Small businesses can be big targets for cyber criminals. In 2019, the Australian Cyber Security Centre (ACSC) conducted a security survey which showed 62 per cent of small businesses had previously been a victim of a cyber security incident. With many small business employees working remotely, here a few easy measures that can be implemented to protect organisations from cyber attacks.
Two-factor authentication
According to the Australian Competition and Consumer Commission (ACCC), Australian businesses lost $3.8 million to email scams in 2018. Two-factor authentication is one of the best ways to stop an online attack. By requiring a code, two-factor authentication stops someone who has a person’s password from accessing their account and employees can use their smartphones to access their unique code. This defence measure is so important that it’s mandatory for accounting software providers in Australia.
Use a VPN
VPNs are more commonly thought of for accessing websites in countries with firewalls that have certain content blocked, but they can be incredibly useful for businesses to secure and encrypt their data. Having a VPN means information can be securely accessed from anywhere by employees, which is great for people working remotely.
Data comes from the VPN provider’s IP address so there is no way hackers can follow the trail to identify and reach the business’ IP address. A VPN network costs very little to maintain and if you decide to use a service provider, the network setup and monitoring is done for you.
Cyber security awareness training
Business owners have a legal responsibility to keep their business and customer information secure, which is why having a cyber security training program is vital. Over 90 per cent of breaches and ransomware start with phishing (scam emails). Education is the best line of defence so staff who are aware of what phishing is and being able to spot a scam email are less likely to allow an attacker to access important data. Surveys show that many executives are guilty of clicking on phishing links and opening malicious email attachments.
By providing adequate training to staff, attacks are far less probable. Phishing, spear phishing and other web-based attacks can create financial loss, intellectual property theft and other serious problems. Businesses can also provide a ‘how-to’ guide so employees can refer to it when they come across a suspicious email.
Update software regularly
Many individuals think updates are unnecessary delays that will disrupt their workflow so they automatically click ‘remind me later’ when a software update alert pops up. Some software updates can be time-consuming but they exist to fix overlooked bugs and malware. Employees who continue to use old software become vulnerable to existing bugs, while giving hackers and cyber criminals access to the overlooked exploitable holes in the previous version of the software. Updating software regularly also protects users from new threats and anti-virus software can detect malware and suspicious files.
Backup data
Due to lack of security, small businesses are often the prime targets for ransomware attackers which is why it’s important for businesses to back up their system to avoid paying the ransom and simply restore the data before it was infected with ransomware. A backup of a business’ most important information (customer details, sales figures, etc.) can be made to an external, disconnected hard drive or to the Cloud. Automatic updates can be done making it easier to get a business up and running if information is lost, stolen or destroyed.
Annie-Mei Forster, Communications Specialist, Anywise
