What type of business do you think is the most vulnerable to cyberattack?
Because media stories focus on major security breaches, chances are you think that big players are most at risk. However, recent research states that around 50% of cyberattacks are on small business. According to cybersecurity thought leader Joseph Steinberg, reasons for this include the fact that small business owners are more likely to pay ransoms and/or that their data can provide hackers with access into other, larger enterprises.
One small-business cyberattack that did make media headlines recently was one involving a MasterChef finalist who lost $250,000 from the proceeds of their home sale after their conveyancer’s account was hacked. This made many sit up and take notice as the threat, all of a sudden, felt a little closer to home.
For those of us in the technology game, however, examples such as these are (unfortunately) all too regular. And in addition to the threat of unauthorised access, – there are the risks of human error, lost devices and unauthorised use of file storage and sharing applications – just to name a few. The tips listed below will help you take a holistic view.
At Retrac, we always recommend businesses get expert help with something as complex as cybersecurity. It is an ever-evolving beast. There are however a few small steps you can take to help you minimise your risk.
1. Acknowledge the risk – Acknowledging that all businesses, no matter how small, are a potential target is an important first step in taking control. Invest in staff training and create a culture of security awareness within your company.
2. Identify the likely sources – Be aware of the potential sources of risk and communicate these to your team. Email is just one example. People can be quick to click and check the delivery status of expected parcels. But is that email really from Australia Post? It pays to think twice.
Paper bills are another source of valuable personal information that can help criminals build a profile and give them an ‘in’ for a cyberattack. We suggest opting for electronic bills and having the right security measures in place to protect them.
3. Make sure you enable two-factor authentication – Set this up wherever possible for all your Cloud applications. It makes unauthorised access to key systems much more difficult – and minimises the risk of incidents such as the conveyancing example listed above.
4. Beware of public Wi-Fi – Public Wi-Fi should be avoided. It is easy to connect to a service that LOOKS as though it’s provided by the hotel or café you’re in, but that is actually run by a hacker sitting at the next table. Use your phone’s hotspot instead!
5. Think before you share – Be mindful about what information you are giving away in social situations. Don’t tell the world of your upcoming holiday. This can have an impact on both your personal and business security. Share your Bali pics with a closed – and carefully selected – social media group instead.
6. Consider mobile device management – While a good antivirus is still an important part of your security toolkit, opening a virus on a computer is a rarity these days. The greater point of risk is the data going through your device and between it and other devices. Think about implementing mobile device management, which enables you to retain control of what company data is accessible, by whom and on what device. This is especially important if your staff access company data on their personal mobiles -or are in a habit of using personal or shared drives as part of their work process. According to a Stroz Friedberg survey, “On the Pulse: Information Security Risk in American Business”, 87 percent of senior managers shared that they regularly upload work files to a personal email or cloud account so the risk of information getting into the wrong hands is very real.
7. Establish a security policy – Take the time to define and document your policy on who has access to what systems and how, including your stance on personal devices and third-party applications being used for work purposes. Once your policy is documented, you need to work out how best to enforce and continually update it. Retrac can help guide you through this process.
8. Manage data access in you onboarding and offboarding procedures – This includes providing access only to what individuals need and ensuring you can easily revoke access if needed.
Small business owners and leaders should never regard themselves as too small to be a target. In an ever-changing digital landscape, businesses of all sizes are at risk.
The first step to securing your business is being aware and deciding to take action. Unsure how your security stacks up? Take our security challenge today.
If you have questions or need assistance in implementing any of the above, please get in touch with one of our team.