13 small-business cyber-security tips

Updated: August 2021

If you own a small-business and think data-security is unavoidable, this article provides 13 small-business cyber-security-tips.

Do you fear being hacked or losing customers’ personal information? If you answered yes, you’re certainly not alone.

1. Norton’s Cyber Security Findings

Norton’s 6th annual Cyber Safety Insights Report highlighted an alarming statistic. It found that fifteen percent of New Zealanders reported they had fallen victim to some kind of scam during the previous 12 months. Norton also highlighted, Kiwis lost more than $198 million due to cyber-crime. The report highlighted that one in every five New Zealanders detected unauthorised access to one of their accounts or device. Norton estimates Kiwis wasted almost 5 million hours trying to resolve the issues created.

Approximately 130,000 Kiwis experienced ID theft during the 12 months surveyed. Approximately one-third of New Zealanders feel more vulnerable to cybercrime than they did before the COVID-19 pandemic began. And almost half the country admitted they’re unsure how to properly protect themselves from cybercrime.

2. What Is A Data Breach?

A data breach is when someone copies, transmits, steals or uses confidential, protected or sensitive data, without permission. Data can be breached by: accident, computer viruses, hackers or even disgruntled staff.

3. New Zealand’s National Cyber Security Centre and CERT NZ

You don’t need to spend much money to help minimise your cyber-security threats. New Zealand’s National Cyber Security Centre and CERT NZ offer practical guides to help you improve your cyber-security.

Their advice shows you how to protect your software and hardware, as well as securing your internet connections. They also explain how to evaluate the strength of your cyber-security defences. An international standard, ISO/IEC also offers cyber-security-tips to help improve information and network security, and internet security.

4. Cyber-security Risk Management

Make a list of anything in your business (bank accounts, intellectual property, software, etc) that may be exposed to a potential cyber-attack.

Brainstorm the risks and threats they are potentially exposed to and the source of those risks. Examples might include: external attacks on your website and other systems, people stealing your computers, etc.

When you’ve compiled your list, determine the impact the cyber-attack would have on your business. Examples might include: damage to your brand and reputation, sanctions and regulatory fines, financial losses, and much more.

Finally, address any threats or gaps in your security processes. Install anti-virus software, reviewing and recirculating your policies to staff, and consulting experts.

Activate your computer operating system’s firewall. Your “firewall” monitors both outgoing and incoming traffic on your computer and, using predefined security rules, and decides whether to block or accept the traffic.

5. Train Your Team

Identify and document all cyber-attacks. Instruct your team to notify you of all cyber-attacks – big or small. You can then hopefully keep damage to a minimum or better still, prevent it. You’ll also have information to review and update your cyber-security processes. Never leave cyber-security incidents to chance. Consult an expert if you are unsure how to deal and prevent incidents.

6. Perform Regular Back-Ups

Losing key data and information that’s fundamental to operating your business may have significant consequences. Such occurrences are not confined to cyber-attacks and can also result from software and hardware failures.

Determine what data is critical and needs to be backed-up. These include websites, document folders, contact databases, accounting information, etc. Perform regular back-ups and store them separately, away from your existing systems.

Cloud-based service providers, such as Dropbox and Google Drive, provide inexpensive options to store your data online. As they are internet based, you’ll be able to access your information remotely and quickly.

7. Be Password Savvy

Prevent unauthorised access to your computers, laptops, mobile devices and networks with passwords. Avoid using passwords that can easily be guessed. You should avoid, children’s’ names, nick-names and birthdays. Make sure to change your passwords regularly.

If your device has one (and it probably has), use its two-factor authentication option. This is a security feature that requires you to submit additional information as well as your password. The information is often something personal and known only to you.

More recently, biometric data, such as fingerprint or thumbprint scans, are being used to verify someone’s identity.

8. Insurance

Demand for cyber-security insurance is increasing and with good reason. Cyber-security insurance should be an important part of your cyber-risk management plans.

First party insurance covers you for:

Lost income suffered as a result of a cyber security breach;
Costs associated with restoring electronic data, computer programs and software because of a cyber security breach;
Costs associated with managing a cyber extortion threat.

Third-party insurance covers other people’s (such as your customers) assets and typically covers:

Costs to investigate and defend privacy and security breaches;
Compensating customers if you lose their data.

9. Invest In Malware Protection

To protect you from malware (malicious software which infects legitimate software), install anti-virus software. Install only approved anti-virus software (such as Norton) and use it on all computers and similar devices.

10. Patches and Firewalls

Regularly update your IT systems and apply “patches” which hardware and software suppliers regularly release. Most security software providers notify subscribers when they release new patches.

Replace old hardware and software that suppliers no longer support because it’s too old.

11 small-business cyber-security tips.

11. Smartphone Protection

Modern mobile technology presents its own threats and is often a weak-link in an organisation’s cyber-security armour. Many small-business owners have now become heavily dependent on it. Protect yourself by:

Activating passwords;
Making sure you can track stolen devices and can lock or wipe them;
Not using unknown Wi-Fi hotspots, such as cafes, airports, etc;
Updating mobile applications when they become available.

12. Watch For Phishing

Fraudulent activity using phishing has become increasingly prevalent. Criminals use deception and circulate emails claiming to represent reputable organisations, such as Inland Revenue, banks, etc.

Although phishing emails are common and sophisticated, you can usually identify red-flags. Poor grammar and spelling, “unofficial” emails, poorly structured or worded emails, are often tell-tale signs.

If you have staff, train them to identify unusual requests for money. Requests, via email, to divulge credit card information or passwords are highly suspicious.

13. Develop Planned Responses

Develop plans to respond to serious cyber-security attacks to your business. Identify the potential risks and have a plan to manage each scenario that constitutes a serious threat to you. Include when and how to report incidents and to whom. Make sure you regularly test your back-up processes and systems.

Please share any additional cyber-security-tips you have in the comments box below.