Search

Five simple cybersecurity tips for your small business

By Anastasia Stefanidou, Associate Manager - Branded Content and Channels, Association of International Certified Professional Accountants

Cybersecurity is a growing concern for organisations of all sizes in today’s digitally connected world. Awareness of the risks and setting out appropriate responses is critical at all levels, from the board of directors to entry-level employees.

According to the World Economic Forum 2017 Global Risk Report, data fraud or theft, and cyber-attacks respectively rank fifth and sixth on the list of Top Ten Risks in terms of likelihood.

With Marriott, Facebook, Equifax and Yahoo only some of the largest cybersecurity breaches, the mean number of customers affected by each breach was 257 million and the average cost to companies (in legal fees, penalties, remediation costs, etc.) has been $347 million.

But statistics show that cybercrime is also a legitimate threat to small businesses. According to the 2018 Hiscox Small Business Cybersecurity Report, 47 percent of small businesses experienced an attack in the past 12 months. Despite the importance of cybersecurity, only 52 percent of businesses have a cybersecurity strategy.

But even without a cybersecurity expert, there's no excuse to not make cybersecurity a business priority in 2019. To help your business stay safe, here are five tips:

  1. Improve your password strength.
    If you're looking for one place to start, make it passwords. Take a few minutes to evaluate your current passwords, add multi-factor authentication and make an effort to change them at least every six months. You should also ensure that all employees are changing their passwords on a regular basis. Consult with your IT staff to automate reminders for this process. Find more tips on how to protect your business from hackers in our recent password management blog.

    Tip: Save yourself a lot of trouble in the future by saying goodbye to “password123” today.

  2. Perform a cybersecurity audit and establish protocols.
    Start by figuring out where your business stands. Are you well protected against cyber threats? Are you secure in some areas but lacking in others? It's best to start by understanding where you can improve. Put together a plan for protecting your network and hardware, including the right software for your particular IT setup. The AICPA Cybersecurity Risk Management Reporting Framework is a great free tool to help you assess your organization’s cyber risks. 

    Tip: Revisit your security plan periodically, and don’t forget to include employee training in the process. The plan only protects the business if everyone follows it.

  3. Train your employees to recognise common cybersecurity threats.
    The quickest way to protect your business from cyberattacks is to train your employees. Some businesses might picture an overseas hacker taking extraordinary measures to break into your network, but that's not usually the case. In most scenarios, a basic phishing email can be enough. It only takes one click to let the bad guys in. So don’t just send a memo; hold a training session.

    Tip: Appoint a cybersecurity culture advocate in every department at your organisation.

  4. Update your software.
    Software makers regularly release updates that contain security patches, bug fixes and new approaches to protection. If you want to secure your systems from attack, these updates are not optional. Since the last update you downloaded, criminals have found new ways in, and developers have found and fixed the weak points. 

    Tip: Schedule automatic, regular updates for all software.

  5. Regularly back everything up.
    And finally don’t forget to back up every last piece of data you could ever need. Anything sensitive should be encrypted. Why? In reality, you could still fall prey to malware. Phishers and hackers are persistent, resourceful and often one step ahead. Most businesses get hit, often more than once. 

    Tip: Schedule automatic backups so you can’t get behind and store the information securely.

If you take full advantage of the tools available to minimise the risk and potential damage of a cyberattack, you’re in the best possible position to avoid taking a big hit.

If you’d like to learn more about, check out the third part of our "A-E" of digital disruption learning series on Cybersecurity

And don’t forget to test your knowledge and see how you stack up to your peers by taking our cybersecurity quiz.