Although cyber security may not be front of mind for most people, a cyber security incident can have a devastating impact on a small or medium sized business. With limited time and resources to dedicate to cyber security, businesses should look to partner with reputable IT support providers to ensure their files, systems and networks are secure. In this guide, we look at the three most common cyber threats a business could face, the software, procedures and processes an IT provider can implement to reduce the threat, and provide a cyber security checklist for business owners.
What are the most common cyber threats for small and medium businesses?
There are millions of different cyber threats out there. Recently, the Australian Cyber Security Centre released its Small Business Cyber Security Guide, which outlines the most common threats faced by businesses. And while the list is by no means exhaustive, it does provide a good overview of the kinds of threats a business should be looking out for.
The three most common cyber security threats for business are malware, email scams, and ransomware.
- Malware. Malware refers to malicious software and includes viruses, spyware, trojans, and worms. It is designed to provide intruders with a way to access information about a business, as well as its internal files, emails, and databases. Once access is gained, it is typically used to commit fraud (i.e. by asking customers for money), identity theft (to steal money from the business itself), disrupt operations, steal company files, or use computing resources for large scale cyber attacks on other organisations.
- Email scams and phishing. Every year, Australian businesses receive millions or emails, social media messages, phone calls, or text messages in an attempt to scam them. These scams, which are becoming increasingly difficult to spot, often pretend to be an individual or organisation that is known and trusted (such as a telephone company, internet provider, or taxation authorities). They may ask staff to pay fraudulent invoices, trick them into unknowingly providing access to banking services, grant intruders remote access to business systems, or persuade employees to purchase gift cards.
- Ransomware. Ransomware is a type of malware that attempts to lock a computer, files, or entire network until a financial ransom is paid to the intruder. It often enters business networks when staff visit unsafe websites, click on suspicious links, or due to poor network security generally. This type of malware is particularly dangerous for small businesses, as many do not have automatic backup and recovery services set up, and are more likely to pay a financial ransom in an attempt to unlock their valuable files.
These are just three of the most common cyber security threats faced by small and medium business, but there are many others out there. So if your business is not currently protected, you should consider how an IT support provider can help you to improve your security through software, procedures, and processes.
How can an IT provider help secure your business against cyber attacks?
Most small and medium sized businesses do not have the financial resources to hire a full time IT security expert. Instead, they often partner with a business IT support provider to set up and maintain their cyber security systems. By appointing an IT partner to manage your software, data, and online security, your business can drastically increase its protection from the most common cyber threats outlined here, as well as many others.
When it comes to cyber security, this can be split into two categories, including software considerations, and procedures and processes.
Software considerations
- Automated software updates. Every day, intruders create new ways to illegally access your operating system, software packages, and spy on your online activity. At the same time, software companies are constantly working to block them. So it is important to ensure that your operating system, software, and online security is constantly kept up to date with the latest versions, or your business could be at risk. An IT provider can set up automatic updates for you.
- Automated data backups. Your files are vital to the operation of your business. To prevent anyone from holding them for ransom (as well as protecting from system issues and disasters), your business should have automated backups. These backups are typically stored offsite or on a cloud server, so that if anyone does access your files, they can be restored quickly, so you never lose access.
- Anti-virus software. Anti-virus software periodically scans your files, servers, and network for potential threats and acts to either eliminate them or quarantine them. An IT provider can set this up on your network and each individual machine, to ensure threats are identified and neutralised effectively before they can cause any damage.
- Email filtering. Your cloud platform (i.e. Microsoft Office 365) can be configured to filter out spam, phishing and other malicious emails. Working with your IT provider to set this up means you can prevent these emails from ever reaching your inbox. The filtering algorithm automatically learns which emails can be trusted and which ones are suspicious, so you may need to occasionally check your spam folders to ensure nothing important has been filtered out by mistake.
- Browser and link protection. An IT provider can set up internet protection so your staff can browse the web safely. The software automatically scans websites and links before they are visited or clicked to ensure they are safe. This minimises the chance that you or your staff will accidentally visit a malicious website or click a scam link, for peace of mind when browsing.
Procedures and processes
- Controlling staff access. A business should always have control over who has access to its files and accounts. Work with your IT provider to ensure that employees only have access to the files and accounts they need. Your IT provider can also revoke access when employees change roles or move on to a new job outside your business.
- Password management. Staff passwords needs to be closely managed. If left to their own devices, most people will create low security passwords because they are easier to remember. Your IT provider can set specific criteria for passwords and PINs to ensure employees have to use high security credentials when logging into company devices, networks and accounts.
- Multi-factor Authentication. All staff logins should also be paired with multi-factor authentication, which requires users to enter a secure code, sent to a different device they own. This ensures that even if a password is breached, the intruders would not be able to authenticate with the unique code, and therefore wouldn’t be able to gain access to your systems.
- Network protection. At your businesses premises, your WIFI network can also be vulnerable to various cyber security threats. This is why it is important that your IT provider sets up a high security firewall, as well as setting up a secure network password for each employee to use. This adds a vital layer of protection to your data, files, servers, and network.
- Employee training. When it comes to cyber security, your employees are often considered to be the first line of defence. You could have the best cyber security in the world, and one of your employees could still accidentally click a malicious link or open a suspicious email attachment by mistake. So it is important to talk to your IT provider about conducting some basic security training with staff, as well as having a cyber security incident response plan, which outlines what to do if something goes wrong.
With the right cyber security software, procedures and processes in place, your level of protection against cyber attacks increases substantially. So if your business doesn’t have any of these in place, it’s time to talk to your IT provider about setting them up.
Your business cyber security checklist
To help you get started, we have created a handy checklist, which you can use to start the dialogue with your IT provider. If you don’t have an IT provider, contact us and let’s have a conversation about your business IT security so we can help protect you from cyber threats.
- Set up automated software updates
- Set up automated offsite / cloud backups
- Install anti-virus software
- Configure email filtering
- Install browser and link protection
- Closely manage employee access (including what people can access, role changes, employees leaving)
- Implement specific criteria for password creation and management
- Enable multi-factor authentication for all systems and accounts
- Protect your WIFI network with a firewall and strong passwords/multi-factor authentication
- Provide cyber security training to employees and create an incident response plan