Cyber security for small businesses is a necessity. The reality is that your business WILL come under attack at some point. Planning for any such attack and putting systems and process in place to thwart the attack before it starts, should be a goal of all business owners.
Every day we see gaping cyber security holes in small business operations. However, most businesses are either too busy or unaware of the risks to take action. Surprisingly, we see the same problems again and again and, frustratingly, they are nearly all simple, low cost, problems to fix.
As a result, we have prepared a ‘hit list’ of five low cost (or free) cyber security fixes that we regularly implement for our bookkeeping clients. These help to ensure that their client data and critical business data are secure and easily recoverable, in the event of a cyber attack.
We hope that you benefit from these.
When we look at cyber security for small businesses, the standout area of risk is poor password security. Weak points include:
- Post it notes with passwords left around the office, or on computers.
- Spreadsheets or Word documents containing lists of key passwords (often named ‘passwords.xlsx’, or something similar, making it easy for anyone to identify!)
- Repeated passwords – the same passwords for multiple sites. Often, if someone finds out your GMail password it is likely that they will be able to access your online banking or your accounting software as well !
- Passwords that have not been changed for years.
- No process in place to change passwords after staff members leave the business.
- Poor quality passwords (names, dates, all the same case, etc)
SOLUTION – Fortunately these issue are very simple to fix and for most small businesses will cost you no more than a bit of your time. We recommend and use Lastpass. Lastpass is a secure password vault that stores your passwords and allows you to share them with other people (staff). It is easy to use and does not impede your daily activities. In fact, the premium versions are likely to result in significant efficiency gains for your business. The free version that is suitable for micro or very small businesses. However, the premium version are a very good investment at only US $2 per use per month!
2. Physical Security
When business owners think of online security they think of backups, passwords and virus protection software. However, online security breaches are very often a result of someone in the office, or visiting the office, working out how to access your systems. There are some very simple ways to ensure that you don’t make it easy for hackers:
- Set your computer to go to sleep when you are not at your desk. This ensures that client, financial, operational and other information is not visible others. Such has, the cleaner, clients or other visitors to the office.
- Shut all computers down (don’t put them to sleep, shut them down) at the end of the day. This ensures that no one can access your computer remotely while the office is unattended. It is also saves power and gives your computer a rest.
- SOLUTION – For Windows use this free software to schedule a shutdown. This is useful if staff forget to shut them down at night. Especially on Friday night’s as leaving computers running all weekend can give potential hackers access all weekend.
3. Use the power of the cloud
We believe that all critical business data should be stored in the cloud. That is, on Google Drive (our preferred), OneDrive, iCloud, or something similar.
As well as making your business run more efficiently and cost-effectively, storing your data in cloud provides you with state-of-the-art systems that, in the past, were only available to large organisation. Additionally, the large cloud storage providers provide many layers of physical and virtual security that you could never implement yourself.
The Queensland Government provide an excellent overview of the benefits of cloud computing. We recommend reviewing this.
SOLUTION – If you are not ‘in the cloud’ you need to get there now.
In our business we have ensured that all of our systems are cloud-based by moving the entire business to the Chrome operating system, using Chromebooks (instead of Windows or Macs). This has ensured that our client data and all of our business data is 100% secure. It also reduces our software and hardware costs significantly.
In the old days businesses would back their accounts and files up to an external hard drive, or a USB stick. Well…that was what you were supposed to do. Most businesses never did it!
Today (if you are in the cloud), you can backup you data automatically for a nominal cost.
SOLUTION – We use and recommend Spanning Backup. Businesses can use it to backup Google G Suite and Office 365. It will archive up your email, data files, calendar items, contacts and web sites every day. Recovering a file is quick and easy.
Should you ever have your computer stolen or damaged, or fall victim to a ransomware attack, or accidentally delete a file, you can quickly recover lost data up to the point of your last daily backup. This system has saved us, and our clients, much heartache and many hours of lost time regenerating lost documents.
Call us and we will show you how to automatically back up all of your business files for as little as $5.30 per month. Every day, without fail. You will be repaid many times over for the small subscription, even if you only ever use the service to recover accidentally deleted files.
Your cloud-based data storage provider and all of you key online software should offer two factor authentication (2FA). Sometimes this is referred to as multi-factor authentication.
2FA requires you to provide two, or more, pieces of evidence (factors) to authenticate your identity before being permitted to use a system. An example is when you make a large transfer on your internet banking. As well as entering your password you are often required to enter an additional code that is sent to your phone. Your internet banking password is one identification factor and the SMS sent to your phone is a second. For more information on 2FA see this explanation.
Sometimes 2FA is optional in your software.
SOLUTION – If your provider does not provide 2FA functionality, find one that does.
SOLUTION – Ensure 2FA is activated for your cloud based data storage, accounting software, online banking, credit card processing platforms and any other critical business applications.
2FA generally costs nothing to implement. All you need to do is make sure that it is activated.
Cyber insurance is great in the event of a catastrophic attack on your systems or your data. However, you should aim to secure your systems so as to prevent a potential cyber attacks in the first place. This is a much cheaper option than an insurance policy and is just good business practice. Once your systems are secure you can evaluate if a Cyber Insurance is warranted.
A cyber Insurance policy covers you for any loss your business incurs as a result of a cyber attack. It does not cover any loss to your clients (your Professional Indemnity Insurance covers this).
Your insurer will required you to have taken reasonable steps to ensure that your systems are secured. One of the first questions an insurance company will ask in the event of a cyber insurance claim is ‘what security was in place?’. If security is inadequate it is highly likely that this would be grounds for the insurer NOT to pay out on the policy.
Many of our clients have been scared into taking out cyber insurance policies. Particularly by their insurance brokers. However, don’t be pressured into taking out a Cyber Insurance policy. There are key actions business owners can take, prior to taking out an insurance policy. The actions highlighted in this post, and others, can significantly improve Cyber security for small businesses.
SOLUTION – Invest your time and resources into securing your systems and data, training staff to manage the security measures. Once these measures are in place, then look at getting cyber insurance, if you feel that the cost is warranted.
How to protect client data?
All Sorted Business Services takes the protection of client data very seriously. Read this post to see what measures we have implemented to protect both client data and our critical business data.
SOLUTION – Learn from what we have learned over two decades of securing data for our businesses and that of our clients. Learn from others who have experienced cyber attacks. Low cost solutions are available for your business.
Cyber security for small businesses – Security Audit
Cyber security for small businesses is not difficult, it just takes some time and effort to implement and maintain.
SOLUTION – To help you on your way order a desktop security audit now.