cloud accounting
28-Nov-2020 By - team

Is cybersecurity attainable for a small business?

Cybersecurity can be overwhelming. But with the constantly evolving cyber threat landscape, businesses need to stay safe and protect themselves from being hacked. With this in mind, here are a few simple cybersecurity tips to mitigate cyber threats and be secure.

Companies often think they’re too small or insignificant to be a target for cybercriminals, but every business is a potential target. By sending or receiving payments online, using email, or storing customer records electronically, businesses create a digital footprint that can lead attackers right to their door. Cybercriminals can use the information they gain to steal identities, sabotage operations, sell commercial information, or lock up the company’s data until it pays a ransom.

Blog Verticle Cta Img
Get started today

Got questions? We have answers

03 9568 5444

Cyber Security Tips for Small Business Owners

Develop a backup strategy for your data

As a small business, losing your data can be disastrous. To save yourself time, money, and even your livelihood, you should be prepared with a backup strategy. So where to start? For now, it’s about asking yourself simple questions, such as:

  • What kind of backup do I need? When disaster strikes, you need to figure out whether your business needs to restore, recover or maintain services. This will help you determine whether you need to store your data on-site, in the cloud, or a hybrid mix of both.
  • What needs to be backed up? In short, everything. Or at least, your most critical data. Depending on time and storage space, there are three main types of backup – full, incremental, and differential.
  • What are you protecting against? If it just files you’re worried about, a full image-backup doesn’t make sense. But if it’s your whole system – you need to think bigger.
  • What’s my Recovery Time Objective (RTO)? That is, in the event of a data disaster, how long can you go before your business suffers?

 

Answering questions like these are the first step in understanding what strategy works best for you. It can be a tricky process to wrap your head around, but luckily many IT service providers offer you the guidance you need.

Control who has access to your information

The truth is, staff can make mistakes. That’s why it’s important to train them up. Everyone who works for you should know about the business’s security programs and receive regular updates. It’s also worth reminding your staff of basic security measures like using passphrases instead of passwords.

As a small business owner, you’re also more likely to allow your staff to use their own devices at work. This can be a great idea, but it’s important to have mobile security solutions and network access control (NAC) products in place. That way, they can safely access the company VPN and email from their own laptop or mobile – without putting your whole IT infrastructure at risk.

It might be the last thing you expect, but you should also be aware of business espionage. It’s a touchy subject, but there are people who stand to gain a lot from your information. So to protect yourself from spies and insiders, you’ll need to control who can access what information.

Today, we are highly dependent on our mobile devices, and more and more attackers are using them as points of attack. One of the easiest ways to help secure your device is with a PIN or password or biometric options, such as a fingerprint or face recognition. The second key thing is application security, where app stores generally vet the applications for safe practices. But not all apps are equal; be careful that you are downloading a legitimate version for apps.

Though modern phones and operating systems have data encryption as a standard, some information may not fall under that encryption umbrella. Be sure to find out what is or isn’t encrypted. Also, be careful about “Find my device” services. This might sound a bit controversial, but don’t forget that turning on device location services means others can also potentially see you. However, in doing so, you may be able to track down your phone if it’s ever stolen or misplaced. This is a risk/reward situation.

Consider using passphrases instead of passwords

Passwords are becoming more and more insecure, as many of us use the bare minimum requirements for password length and often use the same ones for multiple sites. These passwords are either difficult to remember and very easy to crack or extremely easy to remember and even easier to crack. The solution is to use passphrases instead, for length and hash tables.

Every password has a unique hash, and when passwords are cracked using a hash table (a giant list of cracked passwords), the password-cracking tool compares the hash on the list, with the password hash. Hash tables can consist of millions or billions of strings of characters to compare with your passphrase. By creating a longer passphrase, you greatly decrease the possibility of it ending up on that table.

Implement a Security Policy

Have a security policy (many small businesses don’t) and use your Threat Prevention device to its full capacity. Spend some time thinking about what applications you want to allow in your network and what apps you don’t run in your network. Educate your employees on acceptable use of the company network. Make it official. Then enforce it where you can.

Organise employee security training, so they know to avoid sharing passwords via email or instant messaging, saving passwords to their devices and using their devices while working.

Do not allow risky applications such as Bit Torrent or other Peer-to-Peer file-sharing applications, which are common methods of distributing malicious software and think about social media while developing policy and excessive bandwidth use.

