With many Australia’s still working from home, it’s important for Small to Medium Enterprises (SMEs) to consider cyber security strategy and make sure sensitive information such as personal staff details, customer information, financial transactions and proprietary data are secure.
Small businesses typically don’t have a dedicated IT resource for their security system, so there may be fewer obstacles between a hacker and the payoff of a quick scam to get access to private information and other valuable data.
So, what can you do to keep your small business safe? We’ve put together some tips to consider for digital safety:
Let’s dive right in!
Passwords are the bread and butter of security, and it’s important that the passwords you use for all business accounts and devices are not only secure, but updated regularly. Here’s some tips to keep in mind:
Now that your passwords are secure, it’s time to take it up a notch with Two Factor Authentication, also known as 2FA. You may already have 2FA in use with your banking institution. To log in successfully, you’ll not only need a password – you’ll also need to confirm a second authentication factor, such as a unique code sent via SMS to a mobile listed on your account.
You should aim to use 2FA wherever it is available, particularly for bank accounts, cloud services, and social media profiles. The Australian Cyber Security Centre has a range of how-to guides for turning on 2FA here.
Data loss isn’t just potential fallout from a security incident: it could also happen from power loss or other software/hardware malfunctions. That’s why it’s important to back up your data regularly so you can revert to the most recently saved data and minimise your losses. If you’re not sure where to start on backups, check out this guide from How-To Geek.
Of course, your backed up data needs to be protected, too – if you’re backing up to a physical hard drive, keep the hard drive somewhere secure, like a safe. Always do your research to ensure you’re using a reputable cloud storage company.
Even with strong security and regular backups, it’s always best to take time to prepare for a worst-case scenario in advance, so you don’t have to do it on the fly when it’s already happened and you’re under a lot of stress. Make plans while you’ve got a clear head and keep them documented, so you’ll have a procedure to follow in the event of a data breach. You should consider:
Many small businesses take advantage of free or low-cost Content Management Systems (CMS) to manage the content of their websites, such as WordPress. However, some of these CMS platforms may have a loophole that could be exploited by a malicious party.
Many small businesses are operated solo but whether it’s just you or a small team, every single employee should know their stuff about internet safety. It only takes one weak link to open a suspicious email attachment and put your business at risk. While you may not have a HR department to develop formal security guidelines, here’s some great resources to cover the basics:
CMS: I had a WordPress site and paid for a service that removed malicious content.
But the malicious content got there anyway.
And, given that WordPress is php+mysql, I found I could make my website safer and lighter just by building the functionality I need.
OK: I miss out on some goodies, but I also avoid the baddies, and I know what my code is doing.
use redhat server or ubuntu server. a lot better than any thing from microsoft . dont use outlook or outlook express , dont use microsoft web browsers. microsoft office ( there are better alternatives) , microsoft internet exchange , all are buggy and insecure
One critical thing that is missing is patching. Sample sure your applications are up to date. The vast majority of compromises are based on exploiting known vulnerabilities. Have a look at the ASD essential 8. Very good resource for all businesses even for your home.
Im not very good with these sort of things. Is it possible someone gives me a call PH: and takes me through things. Iinet has my phone number, so could someone please call me.
Thanks Gina n’all…
This is also very useful for small and volunteer NFPs (Not For Profits) so you might like to adjust some of the wording (eg ‘small business and NFPs’?) to show you are thinking of a wider range of potential clients.
— Dr Barns
Unexpected emails:
(1) I always have “Load remote content” off
(2) I turn off my wifi
(3) I move the email to the bin (where nothing in it will execute
(4) I view the source code of the email: if it looks OK I’ll go back and open it as email (and, depending on the need, I allow remote content to load).
Phone calls: if I don’t recognise the caller number I don’t answer it. If the caller doesn’t leave a message, then that’s fine by me – no followup required.