Cyber security tips for business owners

Cybersecurity is one of those things nobody thinks about until things go drastically wrong. Small businesses often make the mistake of assuming that cyber crime only targets big corporations. However, as many cyber attack techniques can now be automated or undertaken without the expertise of a hacker, criminals are casting a much wider net that includes small businesses and even sole traders. Thankfully, common sense goes a long way to keeping you safe online.

Criminals have grown ever more sophisticated in their attempts to extort money and steal personal information. Fortunately, so have the countermeasures. Here are common sense cyber security management and maintenance measures that every business owner should implement.

Educate yourself and have an IT policy

Knowledge is your first and best line of defense in cyber security. Millions of data breaches occur when someone is tricked into revealing information (like passwords or credit card information) after unknowingly clicking on a fake message.

Educate yourself and your staff, and put in place an IT cyber security policy. Can you recognise the signs that an email is a phishing scam? Do you know how to respond to a ransomware attack? A good place to start is the Australian Government Cyber Security Centre’s small business cyber security guide.

Use strong passwords

Simple passwords like your name, postcode or birthday are easier to guess and break so don’t use them. A strong password should contain at least 10 characters, a mix of numbers and symbols, and upper and lower-case letters.

Password memorability is a common reason many business owners keep the same, simple password and use it multiple times. Password generators (eg. https://passwords-generator.org/) are the best way to manage this. You should also change your password once every three to six months.

Invest in secure software

Even someone who is cyber-aware will click a dodgy email and perfectly legitimate websites can also be hacked. To mitigate the security risks, invest in software that automatically identifies and removes viruses or malware, phishing scams, and blocks suspicious activity. Don’t click cancel when your operating system says an update is available because that update may fix a critical security vulnerability.

Establish user access guidelines

Disgruntled employees can seriously damage a business. Deleting or stealing sensitive information, writing aggressive and compromising emails, and hijacking third party apps are all common examples of an internal security breach. A good IT policy will address how staff access digital assets (these are called ‘permissions’) and tie up loose ends once they depart. A strong policy should cover email, social media accounts, as well as access to sensitive information and any other online credentials.

Have reliable backups

In the age of ‘the cloud’, it’s easier than ever to save and retrieve your data online. Invest in a reliable backup system to protect your work, records and personal data in the event of a computer crash or software malfunction.

Protect sensitive information with two-factor authentication

This security measure requires someone logging into an account to provide two credentials, often using two devices. For instance, when logging into a bank account, a user also enters an access code received via SMS. This system keeps your data secure if someone has your password, as they can’t break into your account without your phone.

Check if you’ve been compromised

Even secure organisations can suffer breaches – sometimes hundreds of millions of passwords, including those belonging to small businesses, are dumped online for anyone to see. While Australian legislation now requires organisations to disclose data breaches, it pays to regularly check if your details have been compromised. A good tool is the haveibeenpwned website. This site lets you check if your email address is part of a data breach. If it has, then changing your password will eliminate this problem.

While these tips are a good start, any business that handles the sensitive and personal financial information of their customers should consult an IT firm to ensure they remain protected.

Disclaimer: Council is not affiliated with any of the providers listed here. It is your responsibility to do due diligence and research the options and select the ones that best meet your business needs.

Last updated 30 March 2021