If you own a small-business and think data-security is unavoidable, this article provides 13 small-business cyber-security-tips.
Do you fear being hacked or losing customers’ personal information? If you yes, you’re certainly not the only one.
1. Norton’s Cyber Security Findings
A recent report by Norton highlighted an alarming statistic. It found that more than one third of New Zealand’s adults were affected by cyber-crime. Whilst more than half of them were affected during the last year.
Norton also highlighted, Kiwis lost more than $177 million due to cyber-crime. On average, Kiwis spent more than nine hours dealing with the unwelcome effects.
Eighty-two percent of those affected lost all of their money. Many of the others recovered only small amounts of their losses.
2. What Is A Data Breach?
A data breach is when someone copies, transmits, steals or uses confidential, protected or sensitive data, without permission. Data can be breached by: accident, computer viruses, hackers or even disgruntled staff.
3. New Zealand’s National Cyber Security Centre and CERT NZ
You don’t need to spend much money to help minimise your cyber-security threats. New Zealand’s National Cyber Security Centre and CERT NZ offer practical guides to help you improve your cyber-security.
Their advice shows you how to protect your software and hardware, as well as securing your internet connections. They also explain how to evaluate the strength of your cyber-security defences. An international standard, ISO/IEC also offers cyber-security-tips to help improve information and network security, and internet security.
4. Cyber-security Risk Management
Make a list of anything in your business (bank accounts, intellectual property, software, etc) that may be exposed to a potential cyber-attack.
Brainstorm the risks and threats they are potentially exposed to and the source of those risks. Examples might include: external attacks on your website and other systems, people stealing your computers, etc.
When you’ve compiled your list, determine the impact the cyber-attack would have on your business. Examples might include: damage to your brand and reputation, sanctions and regulatory fines, financial losses, and much more.
Finally, address any threats or gaps in your security processes by: installing anti-virus software, reviewing and recirculating your policies to staff, and consulting experts.
5. Train Your Team
Identify and document all cyber-attacks. Instruct your team to notify you of all cyber-attacks – big or small. You can then hopefully keep damage to a minimum or better still, prevent it. You’ll also have information to review and update your cyber-security processes. Never leave cyber-security incidents to chance. Consult an expert if you are unsure how to deal and prevent incidents.
6. Perform Regular Back-Ups
Losing key data and information that’s fundamental to operating your business may have significant consequences. Such occurrences are not confined to cyber-attacks and can also result from software and hardware failures.
Determine what data is critical and needs to be backed-up. These include websites, document folders, contact databases, accounting information, etc. Perform regular back-ups and store them separately, away from your existing systems.
Cloud-based service providers, such as Dropbox and Google Drive, provide inexpensive options to store your data online. As they are internet based, you’ll be able to access your information remotely and quickly.
7. Be Password Savvy
Prevent unauthorised access to your computers, laptops, mobile devices and networks with passwords. Avoid using passwords that can easily be guessed. You should avoid, children’s’ names, nick-names and birthdays. Make sure to change your passwords regularly.
If your device has one (and it probably has), use its two-factor authentication option. This is a security feature that requires you to submit additional information as well as your password. The information is often something personal and known only to you.
More recently, biometric data, such as fingerprint or thumbprint scans, are being used to verify someone’s identity.
Demand for cyber-security insurance is increasing and with good reason. Cyber-security insurance should be an important part of your cyber-risk management plans.
First party insurance covers you for:
- Lost income suffered as a result of a cyber security breach;
- Costs associated with restoring electronic data, computer programs and software because of a cyber security breach;
- Costs associated with managing a cyber extortion threat.
Third-party insurance covers other people’s (such as your customers) assets and typically covers:
- Costs to investigate and defend privacy and security breaches;
- Compensating customers if you lose their data.
9. Invest In Malware Protection
To protect you from malware (malicious software which infects legitimate software), instal anti-virus software. Install only approved anti-virus software (such as Norton) and use it on all computers and similar devices.
10. Patches and Firewalls
Regularly update your IT systems and apply “patches” which hardware and software suppliers regularly release. Most security software providers notify subscribers when they release new patches.
Replace old hardware and software that suppliers no longer support because it’s too old.
11. Smartphone Protection
Modern mobile technology presents its own threats and is often a weak-link in an organisation’s cyber-security armour. Many small-business owners have now become heavily dependent on it. Protect yourself by:
- Activating passwords;
- Making sure you can track stolen devices and can lock or wipe them;
- Not using unknown wifi hotspots, such as cafes, airports, etc;
- Updating mobile applications when they become available.
12. Watch For Phishing
Fraudulent activity using phishing has become increasingly prevelant. Criminals use deception and circulate emails claiming to represent reputable organisations, such as Inland Revenue, banks, etc.
Although phishing emails are common and sophisticated, you can usually identify red-flags. Poor grammar and spelling, “unofficial” emails, poorly structured or worded emails, are often tell-tale signs.
If you have staff, train them to identify unusual requests for money. Requests, via email, to divulge credit card information or passwords are highly suspicious.
13. Develop Planned Responses
Develop plans to respond to serious cyber-security attacks to your business. Identify the potential risks and have a plan to manage each scenario that constitutes a serious threat to you. Include when and how to report incidents and to whom. Make sure you regularly test your back-up processes and systems.
Please share any additional cyber-security-tips you have in the comments box below.