With so much of business operating online, it’s more important than ever that SMEs include information security to protect data from cyber criminals.
A small-business owner usually has to be a jack of all trades when it comes to running their business. Whether it’s bookkeeping, marketing, sales, service, HR or IT, the list of things to manage never ends. With so much of Australian business operating online now, it’s more important than ever that small-business owners include cyber security among their many considerations.
A growing concern for small businesses
One of the misconceptions about information security is that it’s an issue that only the government or big businesses need to worry about. Many small businesses now store customer information, credit card and banking details and account information – this is all valuable data that needs to be protected at all times.
It may be a surprise, and almost certainly a concern, for small-business owners to learn that cyber criminals are actively targeting smaller organisations. Small businesses are more vulnerable to online information being stolen because they don’t always protect themselves, leaving their systems easier to access.
Recent research shows how much the cyber threat is increasing for small businesses. In the past year 30% of small businesses in Australia experienced a cyber-crime incident. The most common incidents related to phishing and scams (34%), followed by identity theft (15%), compromised web servers (14%), held to ransom-files made inaccessible by malware with a demand for a fee to release them again (12%), and stolen data (11%).*
This all translated into millions of dollars of damage, disruption and, critically, loss of customers’ trust.
But it’s not all doom and gloom. Alongside juggling their multitude of roles to keep their business running, small-business owners don’t have to be an expert or to spend a lot of money to improve information security in their business.
Ways to improve information security
Here are somethings every small-business owner can easily do straight away to improve their information security.
Keep all operating systems & applications up-to-date
Ensure that all operating systems and applications are regularly updated and currently supported. Note, for example, that Windows XP and Server Exchange 2003 are no longer supported by Microsoft. You need to ensure that your operating system and applications are protected against the latest known vulnerabilities.
Have an active anti-virus or anti-malware program installed
It is important that you are kept up-to-date with the latest definitions. This isn’t a silver bullet but it is an essential part of keeping known viruses and threats out of your business.
Use strong passwords & passphrases
Use a strong password – or, even better, a passphrase—with a mix of upper and lower case letters, numbers and special characters.
Ensure that the password is not easy to guess, for example, don’t use your birthday or name. For extra security, consider using multi-factor authentication – e.g. a password and a secondary method of verification, such as a one-time code delivered via SMS.
Know the value of your data & ensure that sensitive information is protected
Know what information is critical to your business and to your customers and ensure that it is protected – especially Pll (Personally Identifiable Information) such as names, addresses and credit-card details.
Protecting customers’ PII is a key way of showing you care about your customers as well as protecting the value of your business.
Unfortunately, things can sometimes go wrong. In the case of an unforeseen event, damage or natural disaster, ensure that you have up-to-date backup copies of all critical business data – and have a business-continuity plan in place if your primary system goes offline. Cloud-based storage is affordable for most businesses and can solve issues of doing regular back-ups and securely storing hard-drives offsite.
Beware of phishing emails & scams
Phishing emails are a common technique used by hackers to trick people into disclosing sensitive information, by encouraging them to click on a malicious link, login through a false page or open an attachment containing malware.
Be aware of emails sent from unfamiliar sources, or from people you know that seem a little odd or out-of-character, with links and attachments. Always ask yourself whether it is the type of email you would normally receive from them and whether you were expecting it, and beware of anything that looks like a login page – if in doubt, go to your browser and head to the relevant login page independently.
* Essence Communications National Survey of Small Business, June 2015
Will Irving, Group Managing Director, Telstra Business
This article first appeared in issue 11 of the Inside Small Business quarterly magazine