Would your business survive a cybersecurity breach?

Cybersecurity is a major risk for small business, and small business owners are unprepared for this threat. According to the National Cyber Security Alliance, over 70% of cyber attacks targeted small businesses, and the cost of a major breach was enough to put many organisations out of business.

As a small business owner, what can you do to ensure your business won’t end up a statistic? This article won’t teach you everything about cybersecurity, but it will help you protect against the most common and most damaging threats.

1. Don’t reuse your passwords. Password reuse is one of the biggest causes of cybersecurity breaches, with hacked or stolen passwords being involved in 81% of data breaches in 2017. If you’ve reused your email password on a site that gets hacked, the hackers will have both your email address and the password used to access it. Reusing passwords is like losing your house keys with your address written on the keyring and not changing the lock. Instead, use a password manager such as LastPass or 1Password. Password managers automatically generate and store passwords, so you can use different passwords for each site without having to remember them yourself.
2. Use 2-factor authentication on critical accounts. Hackers still have ways to get your password, even if you use strong unique passwords on each site. For example, hackers may set up fake login pages for your email or bank account to trick people into giving up their passwords. 2-factor authentication requires you to enter a one-time token (sent via email, SMS or an authenticator app or dongle) every time you enter your password. All accounts that are critical to your business should have 2-factor authentication. This includes your email and password manager (since you use them to access many other accounts), your bank account, your accounting software, and any other tools that handle money or invoicing.
3. Don’t click on scam emails. Scam emails were involved in 21% of cybersecurity incidents in 2017, and 41% of cyberespionage incidents. Clicking on links in scam emails can lead to fake login pages designed to steal your password, or your computer getting infected with malicious software. Whenever you receive an email that tries to get you to take some action, such as click on a link, download an attachment, or make a payment, stop and ask yourself – is this email genuine? To recognise a scam email, check the email address of the sender, hover over links to check their destination before clicking, and if you’re still unsure, contact the sender via another channel to confirm that the email is genuine.
4. Train your staff. Your company’s security is only as good as the security practices of your most junior staff. Many high-profile security breaches (eg. Hillary Clinton’s campaign emails hack) started with a junior staff member’s email account being breached. If you train all your staff to lock the office door at night, you should also train them on cybersecurity best practices, so they understand that security is everyone’s responsibility.
5. Back up all data in the cloud. If you have data that’s only stored on a physical device – phone, laptop, desktop – it’s vulnerable to risks, such as your hardware dying, theft, damage or malware. To protect your business from loss of important data, ensure all data is backed up in the cloud. As long as you use strong, unique passwords and 2-factor authentication, cloud is safer than hardware for storing your data. There are many low-cost and secure services that can automatically back up your data to the cloud, such as Google Drive or Dropbox. Ensure the service you’re using for storing business data has 2-factor authentication (all of the above do).
6. Secure your website. Over 76% of scanned websites have security vulnerabilities. If your website is among them, your customers’ personal data could be stolen by hackers, or your website itself could be taken down or used to spread malware. A website hack can be extremely damaging to your business – how many sales would you lose if your website went down for several months? Get your website checked for security vulnerabilities to protect your customers and your business, and ensure it has backups, encryption and security systems to stop hackers from trying multiple login attempts.

Cybersecurity is a complex topic, but ignoring it could be disastrous for your business. If you follow these steps, you’ll be ahead of most small businesses on cybersecurity. GippsTech offers a fixed-price security review service for apps and websites, so if you’re unsure whether your website is among the 76% that have vulnerabilities, contact us to find out!

Elena Kelareva is the founder of GippsTech, one of Gippsland’s top website and software development agencies, which won the Gippsland Business Awards New Business category in 2018.