When you’re busy running your business, attracting new clientele, managing a team, and keeping strategic goals on track – taking the time to focus on your business’ cyber security can remain on the ‘to do’ list for longer than you’d probably like. And when you combine those time pressures with the fact that the cyber security landscape is ever-evolving with cyber criminals using more sophisticated tactics, it’s understandable that many small businesses may feel overwhelmed by the task.
If you’re doing business online, consistently utilise tools located in the cloud, or have information that lives in the digital world, then it’s important to do what you can to better safeguard your business assets, information and your team. Fortunately, there are practical steps any business can take, large or small, to help bolster their cyber security while simultaneously having a better understanding of some of the most common threats.
Let’s explore this further.
Common cyber security threats to be aware of
The first step in better protecting your small business from data breaches—which can include unauthorised access to banking information, customer contacts, personal information, and financial data—is to understand some of the different types of threats.
Malware
Cyber criminals use malware for a variety of reasons but it is most commonly used by criminals to steal confidential information, hold a system or device to ransom or install malicious programs onto devices without a user’s knowledge. Some of the types of malware include:
- Viruses – that are contagious and replicate throughout a system and connected devices.
- Spyware – that tracks your internet activity by running in the background.
- Worms – that destroys data as they replicate within your system.
- Trojans – that appear to be legitimate programs but are designed to gain access to modify, copy, and delete data, and provide backdoor network access.
Phishing
Phishing is a way that cyber criminals obtain confidential information like online banking details, credit card information, business login details or passwords by sending fraudulent messages via text, email, phone call or via social media. These messages lure you to click on a malicious link or download a malware-infected attachment to begin the process of obtaining sensitive information.
Ransomware
Ransomware works by locking you out of your files so that you can no longer use or access them. Sometimes it can even stop your devices from working. Ransomware can infect your devices in the same way as other malware and is the result of visiting unsafe websites, opening links, emails or files from unknown sources or simply having poor security on your network or devices. Once infected, you’re locked out of your data or system by the program until you agree to pay a ransom.
What you can do to better protect your business from cyber threats
1. Update your devices and applications
Updating your devices and applications can not only help to fix issues, but also addresses any known security concerns since software updates have built-in fixes to known security vulnerabilities. This is important since cyber criminals target devices by using known weaknesses in systems or apps. Turn on automatic updates so that this happens without your manual effort being required.
2. Improve password habits and management
Consider using passphrases instead of passwords since passphrases are made up of four or more random words making them longer than a traditional password. This can make them more difficult to guess but simpler for you and your team to remember. When used in combination with implementing multi-factor authentication (see below) this is a great way to improve your cyber security. Also, consider using a password manager to store company passwords and passphrases behind a secure, single platform.
3. Implement multi-factor authentication
Multi-factor authentication (MFA) provides an extra layer of security since it requires two or more authentication factors, making it harder for someone to fraudulently access your account. MFA typically requires a combination of a PIN or password, something physical like smartcard or physical token, and a fingerprint or other biometric before granting access a device or application.
4. Educate your employees
While cyber security services and solutions are an important part of better protecting your business, your internal processes and team members are the last, and one of the most important lines of defence. Utilise onboarding and team meetings to build awareness among your employees of user security policies as well as acceptable and secure ways of using of your systems. It can also be helpful to build awareness of current cyber risks and reward employees who proactively identify breach attempts. By simply making consistent efforts to engage your employees in the importance of being cyber aware means you are ahead of the game.
How TBTC Brisbane South can help
Of course, this is an overview of just some of the considerations businesses need to consider to remain prepared in a constantly changing cyber security landscape. At Telstra Business Technology Centre Brisbane South, our security advisors can help identify any vulnerabilities in your security, and put forward recommendations for your business. Talk to us today and let’s get securing your sensitive business data.
