Cyber Security.

A big term but is it relevant to small business?

Cyber security is about protecting information on any computer, tablet or phone that has internet access, and information stored on the internet.

We all have critical information that should be protected from hackers & scammers.
For example: bank details, employee records, personal & business information that would enable identity theft, passwords, etc.

So yes, cyber security is VERY relevant to small business!

What can small business do to protect their information?

Small businesses often don’t have heaps of money to invest in security systems, but it’s important to do as much as possible.

Remember – it costs a lot of time, money & productivity to recover from a security breach, so the upfront cost should be thought of as insurance.

This is our list of inexpensive cyber security tips:

Enable 2FA on everything you can.

• 2FA is 2 Factor Authentication – it means that there is a second layer of security when logging in, usually a numeric code.
• Many businesses are adding 2FA to their account/member logins. Check the security settings on your online accounts, and turn 2FA on if you can
• Always use an Authenticator app if it is offered as a 2FA option – this is the hardest option for a hacker to use
• Never choose an email 2FA unless there is no other option. If a device is compromised and the email is on it the hacker will have access to the 2FA codes as well

Email

• Make sure your email accounts are protected by 2FA.
• It’s more likely that a hacker will get access to an email account through the internet than from accessing a device. Having a 2FA code on the email login makes it a lot harder to crack
• Send links to download financial files instead of attaching them in emails
• Always check the email address of the sender before you click on any links or attachments – if it doesn’t look professional or doesn’t match the business delete the email
• Never log into any site from a link in an email – always open a web browser and go to the site to get to the login page

Anti-virus & Malware Protection

• Talk to your IT provider and get the best End Point protection you can afford
• Make sure it’s updated automatically & it’s monitoring your devices constantly
• Check you are using all of the relevant features in the anti-virus & malware product
• Protect your website – this is really important! A website is the public face of your business so if it becomes a hazard to your customers you may lose all the good will you’ve built up, and we all know that 80% of sales comes from existing customers. Make sure the software updates are applied and you have malware protection, a good website provider can monitor that for you.

Passwords

• Use passphrases instead of passwords, the longer the passphrase is the harder it is to crack eg: I like walking on the beach
• Use an encrypted password app that doesn’t store the passwords on the device
• Where possible use the encrypted password app to log in to sensitive sites, rather than typing in passwords
• We choose not to store passwords in Chrome , or Edge and never tick the “Remember me” option. It takes longer to type every time, but if the login details are saved and a hacker gets onto your device they have immediate access to the saved login details.

Backups

• Make sure you have disaster recovery backups
• If you have information saved on a device consider an online backup option, or download to a USB or external hard drive
• Microsoft, Apple & Google all have complex security systems for the data they hold. Consider saving your files in the cloud if you don’t have the option to secure the device.

Encryption

• If your files include information covered under the Privacy Act (eg: Employee Tax File Numbers, or client passwords) we recommend it should be saved where user access can be traced, and if possible in encrypted format. Encryption costs a little more but being responsible for a data breach is very serious.
  We use Tresorit, but there are industry specific Apps with data vaults that might suit your business.
• Passwords should be encrypted – these apps are inexpensive
  We use 1Password, but there are others.

Log ins

• Log ins should always be user specific, never have generic or shared logins
• Restrict access to functions that hold sensitive information

Security

• Check the security settings on offer in the programs you use & update them if necessary
• Ask the software & App providers where your data is stored. Choose providers who store their data in Australia, or countries with stringent security where possible. Microsoft servers are always a safe option.

Stay up to date

• Enable automatic updates to Apps, software and operating systems
• Apply to become a partner on the Australian Cyber Security Centre website, it doesn’t cost anything, and they send out alert emails about new risks and best practice. 
  https://www.cyber.gov.au/partner-hub/overview

If you don’t know where to start, try the Cyber Security Assessment Tool

https://digitaltools.business.gov.au/jfe/form/SV_0dnd9cF15I8LnH8?ref=bga

Stay safe and protected!