Six cyber security tips for small businesses

August 8, 2020

Australia’s cyber security strategy 2020, just released by the Home Affairs Department, attempts to address the cyber resilience of the nation’s small and medium businesses. The 52-page plan will see $1.67 billion invested in a number of already-known initiatives aimed at enhancing Australia’s cyber security over the next decade.

The plan outlines how the Government aims to “enhance the regulatory framework” that will secure critical infrastructure. While much of the focus on critical infrastructure is ensuring assets are appropriately defended during a cyber attack, the Government will also assist operators to “enhance their cyber security posture”. The Government is also considering additional “legislative changes that set a minimum cyber security baseline across the economy”. There is an investment in centralising management and operations of government cyber security networks, and of course, investment in investigating and disrupting cyber crime, including on the dark web. 

Now all of these programs will take some time to materialise – especially with parliament sittings in question over COVID 19 restrictions. So what does this mean for small business owners relying on home networks to get them and their employees through the next few months? Even though 80% of SME respondents to a 2019 government survey rated cybersecurity as ‘very important’ to their business, most Australian SMEs don’t see spending on cybersecurity as an imperative. So, what can SMEs do to improve their cybersecurity without having to outlay expensive costs during these uncertain times? Well, here are six simple steps you can take now to help secure your business.

1 Back up and restore your system.

Cyber crime can implement malware infection like ransomware. This corrupts your data and in some cases, denies you access so you can’t log into your computer at all. By having current backups – to the cloud or external hard drives, means you still have access to your data, and this can save you thousands of dollars if something does go wrong. Make sure all phones, computers, iPads etc. are routinely and regularly backed up to preserve your information. Ideally, you store a physical backup somewhere safe offsite as well.
Top Tip: Test you’re able to restore your backup regularly as well.

2. Keep your software up to date

If your software is outdated, hackers can find access loopholes within your software. By regularly keeping your software up to date, you gain access to hotfixes for old loopholes found in earlier versions and stay one step ahead of hackers.
Top Tip: Beware of scam emails asking you to click on links to update your software. Always check your sources and only go through official update channels.

3. Set up Multi-factor authentication for logins.

Multi-factor authentication or double-factor authentication is a security measure that requires two or more steps or proofs of identity to grant you access to your software. By increasing the steps needed to get into certain programs, it makes it much harder for criminals to attack your business. If one proof of identity, e.g. PIN is breeched, there is still a second step that involves texting, further personal details or codes from an authenticating app for them to gain access. Setting up double-factor (or two factor) authentication can be as simple as setting up text message codes on your mobile phone as a secondary log in step, or using Login codes from a third-party authentication app

4. Say no to Google’s autofill requests.

Remembering passwords is hard, we get it, but by using autofill passwords, you open yourself up to risk across all of your work – and personal – platforms. If you disable autofill in your web browser, it means browsers no longer save passwords, which makes it more difficult for hackers to gain login details. If remembering strong passwords is proving difficult, you can look at installing a password manager, which generally come with much higher security measures than autofill does, and they allow you to share passwords securely and safely within your team.

5. Be wary, and don’t just rely on instincts to alert you to scams.

Professional hackers are good at what they do – which is tricking people into breaking standard security practices. There are numerous stories of people being asked via email to change bank details for payments or transfer funds differently. And they comply because the hackers got 90% of the email details correct. Just as adding in a two-step login process adds more security, if asked via email to change invoices or banking details, always double-check changes via a follow-up call. Be sure to use contact details you find through a legitimate source and not those contained in the suspicious message – and perform these checks no matter how busy you are.
Top Tip: Think carefully before clicking on links or opening attachments in emails. Before you click a link, hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser and avoid clicking directly on the suspicious link. 

6. Install anti-virus software

Viruses, spyware and other malicious software or malicious code (malware) can stop your computer working correctly, delete or corrupt your files, steal information, or allow others to access your computer and your personal or business information. So avoiding getting them on your computer in the first place is an excellent idea! You can improve your cyber security by installing anti-virus software. The Australian Cyber Security Centre recommends that as a minimum, all anti-virus software should provide:
-protection and detection capabilities for malware, adware and spyware
-comprehensive anti-virus scanning.
-a site adviser so your browser alerts you when visiting a suspicious or dangerous website
-malware protection with an integrated firewall. 

Suppose you’re stuck and don’t know which software to use, or are unsure of your requirements. In that case, it’s recommended you hire external security companies who can advise on the best product for your business and what capabilities you should look for.
Top Tip: Before choosing an anti-virus product, consider reviews and trustworthy websites or magazines.

For more detail on all these points, check out the Australian Governments Australian Cyber Security Centre https://www.cyber.gov.au/acsc/small-and-medium-businesses/protecting-your-business-online

FCA Blog