Moving into online business can be highly beneficial, but it can also put you at increased risk from hackers and cyber-attacks. This article will outline several ways you can protect your small business against cyber-attacks and prevent the serious damage they can do to your company and its public image.
1. Make sure your data is backed up
One of the worst nightmares for any business is to lose information because of a cyber-attack or computer failures. If you make sure that your data and your website are backed up thoroughly and regularly, the damage such events can do will be dramatically limited. Keeping a robust backup isn’t difficult and is usually inexpensive.
External hard drives or USB sticks are an affordable and easy way of backing up your data. Keep these devices at home or some other location away from your office, so that in the event of a burglary, fire, or other event, you will still have the backup.
An alternative to physical devices is to back up your data to the cloud. Make sure you choose a solution that encrypts your data for both transfer and storage, and that does not allow anyone to access your data without multifactor authentication.
Businesses often create several different backups to guarantee that your most important data remains safe. This generally involves creating regular backups to portable devices and/or cloud storage each week, once a quarter or once a year. It’s also important to undertake regular testing to make sure that your data can be restored using the backup.
2. Make sure your devices and network are secure
Securing your devices and network could help keep hackers out of your system. There are several steps small businesses can take to improve their cyber security that are relatively easy to do.
Make sure you have installed robust security software on all computers and devices used by your business. This should include anti-spam, anti-spyware and antivirus software. Once installed, keep your software updated using automatic updates. Updates often offer upgrades in security to deal with recently discovered viruses and attack methods. You can usually schedule updates to download overnight or on weekends when they won’t affect the efficiency of your system. However, you do need to make sure that updates are installed as close as practical to the time they are issued.
A firewall can add an additional layer of protection to your network of devices. A firewall can be either hardware or software that acts as a gate between your system and the rest of the internet, checking all traffic in both directions for any problems. Remember that it won’t be effective unless you download and install all provided updates, and it has to be implemented on every device used by your company.
Make sure that all old software or equipment is removed from your system as soon as it is no longer needed and that all hardware is wiped clean before you dispose of it. Any outdated software or equipment could be a back door for hackers to enter your system.
Finally, spam and phishing emails can transport viruses onto your computer or trick you into revealing confidential data. Installing spam filters will cut the number of spam/phishing emails that get through to your email servers reduce the risk of anyone accidentally opening them. Educating your employees on how to identify phishing emails (and what to do if they do open one) is also important.
3. Use encryption for important information
When you are storing or sending data, make sure that it is encrypted. Encryption turns data into an almost impossible to break code before it is transmitted, and it can only be decoded by a recipient who has the right key to do so. This greatly reduces any chance of it being stolen, destroyed, or tampered with. Network encryption should be available in the settings of your router, or you can install a virtual private network (VPN) on devices to protect them when they are using public networks.
4. Use multifactor authentication (MFA)
Multifactor authentication (MFA) is a form of identification that requires at least two proofs of identity before allowing access to an account. This often looks like a code sent to your mobile phone or email after you have entered a password on your computer. This two-step process makes it harder for bad actors to access your system, as a hacker would have to have access not only to your email or computer, but also your phone.
5. Use passphrases
Single word passwords are easy for machines to guess, but passphrases aren’t. Encourage your staff to use passwords made up of three or four different words that include upper and lower cases, numbers, and special characters. Better still, use a password manager that creates complex passwords and stores them for you.
Make sure that you limit the number of people who have administrative privileges on your system, (i.e., those who have the authority to install new programs or to create new accounts). Malicious actors frequently try to use administrative privileges to improve their access and gain control of some of the most sensitive parts of your business. Additionally, don’t combine your personal and administrative accounts. Admin accounts should only ever be used when necessary and logged out of immediately afterwards.
6. Check on your users
Businesses frequently have problems with former employees who still have access to their system. Make sure all devices are handed back by departing employees and that access to the system is removed the day they leave. Make sure that if a person moves from one job to another that access to roles they no longer need is revoked.
7. Establish clear policies for staff guidance
It’s vital that all members of staff understand that failure to follow cybersecurity procedures could lead to catastrophic consequences that could put the future of the company, and hence their employment, at risk.
Make sure you have a clear cybersecurity policy that shows your staff what responsibilities they have and the procedures and safeguards they must follow when sharing data, using any company devices or computers, sending emails from company or private accounts, and accessing sites on the internet. With more businesses offering the option to work from home, your policies may need to reflect employees accessing your system from their personal devices or storing sensitive data on external hard drives or USB sticks in their homes.
8. Prioritise customer protection
It’s essential that you protect customer information. If their confidential information is lost or compromised, the reputation of your business will suffer and you could be open to legal action for significant damages.
Make sure that any personal customer information such as addresses, emails, phone numbers, and full names, are safely stored in a way that prevents it being stolen or corrupted. If you want to sell or accept payments online, make sure that you pay a reputable provider who can ensure that all payments remain secure, and ask for advice on preventing online fraud.
You should develop a customer privacy policy based on the Australian Privacy Principles and display it on your website so that customers can have access to it.
9. Make sure that you are up-to-date and well advised
The cybercrime picture is continuously changing, and you need to keep current with all the latest developments. The Australian Cyber Security Centre provides alerts for all cyber security threats and advice on how to deal with them. It can also offer you advice on the ways in which you can make sure that your business can expand online without putting you, your staff, or customers at risk.
10. Take out Cyber Liability insurance
To protect from cyber threats, the best thing to do is to develop a robust system of protections around your business that can prevent hackers and other cyber criminals from accessing valuable data. However, even in the best-run systems, it is possible for things to go wrong. In such cases, it is vital to have Cyber Liability insurance to help mitigate any losses that you suffer and to compensate any clients or customers who have their personal information compromised or are defrauded as a result of criminal actions.
If you’re considering Cyber Liability insurance for your small business, BizCover can help you get a quote in minutes. Jump online or give us a call today to learn more about Cyber Liability and other types of insurance to help protect your business.
