Small businesses often lack the in-house resources and expertise of large companies to protect themselves from cyber threats. Unfortunately, that makes them very attractive to hackers who use automation to target the vulnerabilities of hundreds of small businesses at once. The good news is that improving cyber security is possible with these 5 cyber security essentials for small businesses.
Develop a documented security policy
The day a small business is attacked by ransomware, a virus or some other form of malicious software is one of the most stressful events for owners, managers and staff. Creating a documented security policy will not only provide valuable advice on how to begin recovery, but it will outline a series of steps that may prevent a disaster from occurring.
A good cyber security policy will address all of these cyber security essentials for small businesses. It starts with a review of all business assets that need cyber protection. Then it defines the acceptable use of those assets online and on the internal network. The other major role of the policy is to outline how sensitive material is stored and handled.
Small businesses are often time-poor, so processes and policies are shared by word-of-mouth, rather than written down. With the complex nature of technology and the ever-increasing risk from cyber threats, a documented security policy will be worth more than the time it takes to put together.
Enable a firewall
If there’s one thing standing between any business’s data and all the nasties on the Internet it’s a firewall. This virtual ring around a small business network can block unauthorised access and control who and what is allowed in. Many network routers and individual computers have firewalls built in, but there’s also a wide variety of firewall software available for greater customisation.
Businesses that have employees working from home can provide even more secure access to their networks through a virtual private network (VPN). While home-based computers can and should have an active firewall, a VPN provides a private link to the business network for more secure transfer of data.
Use a password manager
Passwords were once thought of as a PIN number for the Internet – you had one password for all of your online accounts. Countless data breaches have highlighted the weakness in this approach and it’s now widely understood that we need a strong, unique password for each account. Unfortunately, not all of us put this knowledge into practice and clearly it isn’t humanly possible to remember every unique password. Luckily, there’s an app for that.
A password manager is an app that stores all of your passwords securely – leaving you with one strong, unique access code to remember. The app can generate long passwords with a mix of unusual characters, then automatically fill out login forms for you to save you trying to type them out. Some password managers will review your passwords to let you know if you have any duplicates, or prompt you to update them at regular intervals. They can also alert you to data breaches that impact any of your accounts so that you can update affected passwords in a timely fashion.
And because they rely on one all-powerful password to grant you access, it’s a good idea to come up with a password phrase to help you remember it. This is a sentence that you can memorise, then use the first or last letters of each word to generate the password. The longer the sentence you can commit to memory, the stronger the password.
Create a back-up routine
One of the main cyber security risks for small business is ransomware which encrypts or simply blocks access to the data in your computer systems. Ransomware is usually distributed by phishing – emails that convince employees to open an infected attachment or provide sensitive details to a malicious website. The best protection against ransomware is staff training, but hackers using ransomware are getting better and better at tricking us.
When ransomware does break through your best defences, a healthy back-up routine may be the only thing that saves you. A back-up is a copy of your data and system settings that are ideally stored offsite and completely separate from your network. It’s important to distinguish a back-up from duplicate (or redundant) drives or servers that are part of your network. While these can protect you from a hardware failure, they will not protect you from ransomware, as they may also be infected.
The good principle in back-ups is the 3-2-1 rule – that is, three copies of your data, on two different types of storage, with one of them being offsite.
One of the easiest types of back-up storage is a cloud back-up service. By its nature, a cloud-based back-up is off-site and separate from your network. It can back-up in increments of weeks, days, hours or minutes – so even if ransomware attacks, you can be confident of almost zero data loss. Your only loss will be the time required to restore your computer systems to their former glory.
But there is a caveat on cloud-based backups as not all cloud servers are created equal. Cloudhopper is a malicious software program that has been exploiting vulnerabilities in cloud-based service providers since 2017. The large cloud service providers like Amazon and Google have the resources and expertise to protect users, but due diligence is required for smaller cloud service providers who may be less prepared.
Build cyber security into your team
Only 10 per cent of Australian businesses report that they don’t have a cyber security shortage in their teams. And after the introduction of the EU general data protection regulation (GDPR), Australia is experiencing a strong demand for cyber security experts. As a result, hiring cyber security staff can take 20 to 30 per cent longer than filling a general IT role and cyber security experts can expect to be paid $12,000 more as well. Despite these facts, it seems that small business is no longer ignoring cyber threats and starting to build cyber security into their teams.
Find out more about how to learn the skills you need to protect your business from these threats by studying a Master of Cyber Security.