Small businesses are just as likely to face cyberattacks as larger companies, but they often have a harder time defending themselves. This makes them ideal targets for cybercriminals who take advantage of weaker security systems. In Australia, a cyberattack happens about every seven minutes, with small businesses facing an average cost of over $39,000 per incident, according to the Australian Cyber Security Centre (ACSC).
Even though budgets might be tight, and cybersecurity can seem complex, small businesses can still put up a good fight against these threats through these 10 practical tips:
1. Enforce strong passwords
Small businesses should mandate the use of distinct passwords for each account and system. Employees should be instructed to generate unique passwords and update them every three months to prevent unauthorised access.
2. Train employees
It’s vital for small businesses to educate their employees about cybersecurity best practices, as well as the risks associated with phishing and other prevalent cyber threats. They should be familiar with protocols that safeguard customer information and other critical data.
3. Update systems
Keeping all software, operating systems, and applications updated with the latest security patches is crucial in preventing the exploitation of vulnerabilities that could lead to cyberattacks.
4. Upgrade endpoint protection
Traditional antivirus software is insufficient against modern threats and small businesses should invest in next-generation endpoint protection solutions with behavioural detection and exploit mitigation. Through cloud-based solutions, small businesses can leverage sophisticated endpoint protection. These solutions integrate seamlessly into the business’s digital environment, providing comprehensive protection without the need for extensive (and expensive) in-house cybersecurity expertise.
5. Invest in firewalls and virtual private networks (VPNs) for remote access
It’s important to install and maintain sophisticated firewalls with deep packet inspection and threat detection capabilities. Additionally, ensure that employees working remotely have firewall protection and use a VPN to securely access critical assets.
6. Secure Wi-Fi networks
Businesses should set up a secure Wi-Fi network with strong encryption (WPA3) and a unique password. Default credentials for routers should be avoided, and networks should be hidden by not broadcasting the service set identifier (SSID).
7. Secure payment processes
Employing secure payment gateways and adhering to Payment Card Industry Data Security Standard (PCI DSS) requirements are fundamental steps in protecting customer payments. Small businesses should work with banks or processors that provide trusted tools and anti-fraud services and payment systems should be isolated from other programs.
8. Encrypt sensitive data
To protect compromised data, it’s important for businesses to encrypt sensitive information both at rest and in transit. Cloud-based services often include robust encryption protocols, protecting data both at rest and in transit. This off-site data hosting ensures data is backed up automatically and is readily available for quick retrieval, adding an extra layer of security against data loss.
9. Back up data regularly
Data backups should be stored offline or in a secure cloud environment to defend against ransomware or accidental loss. Automating data backups or performing them on a weekly basis, at a minimum, is recommended.
10. Control digital access
Access to data systems should be limited to what is necessary for an employee’s role, and software installation without permission should be restricted. Cloud-based solutions can offer advanced access control mechanisms, ensuring that data access is restricted based on employee roles, and is continuously monitored for any unauthorised activity.
Protection against cyber threats starts with a single step: awareness. Small businesses should start with what they can manage today and build up as they go, drawing on industry expertise and leveraging purpose-built solutions to establish a robust cybersecurity foundation that evolves with their business.
