As the internet has become an even more integral part of our lives and businesses, cyber threats have become a more prevalent danger.
Each and every day, cyber security incidents impact small businesses, large companies and individuals.
These cyber threats can cause devastating results for many small businesses.
Not every owner has the time or resources to effectively manage their cyber security, so this list includes a few tips to help protect your business from cyber attacks.
Common Cyber Threats
In order to better protect yourself against a cyber security incident, it’s important to understand what the most common cyber threats are.
Malicious Software (Malware)
Malware is software that is created to cause disruption or damage. It can include viruses, spyware, trojans and worms.
Criminals can use malware to access confidential information, such as bank or credit card numbers, passwords, and other personal information.
Some types of malware can gain access and take control of a user’s computer, using this information to commit fraud or identity theft. This security risk can disrupt business, and risk the security of sensitive data and intellectual property.
Malware creators can be located anywhere, as long as they have a computer and the technical skills, criminals can easily access cheap tools to use malware against you.
Email Scams (Phishing)
Phishing emails are a type of scam where a criminal impersonates a legitimate organisation, such as a business, via email, text message or advertisement, in order to steal sensitive information.
Often these criminals will pretend to be an individual or organisation you think you know and trust, in order to trick recipients out of their money and data. They may use official branding and logos to mimic businesses such as banks, and make themselves seem legitimate.
The emails or calls will most often attempt to trick businesses and individuals into performing specific actions, including:
- Paying fraudulent invoices, or changing payment details on legitimate invoices
- Reveal confidential information such as bank account details, passwords and credit card numbers
- Give remote access to your computer, device or server, through opening an attachment that contains malware
- Purchase gift cards and send them to the scammer
Phishing attacks are becoming more common, increasingly sophisticated and even more difficult to spot.
Always be cautious regarding urgent requests for money, changes to bank accounts, unexpected attachments and requests to confirm login details.
If you believe a message or call might truly be from an organisation you trust, you should find a reliable contact method to confirm.
You can search for the official website or call their advertised phone number. Do not use the links or contact details supplied in the message you have been sent or given over the phone, as these could be fraudulent.
You can also report suspicious emails and suspected scams to Scamwatch.
Ransomware
Ransomware is a type of malware that locks your computer or files down until a ransom is paid. This malicious software works by locking up or encrypting files so that you can no longer use and access them. This can sometimes result in your computer crashing.
Ransomware can be picked up in the same ways as other malware, such as:
- Visiting unsafe and suspicious sites
- Opening links, emails or files from unidentified sources
- Having poor security on your network, mobile devices and servers
It’s important that you never pay a ransom. Paying for the ransom does not guarantee that the files will be restored, and it won’t prevent the stolen data from being published or sold.
Paying the ransom can actually increase the likelihood of being targeted again.
If you experience a ransomware incident and need support, you can call the Australian Cyber Security Centre hotline on 1300 292 371, or report the incident via ReportCyber.
Ways To Protect Yourself
In order to protect yourself and your business it’s important that you are implementing some sort of strategy to manage your software, data and online accounts.
This can protect your computer networks from attacks, and save you the trouble of dealing with online criminals.
Here are just a few of the things you can do within your business to improve your cyber security.
Automatic Updates
Keeping up to date with software updates is one of the best ways to protect yourself and your business from a cyber security incident.
An update provides you with an improved version of software, whether it’s a program, app or your operating system.
By setting your servers, computers and mobile devices up for an automatic update, you will get software improvements as soon as they are available, helping you prevent data breaches, and improving your information security.
Updating to the newest version of a software can help reduce the chance of a cyber criminal using a known weakness to run malware or hack your device.
Automatic updates can also just help make your life easier, saving you time. If automatic updates aren’t available, you should regularly check for new updates. You can also set a more convenient time for your updates to occur so that you reduce disruption to your business.
If you have antivirus or security software, you should always make sure these are set to update automatically.
Automatic Backups
A backup is a copy of your most important information, such as customer details and financial records. You can save this either on an external storage device or to the cloud.
Setting up automatic backup creates a ‘set and forget’ system that will backup your important information without the need for human intervention.
You should disconnect and remove your backup storage device after each back to ensure it remains secure in the event of a cyber incident.
Backing up is a precautionary measure to keep your data accessible if it is ever lost, stolen or damaged. It gives you the room to recover in the event of a cyber incident, and helps you get back on your feet faster.
You should test your backups regularly, and keep at least one backup disconnected from your device.
Multi-Factor Authentication
Multi-factor authentication is a security measure that requires two or more proofs of identity to grant you access to a device or account.
This usually requires a combination of things:
- Password, PIN, or security questions
- Authenticator app, smart card, or physical token
- A fingerprint or other biometric method
This can be one of the most effective ways to prevent unauthorised access to valuable information and accounts.
These layers make it much more difficult for a criminal to attack your business. They might be able to steal your password, but obtaining the right combination of proofs of identity is much harder to accomplish.
As a business you should implement MFA on all possible accounts, especially financial and email accounts.
Access Control
Access control can help you limit access to your computer system. It can protect your business by restricting access to critical infrastructure such as;
- Files and folders
- Apps
- Databases
- Inboxes
- Online accounts
- Networks
Most of your staff will not need to have full access to all data, accounts and systems to perform their job. You should restrict access to sensitive information where possible, so employees and external providers do not accidentally or purposefully endanger your business.
Having an access control system in place will allow you to;
- Decide who needs access to files, databases and emails
- Control access permitted to external providers such as accountants, website hosting providers
- Restrict access to social media and website accounts
- Reduce damage if information becomes compromised
- Revoke access if an employee changes roles or leaves the business
As a small business, typically the safest way is to give employees the bare minimum access and permissions they need to perform their job.
Passphrases
A passphrase is a more secure version of a password, and can be useful in situations where you can’t use multi-factor authentication.
Passphrases consist of four or more random words that make up your password. For example, ‘milk bridge toenail soup’.
Passphrases are intended to be hard for cybercriminals to crack, but easy for you and your employees to remember.
Your passphrase should be:
- Long: the longer the better, but as a guide it should be a minimum of 14 characters
- Unpredictable: use a mix of unrelated words, don’t use famous phrases, quotes or lyrics
- Unique: don’t reuse your passphrase on more than one account
Employee Training
Employee training is a must when it comes to keeping your business safe from cyber attacks. You should teach yourself and your staff how to prevent, recognise and report a cybercrime.
Your staff should know the basics, such as how to update their devices, secure their accounts and identify scam emails.
You may also want to implement a cyber security incident response plan so your employees have a guide in the event of a cyber incident.
This will help you understand what your critical devices are, and what processes need to be in place.
Employees can be the first line of defence against a cyber threat, so training will help change habits and behaviour to ensure cyber security is everyone’s responsibility.
Regular awareness training is going to help keep your business safe. Scams and cyber attacks are only getting more sophisticated, and evolving as things change. Keeping your staff up to date on the latest cyber security threats could be the difference between a criminal gaining access to your vital data.
Keep Your Business Safe
These steps should help you understand more about what cyber threats are, and some of the strategies you can use to protect yourself.
Unfortunately, this does not mean that you will always be able to protect yourself or your business from the increasingly clever cyber threats.
If you’re considering Cyber cover for your home, or business, contact us today for a specialised quote.
Email: [email protected]
Credit: https://www.cyber.gov.au/acsc/view-all-content/publications/small-business-cyber-security-guide
Add a Comment