Keep your business safe from cyber threats
It is important to protect your business against cyber security threats and make the most of the opportunities online.
The online world offers businesses the potential for reaching a broader customer base, use international suppliers and sometimes even save on admin or supply costs and increase productivity across collaborative teams. However, the world of online business does bring the potential for scams and security risks.
A single successful attack could seriously damage your business and cause financial burden for you and your customers, as well as affect your business’s reputation.
* Do you or your employees store sensitive data on mobile or portable devices?
* When travelling for business do you log into free WIFI networks?
* Have you allocated access restrictions on certain data?
* Do you have regular password updates and changes on your data platforms?
* Do you allow or monitor work being forwarded using email?
* Do you send sensitive or confidential information via email?
It’s a good idea to put an effective cyber security plan in place if your business accesses the internet or email to conduct business.
Steps to keep your tech and business information secure
Below are some simple steps that you can take to help protect your business and maintain customer trust and confidence.
Back up data
* Backing up your business’s data and website may help you recover what you’ve lost in the event of an attack.
* Whether it is a cyber attack threat or one from the multitude of natural disasters we seem to experience, it’s essential that you regularly back up your important data and information, from financial records and business plans to customer records and personal information. This will lessen the damage in the event of a breach or computer problem. Fortunately, backing up your data is generally cost-effective and easy to do in a secure manner such as using encrypted platforms such as Your Digital File or other tailored solutions by Cryptoloc Technology.
It’s a good idea to use multiple back-up methods to help ensure the safety of your important files. A good back-up system typically includes:
daily incremental back-ups to a portable device and / or cloud storage service.
We strongly recommend that you separate data into two categories:
1. Data that is sensitive, confidential or private and may cause you or someone else harm.
2. Data that is not sensitive nor private or confidential, but would be time consuming to replace.
With data that this private and confidential we strongly recommend using an encrypted platform such as Your Digital File (YDF) to store and share sensitive data with third parties (internal and external).
Categorise your data and store securely
* Make it a habit to store and back up your important, sensitive and confidential data to an encrypted platform like YDF.
* Store portable devices separately offsite and do not leave them connected to the computer as they can also be infected from a cyber-attack. Having a copy of your data in a separate location will let you recover information quickly and easily in the event of any data loss.
* Regularly check and test that you can retrieve your data from your back-up source.
* Never store sensitive or confidential information on your phone or portable devices – save it to an encrypted platform such as Your Digital File or a tailored solution.
* Unimportant but time consuming data save to different backups such as USB sticks and hard-drives.
Secure your computer and devices
* Malware or viruses can infect your computers, laptops and mobile devices.
* Install security software on your business computers and devices to help prevent infection and ensure it includes anti-virus, anti-spy ware and anti-spam filters.
* Make sure that you set your security software to update automatically as updates may contain important security upgrades based on recent viruses and attacks.
* Set up firewall security to protect your internal networks. Remember to install the firewall on all your portable business devices and keep them updated and patched to prevent threats entering your network.
Monitor and protect the use of computer equipment and systems
* Provide staff with a safe and secure platform to store and share sensitive information. This is your obligation to your employees as well as your clients.
* Maintain a record of all the computer equipment and software used by your business. Keep items secure to prevent forbidden access and remind employees to be mindful of where and how they keep their devices.
* Educate employees on using a USB stick or portable hard drive. An unknown cyber threat can accidentally transfer from a portable device from home directly into your business system.
* Remove any software or equipment that you no longer need and ensure that no sensitive information is on them when thrown out.
Protect important information
Make sure you encrypt your data when stored or sent online so only approved users can access it.
***Encryption converts your data into a secret code before you send it over the internet. This reduces the risk of resource theft, destruction or tampering. Make sure you turn your network encryption on.
Manage administrative passwords
* Change all default passwords and look at disabling administrative access entirely to avoid an attacker from gaining access to your computer or network. Make sure you change each password to something new that can’t be easily guessed. Attackers have the potential to gain full access to your system from an administrator level account.
To reduce the risk of your computer becoming infected, create a standard user account with a strong password you can use on a daily basis.
Choose strong passwords
By creating strong passwords, you are improving your digital security.
* Use passwords to protect access to your devices that hold important business information. Having a password such as ‘123456’ or worse still, ‘password’ is leaving yourself open to being hacked.
* Frequently change your passwords every few months. If you use the same password for everything, once someone has your password, all your accounts are potentially under attack.
Consider using a password manager that securely stores and creates passwords for you.
Use spam filters
* Use spam filters to reduce the amount of spam and phishing emails that your business receives.
* Spam messages are usually from a person or company that you don’t know, and they often contain offers too good to be true. Don’t respond, attempt to unsubscribe or call the number provided in the message. The best thing to do is delete them. Applying a spam filter will help reduce the chance of you or your employees opening a phishing or fraudulent email by accident.
* Sending spam emails for commercial purposes is an offence under the Australian law. Significant fines apply if this offence is proven.
Educate your staff to be safe online
It is important to train your staff on the threats they can face online and the major role they play in keeping your business safe.
* Your staff need to be aware of their computer rights and responsibilities as well as their network access usage. Be specific about the types of online practices that are acceptable when using work computers, devices and emails.
* Training staff on maintaining good passwords, being aware of fraudulent emails and reporting suspicious online activity will help ensure good cyber security practices.
Put security measures in place
* Have policies and processes in place for your staff that outlines what is the accepted standard when accessing:
* emails and
* the internet.
* Ensure that your data storage and management system is transparent, auditable and tracks users actions.
* Ensure you have restriction protocols set up for the access and sharing of information.
* Establish a strong social media policy, which sets what type of business information your staff can share online, and where. An attacker can develop a convincing scam tailored to your employee by building a profile from their business and personal information they post online.
* Make sure your employees are aware of the policies and that they review them regularly. You may also consider refresher training in these policies to ensure all employees are aware of the IT security and data policies in your business.
Protect your customers.
No matter the size of your customer information database, it is important that you keep it safe. Aside from being a huge blow to your organisation’s reputation, there may be legal consequences for losing customers’ personal information.
For many people who shop online it is important to know that their payment details and address are secure. It is also important for your customers to know that you will not share their details without their consent. Provide a secure online environment for transactions and ensure you secure any personal information that your business may store. Talk to your payment gateway provider about what they can do to prevent online payment fraud.
There are privacy laws and regulations that determine what you can do with the personal information of your customers. It is important to be aware of each of the Privacy and Data Security regulations that apply to your country of origin and the countries in which you operate as they all differ in rules, severity, and potential penalties.
Consider cyber insurance to protect your business against impacts resulting from a cyber-attack. The cost of dealing with a cyber-attack can go past the repair of databases, the strengthening of security procedures or the replacing of lost laptops.
Cyber liability insurance cover (CLIC) can’t protect your business from cybercrime, but it can protect your business against the costs that may result from the attack. But not even insurance will save your business from reputational damage and loss of customers after a cyber security breach.
Action: Look at Your Digital File for small business users and Secure2client by Cryptoloc Technology for the secure sharing of sensitive documents.