Denial of Service (DOS)

Another common and fairly straightforward cybercrime tactic is Denial of Service attacks. DOS works by flooding a computer with requests to invalid web addresses to disrupt the device’s connection or shut down the computer indefinitely. While this kind of attack doesn’t risk client data, it can result in lost work time, lost data or projects and excess costs to replace devices.

Well-managed and constantly updated firewalls and routers can help protect against DOS attacks. It’s also good to know how your Internet Service Provider is able to manage DOS attacks and having a back-up ISP just in case. Some ISPs will be able to distribute the bogus traffic across a number of networks or servers to keep your computers and networks safe.

Training, monitoring and updating are some of the essential elements of any cybersecurity policy. Make sure your business is tackling these issues head-on to protect your business, your staff and your customers.

Be socially aware

Social media sites are a gold mind for cybercriminals looking to gain information on people, improving their success rate for attacks. Attacks such as phishing, spearphish or social engineering all start with collecting personal data on individuals.

Educate employees to be cautious with sharing on social media sites, even in their personal accounts. Let users know that cyber criminals build profiles of company employees to make phishing and social engineering attacks more successful.

Train employees on privacy settings on social media sites to protect their personal information. Users should be careful of what they share since cybercriminals could guess security answers (such as your dog’s name) to reset passwords and gain access to accounts.

When it comes to social media, the biggest security issue is spearfishing. And no, it’s not a sport – it’s a scam. It involves being sent an email that looks like it’s from a business or someone you know. It will often be highly personalised, addressed to you with your position, company, work phone number and other customised information. These emails will push you to open up a nasty URL or attachment or ask for your banking details and passwords.

But where do these fraudsters get all this info? Usually, from social media sites like LinkedIn, Facebook, and Twitter. That’s why you should never post sensitive personal or business information on these platforms. To tighten your defences, make sure you regularly train your staff and invest in quality software solutions that catch out malicious emails.

Cloud Software Security

Create a password management strategy

You might never have to deal with cyber-terrorism. But the reality is, it exists – and not even small businesses are completely safe. And one of the main reasons for breaches (76% comes down to weak passwords.

So how do you counter the threats? Simple – create a solid password management strategy. Like most businesses, you probably have a long list of accounts and services you use, all of which require a password. That’s where password management software comes into play. It not only stores your passwords, but it generates strong ones to be used for all personal and business sites.

However, as secure as password software is, you should still be wary. In 2015, LastPass was hacked, exposing emails and encrypted master passwords. So before you choose your software, ask around and do your research.

Use Password Protection Software

Tools such as Bitwarden and LastPass allow your business management to share passwords directly with team members and ensure they are not being shared casually among the team. Ideally, employees should not know passwords unless there is a specific reason.

Update your software and back up your data

Today, we have dozens of applications and software from various vendors, developed and tested by people. This means chances are not all applications are bug-free. Hence, the regular software update, as outdated browsers and unpatched devices are primary targets for cyber-attacks. Updating software to the newest version will reduce the chances of getting exploited.

One of the frustrating things that can occur is when you start your workday, and upon opening your laptop, you see a message that says, “All of your data belongs to us.” Unfortunately, the only option is to format the entire hard drive and reinstall the OS. This could mean that you’ve just lost all of your work and files. To prevent such a sad day from occurring, back up your data.

Double up with two-factor authentication

As a small business, you’re likely using cloud services. And you now know that passwords don’t offer complete security by themselves. That’s why it’s worth using the power of two-factor authentication (2FA).

Working remotely can make it difficult to keep track of which employees are using each program. Two-factor authentication adds another level of security to the login process, helping to reduce your account getting hacked from multiple employees using the different software.

How does 2FA work? Basically, it’s a two-step verification process that requires not just a username and password, but also a piece of information that only the user gets given – such as a code sent to their mobile phone. This extra layer of protection makes it harder for hackers to gain access to sensitive information.

The easy part is, most cloud services and social networking sites give you the option of 2FA. It’s not always enabled by default, so make sure you find out how to turn this function on. If you’re worried about this extra step being time-consuming or complex – don’t be. It’s a small security measure with big benefits.

Two-factor can require multiple passwords or confirming identity through another device to gain access. Ensure that only relevant staff members have access to the software and platforms needed. If you are using a password-sharing platform, you can always give and take away access.

