Cyber security tips for small businesses

43% of Australians will never return to a business after a cyber attack. 

Let that sink in. Even if your business survives a cyber attack, you’re likely to be worse off for it. Prospective customers may pull away for fear of being caught in any future cross-fire. And you risk losing the thing small businesses value more than anything else: Trust. A study by Centrify found that 65% of customers lose trust in a business after they experience a cyber attack. 

Cyber-attacks aren't isolated incidents either. Over the last few years, the number of cyber security incidents has skyrocketed - putting more businesses at risk.

Australian Cyber Security Centre figures show Cyber attacks are impacting more businesses (and customers) than ever before. In the 2022-2023 financial year, there were 94,000 reported cyber attacks on Australian organisations, up from 76,000 in 2021-2022, 67,500 in 2020-2021 and 59,806 in 2019-20.

And high-profile cyber attacks on large companies have put businesses on high alert. The stats are clear: If you're a small to medium business, preparing for cyber-attacks should be a top priority.

Why is cyber security important for small businesses?

With cyber threats increasing and evolving, small businesses need to address cyber security to stay protected. Cyber criminals see small businesses as easy targets, as they typically have less stringent security measures than larger businesses. That's why it's crucial to implement best-practice cyber security guidelines in your business.

One critical misconception small business owners have about cyber security is that they're too small to be a target. If that's you, and you're thinking, "I don't have much compared to large businesses, why would cyber criminals bother?" think again. That's like not locking your door at night because other businesses have more valuable items in stock.

Cyber criminals are opportunists. It doesn't matter how small your business is. If you leave the door open to cyber criminals, they'll come and take what they can.

So what do you need to do to keep your business secure?

Here are some cyber security tips that could save your business.

7 Cyber security tips for small businesses

1. Get a firewall

A firewall will be your first line of defence against cyber attacks. Firewalls monitor incoming and outgoing internet traffic against predetermined security controls. They give your business's network a reliable barrier against suspicious networks. With an effective firewall, your business can stop potential cyber attacks before they happen.

Aussie Broadband offers an industry-leading firewall solution to small and medium businesses. Leverage next-generation firewall technology, and stay focused on your business with peace of mind, knowing security is under control. Browse our firewall solutions here. 

2. Set up automatic updates:

Criminals are an innovative bunch. So whenever security measures pose a challenge to their work, they'll do what it takes to beat the system. It should come as no surprise that, according to the 2021 Check Point Cyber Security Report, 75% of cyber attacks result from criminals exploiting outdated security protocols.

That's why your security measures always need to stay one step ahead.

Setting up automatic updates means that your business's network will update any software you're currently running as soon as it is available.

Keeping all your business's software and applications up to date is critical. It is common for software updates to include improvements to the platform's security. And often, those improvements fix vulnerabilities that cyber criminals learnt how to exploit.

So why wouldn't you set automatic updates up? One not-so-good reason behind stalling essential updates is that some find it annoying to have them running in the background. If that's the case for you, set those automatic updates to run at a predetermined time - instead of the second they become available. That way, you can update your software when you're offline so it won't disrupt your business.

3. Back up your data

Have you ever spent hours on an important document, only for it to disappear?

If this happens to your business's data, such as customer details or financial records, it could have catastrophic consequences. The result of years of business development could disappear in a split second.

That's why you must keep a backup of business-critical data. Whether you store your backups on physical hardware (such as a hard drive) or in the cloud, keeping the copies separate from your main network is important.

Should cyber criminals steal your data, having an up-to-date backup means you won't lose it entirely. Ideally, you should also keep data backups in different physical locations. Doing so will safeguard your data during physical theft or a natural disaster.

And to ensure your data back-ups are up-to-date, you can set these backups to occur automatically.

4. Use strong passwords

The most effective passwords are hard to guess or crack - but easy to remember. To that end, the Australian Cyber Security Council recommends passphrases. Passphrases are passwords made up of four or more random words joined together, like "carrot mountain silver drive" (don't use that!).

So, what's in a secure password?

It's unique: You aren't using the same password on different accounts. If you'll have trouble remembering all those passwords, use a password manager.

It's long: The longer the password, the harder to crack. Try to make your password at least 14 characters long. 

It's random: Avoid using related words, famous phrases, quotes or lyrics in your password. That will make your password as unpredictable as possible. 

It's got multiple character types: It includes uppercase and lower case letters, numbers and symbols.

5. Set up Multi-Factor Authentication

Because sometimes strong passwords aren't enough. Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) gives your business an added layer of protection against security breaches. MFA requires users to verify their identity in two or more ways before accessing sensitive information.

Standard methods of Multi-Factor Authentication, which typically activate after the user has entered their login details, include:

• Requiring users to download an authenticator app on their phone.  

• Asking security questions.

• Texting a security code to the user's phone. 

Multi-factor authentication makes it harder for cyber criminals to steal sensitive data. Importantly, stealing your password won't be enough to access your business's system.

Check out our helpful guide to setting up multi-factor authentication here.

6. Implement access control

Not everyone in your business needs equal access to your system.

That's why access control is a security essential. Access control operates on the "principle of least privilege". That means, by default, users can only access what they need to do their job. For example, your accountant shouldn't be able to access design tools or your company Instagram account.

While it's a common-sense principle, the extra effort required to implement access control means business owners often put it in the too-hard basket. But it's a crucial step to minimise the potential risk of an employee accidentally (or maliciously) causing a security incident.

And if someone leaves your organisation, ensure they're not taking access to your system out the door with them. Otherwise, security is out of your business's control. Because if that former employee falls victim to a data breach, you're powerless to stop your data from being affected. 

7. Train your team on best-practice cybersecurity guidelines

Perhaps the most important tip of them all. You can have the best security money can buy. But it becomes worthless if your team doesn't know how to use it.

Small business cyber security training should include:

• Awareness: Get your team up to speed with the common types of cyber threats, such as phone scams, email scams, and phishing. Ensure everyone in your business knows the dangers, how they work, and how to stop them.

• Prevention: Your cyber security training should, of course, cover the best-practice cyber security guidelines. Taking steps to make you and your team are accountable for following the guidelines will embed cyber security into your business and team culture.

• Action: Lastly, you and your team should know what to do in the (unlikely, if you follow these guidelines) event of a cyber-attack. Ensure your staff understand their roles and responsibilities during a breach. And so nothing comes as a surprise, run a cyber-attack simulation to test (and learn from) your planned response.

Do all this, and you and your team will be fully prepared to protect your business from cyber threats.

Keep your business secure

In today's world, cyber security is just as important as physical security for small businesses. Not addressing the increasing and ever-evolving cyber threat is like leaving your car and its keys on a main road. It doesn't matter what type of car it is, leave it there long enough, and an opportunist criminal will take it.  

So no matter your size, your business must pay attention to cyber security. But if the high costs of enterprise-grade security aren't viable, it's a risk you might feel forced to take.

At Aussie Broadband, we live and breathe small business. And we're proud to offer security solutions that provide enterprise-grade protection at small businesses-friendly prices.

We’ve partnered with Fortinet to give small to medium businesses a comprehensive security solution. Don't get left behind by a digital-first business world. Protect and prepare your business for future growth today! Browse our security hardware here. 

So if you want to find out more about keeping your business protected from cyber threats, we're here to help.

Call our 100% Australian-based business consultants on 1300 480 905.