include cover for expenses and restoration costs relating to the following:
- Data breaches including theft or loss of client information
- Network security breaches
- Business interruption costs
- Forensic investigation into the cause or scope of a breach
- Data recovery costs
- Cyber extortion
- Crisis management costs (to protect or mitigate damage to your businesses reputation resulting from a cyber event)
- Loss and legal costs, including fines and penalties resulting from a third-party claim for data or network security breach against your company
The bottom line
In this day and age, ensuring you have great cybersecurity practices is paramount to the success of your business. The threat of cybercrime is ever-growing, putting small businesses at increased risk.
These online security tips can help you avoid cybercrime or safeguard your business if a cyber attack does occur.
This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording.
© 2022 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769
ABN 68 127 707 975; AFSL 501769