Home » Blog » 5 ways small businesses can improve cybersecurity

5 ways small businesses can improve cybersecurity

Tom Sadler, Head of Cybersecurity at Prospa, shares his five top tips for protecting your small business from cyber attacks and gives a behind-the-scenes look at how Prospa protects its customer data.    

At a glance

Here’s a snapshot of the advice from our interviewee:

  • Pick up the phone if an email doesn’t seem quite right.
  • Implement added layers of security via two-factor authentication (2FA) and password managers.
  • Practise good IT hygiene, and don’t put off those updates and backups.

Recent findings from the Australian Cyber Security Centre(ACSC) found that 62% of the small businesses surveyed had experienced a cybersecurity incident, with the ACSC receiving around 144 reports of cybercrime every day. So as much as we might like to think cybercrime is something we don’t have to worry about, it does present a real risk to small businesses.  

Fortunately, there are some straightforward and cost effective ways that small business owners can help protect their businesses from breaches. Start with these five practices to give your business a head start when it comes to improving your cybersecurity. 

1. Be alert to social engineering

Social engineering refers to the kind of cyber attack that plays on emotional responses to manipulate people into divulging sensitive information. You might know it more commonly as phishing. It could be an email that says, for example, ‘payment on a bill is late and service will be cut off in 24 hours if a certain amount isn’t paid’. The attackers play on a sense of urgency to get you to click on a link.  

We are seeing more instances of bank fraud done via phishing and small business owners can be vulnerable targets. Most small businesses deal with multiple suppliers and attackers will make contact by using one of your supplier emails and ask you to update their bank account details so the next payment you make goes into the attacker’s bank account. 

So how do you protect yourself from this kind of cyber attack? 

Pick up the phone. Call your supplier to see whether it’s a legitimate request. A quick call that saves a $20K invoice being paid into the wrong account is time well spent and your supplier will most likely be glad to be made aware of the problem. 

Be sure to educate your staff about what to be on the lookout for. If something sounds too good to be true, then it probably is. If something feels a little off, make a call to check or tell someone else in your team. Phishing is no longer just the promise of millions of dollars. Attackers are having much more success by sending emails that seem like business as usual and fit into the context of your day-to-day operations. But if you embed a level of caution into your processes and your culture, you’ll go a long way to protecting your business.  

And as for the malicious emails themselves, the best thing to do is to select the report spam or report phishing option on your mail application. The more people report phishing emails, the better the service providers get at managing their filters and security settings. 

2. Use two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your online accounts. It works by requiring an additional credential after you’ve put in your username and password, usually a code provided via email, SMS or authenticator app.  

While we all know it’s bad practice, many people still use one password across all our different accounts, from email and social media to bank accounts and apps. If one password is all that stands between you and all your personal and financial data, you’re not putting up enough of a barrier. 

2FA is a really effective way not only to protect your own data but also to show your customers that you take the protection of their data seriously. Many applications already have a 2FA option you can enable and it’s absolutely worth doing.  

Codes received via SMS are really good, but with sim swappingon the rise, an authenticator app raises the bar even higher by generating codes that change every minute. There are plenty of good free ones available and they make it much more difficult for a potential attacker to gain access to your accounts. The PCMag team looked at a range of authenticator apps earlier this year, assessing them for ease of use.

3. Use a password manager

Instead of compromising your security by reusing the same password across multiple applications, use a password manager to generate strong, random, long passwords and store them securely so you never have to remember them. Password managers are easy to set up and use across your business – to help prevent your staff members from password vulnerabilities. 

4. Update your systems

Yes, those install update notifications can be annoying, but they are essential to maintaining good IT hygiene. Those updates come with new features and security patches, and should be installed as required across your phone, computer and browser. If a bug appears that could be used by a cyber attacker, and Google, Microsoft and Apple release an update very quickly, you still won’t be protected until you install that update. In most of these systems, you can now enable automatic updates to make it even easier to stay up to date. 

5. Backup your data

Don’t let your backups be an afterthought. You will be very glad you spent the time setting this up when suddenly you really need them because a laptop has been left in an Uber or an attacker has managed to encrypt your computer.  

A cloud-based service like Google Drive or Dropbox is ideal for making sure you always have a realtime copy of your data. Cloudbased computing is more efficient than maintaining an on-site server and is usually faster and more secure, and allows ease of collaboration and remote access.  

Making these five practices integral to your small business operations can significantly strengthen your cybersecurity. While you might eventually take on security experts as your business grows, most small businesses can implement these tools and processes easily and inexpensively themselves. 

Cybersecurity at Prospa

At Prospa we are protecting more than 10,000 people’s data. And, because we like to walk our talk, we take it very seriously.  

We have a dedicated in-house cybersecurity team with a strong commitment from the leadership team and executives to ensure customer data is kept secure, and it maintains the tools and systems to do so. Our Product Security function makes sure our products are built securely, and our Security Operations function monitors and responds to potential security threats.  

We only keep the data we need. For example, when a customer enters their bank account details so Prospa can quickly assess the appropriateness of a loan, only the data required to support that loan process is accessed.  

This does not provide us with your login credentials or passwords, or the ability to access your internet banking, other than to access your banking transaction data linked to that account. 

The full details of how we handle your data are covered in our Privacy Policy. 

Still anxious about entering bank details online? It does make the loan process quicker but if you’d rather get on the phone and speak with our customer service team or manually upload a PDF of your bank transactions, you can do that as well.  

Prospa mandates 2FA across all our applications it is a key component of our data security policy. If you use the Prospa mobile app, you can also set up biometric security features built into it including facial recognition and touch ID.  

While Prospa is larger than small businesses and is the guardian of large quantities of customer data, the principles described above still apply: be on alert for suspicious email activity, use 2FA and password managers religiously, and maintain the utmost IT security hygiene with best practices across the business.  

If you’re after more detailed guidance, the ACSC has recently updated its fantastic guide designed to help small businesses protect themselves from the most common cybersecurity incidents.

With Prospa’s fast application and decision, this time tomorrow you could have the funds you need to change your business for the better. Find out more.

Primary CTA illustration
Want more small business insights, advice and news straight to your inbox each month?
Subscribe today
Primary CTA icon
Want more small business insights, advice and news straight to your inbox each month?

The information in this post is provided for general information only and does not take into account your personal situation. Nothing contained in this post constitutes advice or an endorsement or recommendation of any kind by Prospa. Any links to third party websites are strictly for informational purposes only. You should consider whether the information is appropriate to your needs, and where appropriate, seek professional advice from financial, legal and taxation advisors. Although every effort has been made to verify the accuracy of the information as at the date of publication, Prospa, its officers, employees and agents disclaim all liability (except for any liability which by law cannot be excluded), for any error, inaccuracy, or omission from the information for any reason, including due to the passage of time, or any loss or damage suffered by any person directly or indirectly through relying on this information.

Keep reading

How to improve your cash flow forecast

05 October 2022 | 3 min read

Why cash flow forecasting is so important, and tips for improving your small business’s forecasting strategy.

View more

Meet the winners of a $5,000 Prospa x Hit Network radio competition

17 August 2022 | 4 min read

Two winners of Prospa’s radio competition share how they intend to spend the prize money, and their ambitious plans for future business growth.

View more

How this myotherapy clinic owner grew his business by 30% in the past year

12 August 2022 | 4 min read

Matt Fraser’s home-based clinic Northern Sports & Remedial Myotherapy is going from strength to strength.

View more

Subscribe to the Prospa Blog

Be inspired! Sign up to Prospa’s newsletter to receive tips, tools and small business success stories straight to your inbox.