5 'must do' tips for small businesses to increase cyber security

As much of the nation sits in lockdown or under restrictions, the same conditions that are so challenging for our businesses are unfortunately also the ones where cyber criminals thrive.

The breach of an organisation’s data and systems can cause significant financial and reputational damage, including the loss of clients or customers.

Making sure that your cyber security systems and processes are up to scratch is key to protecting your business, we have compiled a list of top 5 ‘must do’ cyber security tips for small business owners:

1.  Employee Training and Education

People are your business’ best asset, but also the most vulnerable point in terms of cyber risk. Quarterly cyber security awareness training which covers key cyber security knowledge is your first line of defence.

Training does not need to be long and onerous, key messages can be conveyed in 30 to 45 minutes and should include: Recognising and avoiding phishing/social engineering attempts, responding appropriately to and reporting a data breach, being mindful of physical security, knowing data privacy best practices, and ways to avoid being a victim of ransomware.

2.  Create a cyber-security culture

Put policies and processes in place to guide your staff in understanding their cyber security responsibilities. These should be socialised during employee induction, reinforced during the quarterly training, and communicated when there are significant changes within the business.

The Federal Government has a good ‘how to’ guide to help businesses develop a robust cyber security policy, which can be found online at business.gov.au.

3.  Network & Endpoint Security

Ensure all laptops and workstations are up-to-date with the latest security patches for your operating systems and other software, have antivirus installed, are behind a firewall, and that email spam filters are enabled.

If you don’t have a network and rely on your workplace Wi-Fi, focus on ensuring that endpoint security on your laptops and workstations is adequate.

4.  Account Security

Passwords alone are not an adequate line of defence, as they are too easily compromised. Businesses should employ the use of a password management system, use passphrases instead of passwords, apply 2 Factor Authentication (2FA) or Multi Factor Authentication (MFA) for critical accounts, and change all default passwords to new passphrases that can’t be easily guessed.

PC Magazine Australia lists a number of market leading password management systems in this article, which may provide a good starting point.

If you are a small business that uses Microsoft Office 365, ensure you have enabled MFA to protect your email systems and avoid Business Email Compromise (BEC). This article from the Australian Signals Directorate provides excellent insight into BEC.

5.  Backup & Disaster Recovery

Too many small businesses are carrying a big risk with their backup system or lack thereof.

Make it a priority to enable automatic and secure cloud-based data backups, ensuring encryption is used when transferring and storing data. Multi-factor authentication should be required for access.

Regularly test that you are able to restore data from your back up - this is very important, as paying for a backup service that cannot be recovered is an area of high risk for small business.

Understanding how you can improve the cyber resilience of your business can be daunting, but these steps will ensure you have the most critical elements covered.

The Australian Government has also provided an easy to understand guide at cyber.gov.au, which is a great resource for any small business owner.