Menu

Digital security tips for small businesses

smallbizsecurefeatwn

Keeping sensitive information secure is important for everyone but there are some specific considerations required for small businesses. Not only is the personal information of staff involved, but also that of customers, financial transactions, proprietary data… the list goes on and on! As such, it may come as no surprise to learn than cyber criminals often see Small to Medium Enterprises (SME) as easy targets in scams.

Compared to their larger counterparts, SMEs typically have a limited budget, which means that they don’t have a dedicated IT resource for their security system. That means there may be fewer obstacles between a hacker and the payoff of a quick scam to get access to private information and other valuable data.

So, what can you do to keep your small business safe? We’ve put together some tips for best practice in digital safety that can be used by any small business. You won’t need to shell out for expensive consultants – just some time well spent.

It all starts with passwords

Passwords are the bread and butter of security, and it’s important that the passwords you use for all business accounts and devices are not only secure, but updated regularly. Here’s some tips to keep in mind:

  • Enforce a strong password policy where passwords must be at least 8 characters long with a combination of letters, numbers and symbols.
  • Alternatively, use lengthy passphrases instead of shorter passwords (e.g.
  • Update passwords regularly – set a regular reminder for yourself every 30-90 days or so.
  • Never put all your eggs in one basket – use unique passwords for each account.
  • Always lock your computer or smartphone before you step away.
  • Use a password wherever possible – including your computers, smartphones, digital accounts and the WiFi connection used at your workplace.

Enable Two Factor Authentication

Now that your passwords are secure, it’s time to take it up a notch with Two Factor Authentication, also known as 2FA. You may already have 2FA in use with your banking institution. To log in successfully, you’ll not only need a password – you’ll also need to confirm a second authentication factor, such as a unique code sent via SMS to a mobile listed on your account.

You should aim to use 2FA wherever it is available, particularly for bank accounts, cloud services, and social media profiles. The Australian Cyber Security Centre has a range of how-to guides for turning on 2FA here.

Back up often

Data loss isn’t just potential fallout from a security incident: it could also happen from power loss or other software/hardware malfunctions. That’s why it’s important to back up your data regularly so you can revert to the most recently saved data and minimise your losses. If you’re not sure where to start on backups, check out this guide from How-To Geek.

Of course, your backed up data needs to be protected, too – if you’re backing up to a physical hard drive, keep the hard drive somewhere secure, like a safe. Always do your research to ensure you’re using a reputable cloud storage company.

Have a plan ready

Even with strong security and regular backups, it’s always best to take time to prepare for a worst-case scenario in advance, so you don’t have to do it on the fly when it’s already happened and you’re under a lot of stress. Make plans while you’ve got a clear head and keep them documented, so you’ll have a procedure to follow in the event of a data breach. You should consider:

  • Do you have the contact details of an IT company to contact in the event that your computer is infected by a virus or other malware?
  • Do you know how to restore information from a backup to your device(s)?
  • Will you need to contact IT support to re-gain access to your accounts on cloud services and social media etc.?
  • If an employee is leaving the business, what should be done to ensure they can no longer access business systems/accounts?

Secure your CMS

Many small businesses take advantage of free or low-cost Content Management Systems (CMS) to manage the content of their websites, such as WordPress. However, some of these CMS platforms may have a loophole that could be exploited by a malicious party.

  • Hide the login box on your website so it’s not visible to the public. Your staff can log in through the back-end admin screen if they need to.
  • Set a custom username and password. The default username of ‘admin’ is too common and easier to exploit.
  • Hide your directory listing and public folders, such as the ‘wp-includes’ folder in WordPress. It’s much harder for your website to be hacked when it’s not clear which platform your website is running on. This tutorial video will walk you through it for WordPress.
  • Be very wary of add-ons and plugins as not all of them are safe. Do your research before adding anything to make sure it’s coming from a reputable source.

Educate employees

Many small businesses are operated solo but whether it’s just you or a small team, every single employee should know their stuff about internet safety. It only takes one weak link to open a suspicious email attachment and put your business at risk. While you may not have a HR department to develop formal security guidelines, here’s some great resources to cover the basics:

Looking for broadband for your business?

If you need a reliable, great-value broadband service for your small business, consider getting in touch with business arm of our parent company, iiNet. iiNet Business pride themselves on tailoring telecommunication solutions to suit all manner of business operations, including NBN, Fibre to the Building, and their own ULTRA Broadband networks. Plus, you can enjoy the peace of mind that comes with the dedicated iiNet Business Support Team.

Find out more

One comment

  1. Brett Turner says:

    You recommend 2FA, which is a really good idea, yet iiNet does NOT offer 2FA on their services such as email!

    How do you reconcile this glaringly blatant disconnect?

Leave a Reply

Your email address will not be published.

Menu

Search