Running a small business is hard enough without having to worry about hackers. The good news is that a few simple habits can make a big difference to keeping your business safe online.
We’ve outlined seven simple steps to strengthen your cyber security and help keep your business, and your customers, safer.
Install software updates to keep your devices secure
One of the most effective ways to protect your business is to make sure that all your systems and devices are regularly updated. Software developers often create patches to fix security vulnerabilities they find in software, that attackers could exploit. Installing regular updates will keep your devices secure and makes it harder for cybercriminals to access them.
It’s a good idea to have automatic updates switched on so that you are notified when an update is available. Don’t be tempted to ignore your updates for too long – it’s best to implement them as soon as you can to close any loopholes cyber criminals could find. If your device is no longer supported with security updates because it’s too old, it may be time to think about upgrading to a new device.
Learn more about how to update your devices on the Australian Cyber Security Centre (ACSC’s) website.
Make use of free resources
Cyber security is a top priority for both government and industry. This means that there is a wide range of free resources available for small businesses to help improve their cyber security.
Some of the free support that small business owners can access includes:
- The Australian Government’s Small Business Cyber Resilience Service, delivered by IDCare - Australia and New Zealand’s national not-for-profit scam, identity and cyber support service. The service includes free cyber health checks, consultations with cyber advisers and other resources, tips, and action plans to lift cyber maturity.
- The Cyber Wardens program, provided by the Council of Small Business Organisations Australia (COSBOA), which provides a range of cyber safe information and online training tailored to small business.
- ACSC's Cyber Health Check tool which can help you identify any gaps in your security and strengthen your defences against cyber threats.
Use a unique and strong passphrase for every account
Many small businesses face cyber attacks because of poor password behaviours - for example, using the same password for multiple accounts. Cybercriminals can crack a short password in little to no time, which puts your valuable information at risk.
Changing your passwords to a passphrase is a great way to improve your cybersecurity. A passphrase is a combination of four or more random words used in place of a standard password – think ‘burger mouse boot chart’. Passphrases are hard for cybercriminals to hack, but easier for you to remember.
Remember to create passphrases that are:
- Long – 15 or more characters.
- Unpredictable – use four or more random words and avoid using identifying information like names and addresses.
- Unique – different for every account, just in case one is compromised.
Set up multi-factor authentication
Multi-factor authentication (MFA) adds an extra layer of security to your online accounts, including your email, social media or internet banking. When you have MFA set up, every time you log into a secure account you will go through an additional step to verify it’s actually you logging in. This extra identity verification could include a code sent to your mobile, or the use of an authentication app.
FA makes it harder for someone to gain access even if they guess your password, as they will need more than just your login details.
Tip: You might already be using MFA for some of your accounts, but it’s important to turn it on everywhere you can. Start with your most important accounts like email, banking, social media and document storage, and implement it from there.
Learn how to spot a scam
Scams are a common way that cybercriminals target small businesses. If you know how to spot a scam, you’re already one step ahead of them.
The Australian Competition & Consumer Commission’s (ACCC) Little Book of Scams is a good tool for honing your scam senses. Download it for free on the ACCC website.
Scammers are always coming up with new ways to take advantage of people and businesses, so it’s important to keep up to date. The ACSC’s email alert service shares information on the latest online threats and what you can do to keep them at bay.
If you employ staff, take the time to educate them on scams and cyber security. The ACSC’s website has some useful cyber security resources to help yourself and your staff learn about cybersecurity.
Back up your data
A back up is a digital copy of your important data that is kept separate from where you normally access it. Having your information backed up means you can restore your files if your accounts are compromised or something else goes wrong.
It’s good practice to regularly back up your files, just in case something happens to your computer. You can even set up automatic back ups in most systems and applications for peace of mind.
Online and cloud storage are popular back-up options but unfortunately can also be compromised. Ideally, you should also have a back-up of your back-up too, in case the date is compromised or corrupted. Don’t worry, this isn’t as hard as it seems. For example, use a local external hard drive for frequent, quick backups and an automated cloud storage service for an offsite copy.
Read the Australian Cyber Security Centre's Small Business Cloud Security Guides for more information and helpful tips.
Report cyber attacks and incidents
Being scammed is a horrible experience, and it can happen to anyone. It’s important that you report scams to ScamWatch or the Police. Sharing details of a suspected scam helps the government to stop scammers, warn others and keep everyone protected. You can also report the scam account to the social media or other platform which they used to engage with you.
The Have you been hacked? tool from the Australian Cyber Security Centre can walk you through a series of scenarios to determine if you have been hacked and provides practical steps to follow to manage the situation.
If you have been the victim of a scam, ScamWatch explains the steps to follow to limit the damage and protect your business from further loss.
