Keep your business safe from cyber threats
It is important to protect your business against cyber security threats and make the most of the opportunities online.
The online world offers businesses the potential for reaching a broader customer base, use international suppliers and sometimes even save on admin or supply costs. However, the world of online business can bring the potential for scams and security risks. A single successful attack could seriously damage your business and cause financial burden for you and your customers, as well as affect your business’s reputation.
It’s a good idea to put an effective cyber security plan in place if your business accesses the internet or email to conduct business.
Steps to keep your tech and business information secure
There are tools and processes you can put in place to safeguard your business from cyber threats.
Below are some simple steps that you can take to help protect your business and maintain customer trust and confidence.
Back up data
Backing up your business’s data and website may help you recover what you’ve lost in the event of an attack.
It’s essential that you regularly back up your important data and information, from financial records and business plans to customer records and personal information. This will lessen the damage in the event of a breach or computer problem. Fortunately, backing up your data is generally cost-effective and easy.
It’s a good idea to use multiple back-up methods to help ensure the safety of your important files. A good back-up system typically includes:
- daily incremental back-ups to a portable device and / or cloud storage service
- end-of-week server back-ups
- quarterly server back-ups
- yearly server back-ups.
Make it a habit to back up your data to an external drive or portable device like a USB stick.
Store portable devices separately offsite and do not leave them connected to the computer as they can also be infected from a cyber-attack. Having a copy of your data in a separate location will let you recover information quickly and easily in the event of any data loss.
Regularly check and test that you can retrieve your data from your back-up source.
Secure your computer and devices
Small pieces of software known as malware or viruses can infect your computers, laptops and mobile devices. Install security software on your business computers and devices to help prevent infection and ensure it includes anti-virus, anti-spy ware and anti-spam filters. Make sure that you set your security software to update automatically as updates may contain important security upgrades based on recent viruses and attacks.
Set up firewall security to protect your internal networks. Remember to install the firewall on all your portable business devices and keep them updated and patched to prevent threats entering your network.
Monitor and protect the use of computer equipment and systems
Maintain a record of all the computer equipment and software used by your business. Keep items secure to prevent forbidden access and remind employees to be mindful of where and how they keep their devices.
Educate employees on using a USB stick or portable hard drive. An unknown cyber threat can accidentally transfer from a portable device from home directly into your business system.
Remove any software or equipment that you no longer need and ensure that no sensitive information is on them when thrown out.
Protect important information
Make sure you encrypt your data when stored or sent online so only approved users can access it.
Encryption converts your data into a secret code before you send it over the internet. This reduces the risk of resource theft, destruction or tampering. Make sure you turn your network encryption on.
Manage administrative passwords
Change all default passwords and look at disabling administrative access entirely to avoid an attacker from gaining access to your computer or network. Make sure you change each password to something new that can’t be easily guessed. Attackers have the potential to gain full access to your system from an administrator level account.
To reduce the risk of your computer becoming infected, create a standard user account with a strong password you can use on a daily basis.
Choose strong passwords
By creating strong passwords, you are improving your digital security.
Use passwords to protect access to your devices that hold important business information. Having a password such as ‘123456’ or worse still, ‘password’ is leaving yourself open to being hacked.
Frequently change your passwords every few months. If you use the same password for everything, once someone has your password, all your accounts are potentially under attack.
Consider using a password manager that securely stores and creates passwords for you.
Use spam filters
Use spam filters to reduce the amount of spam and phishing emails that your business receives.
Spam messages are usually from a person or company that you don’t know, and they often contain offers too good to be true. Don’t respond, attempt to unsubscribe or call the number provided in the message. The best thing to do is delete them. Applying a spam filter will help reduce the chance of you or your employees opening a phishing or fraudulent email by accident.
Sending spam emails for commercial purposes is an offence under the Australian law. Significant fines apply if this offence is proven.
Educate your staff to be safe online
It is important to train your staff on the threats they can face online and the major role they play in keeping your business safe.
Your staff need to be aware of their computer rights and responsibilities as well as their network access usage. Be specific about the types of online practices that are acceptable when using work computers, devices and emails.
Training staff on maintaining good passwords, being aware of fraudulent emails and reporting suspicious online activity will help ensure good cyber security practices.
Put security measures in place
Have policies and processes in place for your staff that outlines what is the accepted standard when accessing:
- emails and
- the internet.
Establish a strong social media policy, which sets what type of business information your staff can share online, and where. An attacker can develop a convincing scam tailored to your employee by building a profile from their business and personal information they post online.
Make sure your employees are aware of the policies and that they review them regularly. You may also consider refresher training in these policies to ensure all employees are aware of the IT security and data policies in your business.
Protect your customers
No matter the size of your customer information database, it is important that you keep it safe. Aside from being a huge blow to your organisation’s reputation, there may be legal consequences for losing customers’ personal information.
For many people who shop online it is important to know that their payment details and address are secure. It is also important for your customers to know that you will not share their details without their consent. Provide a secure online environment for transactions and ensure you secure any personal information that your business may store. Talk to your payment gateway provider about what they can do to prevent online payment fraud.
Consider cyber insurance to protect your business against impacts resulting from a cyber-attack. The cost of dealing with a cyber-attack can go past the repair of databases, the strengthening of security procedures or the replacing of lost laptops.
Cyber liability insurance cover (CLIC) can’t protect your business from cybercrime, but it can protect your business against the costs that may result from the attack.
Keep yourself informed about the latest cyber security risks
Online transaction issues and payment fraud can be a real concern for businesses trading online. It's important to stay informed about the latest scams and security risks. Subscribe to the Stay Smart Online Alert Service to receive up-to-date information on cyber security issues and solutions.
Find out more:
- Read about how to recognise cyber threats to your business.
- Visit Stay Smart Online for more steps to protect your businesses safety online.
- Read about protecting your privacy on the internet from the Office of the Australian Information Commissioner website.
- Check out the Queensland Office of Fair Trading's information on protecting your business from scams.
- Find out more on scams and fraud on WA ScamNet.
- Go to Tasmanian Government Digital Ready to find out more on Cyber Attacks – what you need to know!