Protect your Wi-Fi

This can be an easy one to skip. But if you have a Wi-Fi network, it’s really important to make sure it’s secure, encrypted and hidden. Otherwise, you’re opening up your network to hackers who can access company files, online accounts and private information.

Remember what happened to Jared Hayne? His presentation was hijacked at a local high school, and pornographic images were shown on the big screen. While everyone assumed it was from Hayne’s computer, he had simply been hacked. That’s just one example.

So how can you boost your Wi-Fi privacy? Some simple things you can do are to change the router’s default administration password, configure it to use WPA2 encryption, keep its firmware updated, use a strong passphrase, and physically secure your router.

Get your data insured

Sometimes you simply can’t stop a disaster from happening. But you can certainly be prepared for one. Much of the business world has moved online, so it’s no surprise that cyber insurance is becoming increasingly popular.

For small businesses, it adds an extra layer of security. Basically, added peace of mind for when things go south. Depending on your insurer and the policy you take out, you can get cover for business for data liability, interruptions, restoration, ransom payments and more.

Before you decide on the level of cyber insurance you need, weigh up the risks for your data. What would happen in the event of a security breach? How long can your business be out of action? Do your clients need 24/7 access to your services? Put simply – the greater the risks, the greater the need for insurance.

Make your CMS bulletproof

Whatever CMS (Content Management System) you’re using, hackers can find sneaky ways to analyse loopholes and get inside your system. The good news is, there are also ways to make your CMS as secure as possible. Here are a few simple tips:

  • Get rid of front-end login. Many CMS attacks happen through front-end login. The solution? Allow those who need access to your CMS do in through the back-end admin screen.
  • Don’t use the default admin. The default username of ‘admin’ is all too common. To boost your security, come up with a unique ID instead.
  • Hide the ‘wp-includes’ folder. If you’re using WordPress, the ‘wp-includes’ folder is often accessible to the public. This means it’s ripe for hacking. To counter this, add a blank ‘index.html’ file to the folder.
  • Be wary of add-ons. While plugins, themes and add-ons are natural parts of the CMS experience, not all of them are safe. Some might have the capacity to access your CMS backdoor. The best way around this is to do your research before adding anything.
  • Other methods to consider include keeping your systems updated, regularly scanning your files, and using spamming protection software.

Ensure Autofill is Not Used

Disabling autofill passwords increases your level of security by ensuring browsers don’t save passwords, whether they are used with a password sharing platform or not. It makes it more difficult for hackers to gain login details.

Cyberthreats aren’t just a problem for big corporations and governments; small businesses can be targets too. Research suggests that 22% of small businesses have been the targets of cyberattacks. Approximately 11 per cent of these occurred in the last year, according to a study conducted by the Better Business Bureau.

It’s important to protect your business from cyberattacks, but the truth is, some business owners aren’t quite sure how.

To securely operate in an online world, businesses need a robust cybersecurity framework. The risks are getting higher as cybercriminals get more sophisticated and businesses must keep up or face the consequences. Working with the right partner can help small businesses develop a pragmatic, affordable plan to keep the business secure.

 

DISCLAIMER
THIS WEBSITE CONTAINS GENERAL ADVICE ONLY AND IS NOT PERSONAL FINANCIAL OR INVESTMENT ADVICE. ALSO, CHANGES IN LEGISLATION MAY OCCUR FREQUENTLY. WE RECOMMEND THAT OUR FORMAL ADVICE BE OBTAINED BEFORE ACTING ON THE BASIS OF THIS INFORMATION. INFORMATION CONTAINED HEREIN HAS BEEN SECURED FROM SOURCES EWM ACCOUNTANTS & BUSINESS ADVISORS BELIEVES ARE RELIABLE, BUT MAKE NO REPRESENTATIONS OR WARRANTIES AS TO THE ACCURACY OF SUCH INFORMATION AND ACCEPT NO LIABILITY. WE SUGGEST THAT YOU CONSULT WITH A TAX ADVISOR, CPA, FINANCIAL ADVISOR, ATTORNEY, ACCOUNTANT, AND ANY OTHER PROFESSIONAL THAT CAN HELP YOU TO UNDERSTAND AND ASSESS THE RISKS ASSOCIATED WITH ANY INVESTMENT.

Guest post by : team Form -

Like this? Share it...