By Paul Macpherson, Head of Security, Xero
Now, more than ever, cybersecurity is a daily worry for businesses. Yes, the internet has given small businesses access to a global, connected, world – opening up huge growth opportunities, but online threats are still prevalent. According to Cybersecurity Ventures, cybercrime is predicted to cost the world $6 trillion annually by 2021.
Most organisations handle records concerning employees, customers, suppliers, and others – so it’s of the utmost importance that these records are protected.
As technology becomes even more central to the world of business, hackers become increasingly sophisticated in their methods. Vigilance, intelligence, and preparation will be key to ensuring that your systems are sufficiently safeguarded
To ensure that your data and systems remain protected, these are my best practice tips.
- Backup your data
Create secure backups of all business information in a safe location off site, and make more than one copy. Ransomware attacks become considerably less effective when you can access these secure backups.
Creating backups is a great way to ensure operational continuity and should be considered essential for all small businesses. The backup should not be accessible on your network, or the enterprising cybercriminal could steal or destroy that too.
- Use up-to-date antivirus software
New security threats are emerging and evolving every day. Anti-malware software can be an effective means of counteracting them: it can scan attachments and downloaded files, immediately alerting you if any trojans, viruses, or ransomware are detected.
That said, it must be kept scrupulously up to date. Security threats change over time, and software changes with it. Set your systems to update automatically and eliminate any applications you don’t use.
Keep your systems current and you’ll prevent attacks.
- Employ two-step authentication (2SA)
Two-step authentication (2SA) adds an additional layer of security to your existing processes. By mandating that the user first enters their password, and then an authentication code, it minimises the risk of any account breach. They may obtain your login details, but your login details will never be enough to gain entry.
It should also be used to protect email accounts wherever possible. Inboxes can contain a treasure trove of valuable information or be exploited for fraud: 2SA (also known as 2FA, MFA or 2SV) can prevent hackers from breaking into your account.
- Strong passwords
Strong passwords are all-important for businesses: when cyber criminals gain access to login details, they can easily gain access to vital systems and information. Worse, when they access one password, they often access others: people often use the same login details for multiple systems.
It can be difficult to remember unique passwords for every site you use, but it can make a significant difference to your security. If you struggle to remember every login, use a password manager tool to ensure that your credentials are kept securely and accessible in one place.
When you have developed a system for effective password management, share it with your staff – and express how important it is that correct online hygiene is maintained. If the team is reusing passwords, it is contributing to the business’ cybersecurity vulnerability.
- Security training
Today, everyone’s job description should include cybersecurity awareness. IT systems have revolutionised the workplace, but they come with certain risks. Hackers can be very persuasive, and know how to convince staff to hand over important information. It is a key responsibility of yours to make sure your employees know the basics. If they know the tell-tale signs of a fraudulent email or login page, the business will be spared a lot of frustration.
Small businesses cannot fully prevent cyber-attacks, but if they use the right safeguarding techniques, they can protect themselves to a significant extent. With preparation, vigilance, and effort, hackers can be thwarted before they have even attempted to breach your systems.
