How to secure your small business network

cybersecurity, best practices

Cybersecurity is a growing threat to small businesses across Australia. Results from the latest Norton SMB Cybersecurity Survey reveal that 19 per cent of the 2.1 million Australian SMEs have had their data jeopardised at some point by cyber threats.

Small businesses are more attractive targets to cyber-attacks as they are widely viewed as “sweet spots” by hackers. Why? There’s a perception that small businesses are less secure than a large enterprise, and that they underestimate their level of risk.

Cybercrime is only going to become more sophisticated and disruptive. At OFX, we have vast amounts of working data that we monitor, review and adjust continuously, so that we are primed in our response to a potential breach. Small business owners need to be just as defensive and vigilant.

Finding the right security approach

As a starting point, we recommend small businesses look to the advice offered by international and local industry bodies such as the National Institute of Standards and Technology (NIST), which offers an easy-to-follow Cybersecurity framework.

In addition, the Australian Signals Directorate’s (ASD) advice is justifiably famous in security circles and is used worldwide on how to find the most effective security controls for preventing and detecting cybersecurity vulnerabilities or attacks.

We use the NIST Cybersecurity Framework, and advice from ASD, to inform our cybersecurity strategies, as they are both updated regularly to keep up with the developing tactics of cyber criminals.

Here are four ways can protect your networks and data today:

  1. Use strong passwords and a have a password manager: Follow online advice on how to make one or two long, complex and memorable passwords – one to log onto your PC, one to unlock your password manager. Have the password manager generate and store all your other passwords.
  2. Use cloud services: The large cloud vendors like Google, Microsoft, AWS and Salesforce have excellent security records and do a far better job securing platforms than almost any company could achieve on their own.
  3. Use a modern OS and turn on automatic updates: Windows 10 is much more secure than older versions, and Mac OS X is free to upgrade to the latest version. Both Microsoft and Apple test their updates more thoroughly than any SMB could manage, so set your systems to automatically download and apply patches.
  4. Don’t use admin accounts unless you have to: You should only log on to your admin accounts in the limited circumstances you have to use them. That way if an attacker does breach your PC, at least they’re not logged on as privileged user.

Create a response plan

A plan will outline the processes your staff need to follow in the event of a data breach. It is important to have this plan in place as it acts as an instant “how to” guide if things go wrong, and provides a level of comfort for employees. This tool will set out roles and responsibilities for managing appropriate responses, and will usually apply to all staff.

Vulnerability of mobile devices

Mobile devices can be a significant challenge to security management, especially if they hold confidential data. Ensure all mobile devices have passwords to protect devices and install security applications to prevent hackers from stealing data off of an unsecure public network.

Additionally, it is vital to have a plan in place for lost or stolen devices and equipment.

A cyber attack can heavily impact the growth of your business. It is imperative that you have systems and processes in place that defend your commercial integrity.

Richard Lane, Head of Digital Security, International Transfer provider OFX