Cybercrime is a bigger threat than ever, and small and medium enterprises are right in the firing line. This is because many SME owners don’t take cybersecurity seriously until it’s too late – even though a single breach can destroy the business they have worked so hard over the years to build.
According to the Australian Small Business and Family Enterprise Ombudsman (ASBFEO), small business is the target of 43% of all cybercrime, and it can have devastating consequences: more than a fifth of small businesses that were breached by the 2017 Ransomware attacks were so affected they could not continue operating, for example.
Nobody wants to see good businesses destroyed by the actions of a callous hacker or a criminal gang looking to steal and extort. It is therefore crucial that cybersecurity is taken seriously.
With these six steps, you can make your business cyber secure and resilient – significantly cutting the chances of being breached, while also ensuring your staff know how to react if those initial defences fail.
Six Steps to Protect your SME from Cyberattack
1. Review Vulnerabilities
What data do you handle and store that is sensitive, or potentially valuable to someone? Do you keep clients’ bank or credit card details, for example? In the modern age, all third party data needs to be considered high risk. Additionally, what are the weak links that could lead to criminals getting hold of this data? E-mails, mobile devices connected to the company system, even a computer left unattended somewhere the public can access, are all potentially weak links. Take the time to identify the dangers with a view to modern cybercrime methods, and you will know where you need to tighten security.
2. Train Staff
Assuming you have suitable anti-virus software, the most obvious weakness in your system is likely to be the human element. Many scams work by targeting individual system users, usually by email, and tricking them into giving up a key piece of information – so-called ’phishing scams’ fall into this category. You should therefore make sure staff are aware of basic online security practices – especially staff who have access to your company’s finances. Those paying invoices, for example, should know to question a sudden change in a suppliers’ bank details with a quick phone call, to protect against invoice fraud. There should also be at least two checks done when a suppliers notifies a change of bank details, just in case its fake.
3. Secure Hardware
Many businesses have laptops, phones and tablets that are connected to their IT systems in order to facilitate remote working – whether from home or on site. Given the ease with which these can be lost or stolen, it is a good idea for them to have strong protections in place. Business owners in particular should note that this applies to their own devices as well, as many use their personal computers and phones for work. Don’t be the weak link yourself!
4. Cyber Insurance
Every business, big or small should have an annual Cyber Insurance policy in place to protect in the event of such an incident that causes financial damage to the business. Without insurance to claim against, such an attack could literally put a business out of business, overnight. Insurance is a must have in todays growing cybercrime.
5. Have a Response Plan
One area of cyber security that is often overlooked is planning for an incident. If you are hacked, extorted or scammed, what you do in the immediate aftermath will have a big impact, especially in terms of legal and public relations implications should third-party data be involved. The Australian Government has published advice on building a response plan to cyberattacks.
6. Make Someone Responsible
ASBFEO Recommends: “Put at least one person in your business in charge of cyber security. Someone in management with access to your data and assets.” This person will be able to co-ordinate all of the above measures and regularly check that they remain up to date. In a small business, it may well fall to the owner. However, this may be an area where a fresh set of eyes, especially charged with the job, could be a better choice, having two responsible persons is also a good idea instead of it falling on the shoulders of one.
Cybercrime costs the economy more than $1 billion annually and is growing year-on-year. Make sure your business is not one of the victims.