We'll email you the contents of your shopping cart, so you can easily continue where you left off on your next visit.
Need expert digital and tech advice? Geeks2U are here to help. This time, we focus on safeguarding your business against cyber attack threats and security risks.
Small businesses are often more at risk of cyber attacks as they’re seen as easy targets. In fact, a 2019 study found employees of smaller organisations were more likely to be hit by email threats, including spam, phishing and email malware, than those in large organisations.
How can you ensure your business is safe? By making sure you’ve got the basics covered. Anthony Hill, Head of Technology at Geeks2U, says it’s all about setting strong passwords, backing up, installing firewalls and anti-malware software and educating staff about security risks. Here are our top data security tips for SMEs to help secure your business and data.
If events like the Sony Pictures hack in 2014 have taught us anything, it’s that leaked private emails can be embarrassing and detrimental to a business. Always assume everyone can see and read your emails and never use email communication for classified or sensitive information.
While there are many communication channels available for a business, Anthony says they all come with associated security risks. “All of them have their limitations, including email, Slack and WhatsApp. While WhatsApp is encrypted from both ends, if cyber criminals were to compromise your mobile phone then they might be able to capture that information.”
In 2020, it’s essential that all devices accessing company networks are password protected for data security purposes. It might sound basic but strong passwords are crucial in order to protect your business, reducing the risk of a security issue. One of the easiest cyber security measures for businesses to implement is a password policy of using a mixture of upper and lower-case letters, combined with numbers and symbols. And, says Anthony, you should change passwords regularly to keep your business data and networks secure.
“The recommendation is at least every 90 days and that can really help protect against data breaches.” With administrative accounts and accounts with higher privileges, it’s worth changing them even more regularly.
For higher-level protection, small businesses should also consider switching to multi-factor authentication, which requires a third method of logging in to accounts. “We all log in with a username and password but multifactor gives you another step. We’re seeing it more and more these days, especially with banking,” Anthony says “Often a company or bank will send you a SMS code, which you then have to enter to access your information or accounts. While someone might have your username and password, [it’s unlikely] they would have your mobile phone, so it’s a valid third step.”
If you’re using Microsoft 365, check your default security settings for the option to switch to multi-factor authentication. Most email services will offer this as an option too. Need more info? Visit the Australian Cyber Security Centre’s publications on implementing multi-factor authentication to prevent information security threats.
If juggling a series of changing passwords sounds complicated, don’t worry. Many internet security software programs, such as the Kaspersky Total Security range, include password managers that allow you to store, recycle and re-adjust passwords as needed. Another point to consider: be vigilant about your employee access and terminate passwords and log-ins as soon as someone leaves the business.
Ransomware is a type of malware that attacks and encrypts your files and demands a ransom to release them. To protect against this type of cyber attack and prevent data loss, make sure you back up everything and store backups in a secure external location. That way you keep your information safe if your network is compromised and a copy of your data still exists and remains untainted.
There are two ways to backup data: the first is using an external hard drive (try Seagate) and the second is using the cloud. Some internet security programs, like Norton 360 Premium Security, offer 100GB PC cloud storage as part of their packages. As long as you’re regularly backing up, either method will ensure your data and documents are kept safe in case of ransomware.
Sounds like fishing but it has nothing to do with rods and bait. “Phishing can come in a number of forms,” says Anthony, “but the most common is in an email. It looks legitimate. It may ask you to click on a link and enter some personal details, or it might ask you to open an attached file. Those attachments can have malicious software that then compromises the computer.”
Phishing attacks can also come via text message and phone calls and in all cases the aim is to trick you into sharing your personal information such as passwords, bank account numbers and credit card numbers. Installing internet security software on all computers, smartphones and mobile devices should protect your business and data against phishing attacks.
Software, such as the Trend Micro Maximum Security range, will also filter out suspect emails, helping to stop you from clicking on links to fake sites. But there are also small clues you can look out for to help secure information in an organisation, says Anthony. “After you clink on a link and go to a site, have a look at the actual URL. You may find it’s spelled slightly differently to the real one. Another thing to look out for is typos in the emails or poor grammar.”
If you’re in doubt, err on the side of caution to help keep your data safe and secure. Don’t trust emails from unknown senders and be suspicious of unexpected emails or attachments. Rather than clicking through links, go directly to a website or, better yet, call a confirmed phone number and check that the email is official.
“A firewall monitors all of the internet traffic coming both in and out of the business network,” explains Anthony. “If someone externally tries to get into your network, the firewall will block their IP address and won’t let them through.” You can keep your business and network secure by providing firewall software to all employees and all of their associated devices. All Norton 360 Premium Security products provide a two-way silent firewall, which protects against unauthorised incoming and outgoing traffic.
All businesses should provide training and information to employees regarding best cyber security practice. Cyber criminals are evolving all the time, so it’s important to retrain staff often. “[As a small business owner], one of the best things you can do is educate your staff on the potential dangers. We’re not always aware of the risks,” Anthony says.
“Visit sites like the StaySmartOnline website, which is managed by the Australian government. It has good information for business users.” Create an incident response plan just in case and always report any security threats to authorities. And if employees work on their own computers or laptops, make sure all their personal devices are secure too.