When a big company is hacked it’s splashed all over the news. However the majority of ransomware attacks actually happen to small and medium sized businesses. Hackers specifically target small businesses as well as subject them to mass attacks. Mass attacks sees a hacker use software that trawls for tiny vulnerabilities in security and exploits everything it finds. Attacks like this can cripple a small business. Is your cyber security up to scratch? Our handy cyber security checklist is a good place to start.
Your cyber security checklist
Good cyber security requires multiple layers of protection, keeping those layers up to date, and making sure everything is properly monitored. Just having a firewall or anti-virus software is not enough. There is much more involved in ensuring your data is properly secure and most small businesses don’t have enough security in place.
To be properly protected you need:
- Antivirus
- Anti-malware
- Ransomware protection
- Website monitoring for fraudulent websites
- A unique login to every website you use a password for
- Strong passwords with 12 characters or more, including special characters
- A password manager – never save passwords (or credit card details) in Google Chrome or on a spreadsheet
- Multiple Factor Authentication enabled everywhere, and most especially on your accounting software, your email, and all websites and apps that you don’t want anyone else to access
- End-to-end encryption across all devices
- Daily, off-site backups of all important data
- Backup data verified
- Backups kept for a full month, as hackers often corrupt data slowly so that your backup is also corrupted
- Updates and patches done as soon as they are available
- VPN
Multiple Factor Authentication
We mentioned Multiple Factor Authentication in your cyber security checklist above. Security conscious websites and apps will usually offer a selection of authentication options. These may include email, text, a passphrase (popular in banking), or a code via an application on your phone.
A note on this: Setting up Multiple Factor Authentication via another email is not recommended. It’s too easy for a hacker to get into your other emails. Authentication via text can also be problematic from some overseas companies – but is safer than email. Google Authenticator seems to be the best option. A free app, it works on any smartphone and generates a 6-digit PIN number that you must enter in order to login.
Trust your instincts
Even with the best security in place, you still need to pay close attention to anomalies when you are online and on email. Employee training on cyber security is an extremely important part of keeping your business data secure.
Here are a few tips:
- If an email looks “off” – delete it. If it is truly important, whoever sent it will follow up with you when they don’t get a response.
- When a supplier sends an invoice with a new bank account number – call them and check before you pay it.
- Should a website you typically visit look a bit different to normal – call them and check before you log in.
- If you get a message asking you to confirm or change login details – delete it.
Phishing emails
The reason employee training is so important is that most data breaches are caused by human error. Many phishing emails look perfectly legitimate. They might be from a company you regularly deal with, asking for you to confirm an order or a project that you are working on, for example. The email might send you to a website. The website looks official but is a fake. It requires you to login, and as soon as you log in, the hacker has access to your emails and can find all your passwords, customer/supplier information, confidential data etc.
And here’s the kicker. As soon as the hacker has access to your email, they immediately lock you out of everything. It’s a simple step for them to change your password, then add their own details and set up their own Multiple Factor Authentication. Within minutes you are locked out of everything and cannot get back in again. A password reset won’t work as the reset link goes straight to the hacker.
Your emails? Gone.
All of your business-critical company information in those cloud-based apps you thought were safe? Gone.
You no longer have access to anything and no one can help you as you no longer own the account/s. The hacker has changed all of the information and you don’t know any of the new details. It is a disaster.
What would you do?
Can you even imagine how crippling this would be on your business? If a hacker stole your emails, if you lost access to your social media, Google, your accounting software, customer information, job scheduling and your banking.
This exact thing happens to small businesses and sole traders all the the time. Once a hacker has your digital credentials – your business is in serious trouble – and some companies never recover.
We’ve got your back
You can try to look after cyber security yourself, but you need to be 100% sure that you’re doing it right. Most businesses only find out that they don’t have the right security in place when it’s too late.
If you would rather leave it to the professionals, and get true peace of mind,
contact us today. We have the ultimate
small business cyber security support package for small and medium sized businesses.