05 May Does a Small Business Owner need Cyber Security
Absolutely, any person or business with any on-line activity requires cyber security and good processes to protect your security. Whether you receive supplier invoices via email, process online banking from a phone or a computer or if your business is full scale online; Cyber Security is a must.
In fact, most of the businesses targeted by hackers are small businesses or individuals. Why? Because they often lack extensive resources to protect themselves against a cyber-attack and often lack the awareness of possible threats.
You may not have the same level of protection as large corporations, but you can enhance your business’s cybersecurity and awareness of the risk and education on how to prevent it is the first defence.
Here’s some things you need to know about cyber security and small businesses.
Note: The following is only the general recommendation of Borrie Financial Group. For further advice on cyber security, seek out an industry professional.
We’ve all seen the “obvious scam”, but some scammers and their techniques are highly sophisticated, plausible and difficult to detect. The scam can occur via phone, email or text. In some instances, legitimate supplier invoices may be intercepted, and details changed before being forwarded to your email. Be wary of changes to supplier bank accounts and if possible, confirm these changes with them before processing payments. Scammers can also encourage you to download software onto your phone or computer. For more awareness visit your banks website or a government site such as https://www.govt.nz/browse/law-crime-and-justice/scams/
Cyber Threats Key Areas
The following is a list of key areas where cyber threats can take place. These key threats may also help you better understand where your businesses may need improvement in cyber security.
Malicious Software (Malware)
Malware is a collective term for software including viruses, ransomware and spyware, coded by cybercriminals. It is used to gain access and control, or to spy on your computers. The malware is used for malicious purposes such as theft, pranks, espionage and other serious crimes.
Scam Emails (Phishing)
This is where cybercriminals mimic a legitimate institution (such as a bank) that the small business knows, in the form of an email or phone call, luring them into giving out sensitive information or downloading malicious software.
Ransomware is a software that is sent to a small business’s computer, locking it until a ransom is paid. The malware is usually sent via a legitimate-looking email, which, once it’s opened, allows the scammers to lock you out of your computer. The cybercriminals then demand an amount to be paid to restore access.
This is where cybercriminals gain access to a small business’s computers and files from an outside location. Hacking mostly targets credit card and bank account information.
What’s the Impact of An Attack?
There are three main ways that a cyber-attack can impact your small business: financially; by damaging your reputation; or legally.
The business can lose money either by sending it to fake accounts or recovering information stolen from the company.
After the discovery of the breach, the business will also spend money to correct or replace the affected networks and devices.
Building a strong relationship between your business and its customers and suppliers is vital for the success of the business. An attack could damage the reputation of your business, leading to the loss of customers or essential suppliers.
Privacy and Data Protection Laws require the business to keep all personal data on its employees and customers safe. An attack that exposes this information may lead to fines and other regulatory sanctions on the business. You will also incur legal fees in case a suit is filed against you.
What Can You Do to Protect Your Business from Cyber-Attacks?
- Train Employees
The best way to protect your small business against a cyber-attack is to have vigilant and alert employees. They should be trained on detecting threats, how to treat business information, how to manage and set better passwords, cyber security measures taken by the company and what to do in case a breach occurs or when they suspect it has.
- Perform a Risk Assessment
Your business should be able to identify, analyse and evaluate risk by performing a risk assessment. This helps you to put in place the appropriate controls to deal with any cyber security risks.
Inviting a cyber security expert to help you undertake a risk assessment at your workplace is probably the best option for small business owners.
- Keep Software Updated
Cybercriminals try to find loopholes and vulnerabilities in software to help them access or spy on the business’s files and documents. They then target the vulnerability, using malware to infect your computer, gain control and access your company data.
To deal with such attacks, software manufacturers periodically release updates to fix any weak points in their software. This is why it’s important to keep all the software on your company machines updated.
- Backup Your Files
All important functions of the business rely on data stored in the company database, which is why hackers often target company data.
Viruses and hacker interference makes your company data susceptible to manipulation or even deletion from your central database. It can also be subject to ransomware, where the attacker encrypts the business data and asks for money to give back access.
- Set Up Login Authentication Regularly
Restricting access to the business’s online information and resources requires you to set up authentication processes. Basic authentication requires a username and a password to gain access to the resource. Still, you can add additional layers of security by using the two-factor authentication (e.g., you are texted a code to enter when logging-in) and third-party authentication.
Limiting access to crucial data keeps it safer from cybercriminals, as they cannot access it easily. You should also encourage your employees to change their passwords frequently and not to use one password for all their accounts.
- Engage a Cybersecurity Company
A cyber security company or expert can help design and implement security protocols for your business network, ensuring it is safe from cyber-attacks. They can improve security for your data and systems by putting up firewalls, enforcing authentication protocols and controlling who has access to your data.
Questions to Start Asking Yourself
- Do you and your team all Use Multi-Factor Authentication to Login to All Systems?
Merely using a username and password to login to your business’s online resources is not enough. Adding a layer of security ensures your data is safe, even when a hacker gains access to a user’s login details.
- Are you and your team aware on how to Spot Malicious Emails?
- Do You Have Regular Security Checks on Your Systems?
Keeping your systems secure is not a one-time job. A very secure system today can have a massive vulnerability tomorrow. Perform regular risk assessments to your systems and networks to ensure any new vulnerabilities are addressed before cyber criminals can exploit them.
This blog has been compiled on the basis of general information current at the time of publication and reflects an opinion only and is not intended to provide anything other than an opinion at any time. Your specific circumstances as well as any changes in circumstances after publication may affect the relevance, completeness or accuracy of this information. To the maximum extent permitted by law, we disclaim all liability for any errors or omissions contained in this information or any failure to update or correct this information. It is your responsibility to assess and verify the accuracy, completeness, currency and reliability of the information on this website, and to seek professional advice where necessary. Nothing contained on this website is to be interpreted as a recommendation to use any product, process or formulation or any information on this website. For clarity, Borrie Financial Group does not recommend any material, products or services of any third parties.