5 ways small businesses can improve cybersecurity
At a glance
Here’s a snapshot of the advice from our interviewee:
- Pick up the phone if an email doesn’t seem quite right.
- Implement added layers of security via two-factor authentication (2FA) and password managers.
- Practise good IT hygiene, and don’t put off those updates and backups.
Recent findings from the Australian Cyber Security Centre (ACSC) found that 62% of the small businesses surveyed had experienced a cybersecurity incident, with the ACSC receiving around 144 reports of cybercrime every day. So as much as we might like to think cybercrime is something we don’t have to worry about, it does present a real risk to small businesses.
Fortunately, there are some straightforward and cost effective ways that small business owners can help protect their businesses from breaches. Start with these five practices to give your business a head start when it comes to improving your cybersecurity.
1. Be alert to social engineering
Social engineering refers to the kind of cyber attack that plays on emotional responses to manipulate people into divulging sensitive information. You might know it more commonly as phishing. It could be an email that says, for example, ‘payment on a bill is late and service will be cut off in 24 hours if a certain amount isn’t paid’. The attackers play on a sense of urgency to get you to click on a link.
We are seeing more instances of bank fraud done via phishing and small business owners can be vulnerable targets. Most small businesses deal with multiple suppliers and attackers will make contact by using one of your supplier emails and ask you to update their bank account details so the next payment you make goes into the attacker’s bank account.
So how do you protect yourself from this kind of cyber attack?
Pick up the phone. Call your supplier to see whether it’s a legitimate request. A quick call that saves a $20K invoice being paid into the wrong account is time well spent and your supplier will most likely be glad to be made aware of the problem.
Be sure to educate your staff about what to be on the lookout for. If something sounds too good to be true, then it probably is. If something feels a little off, make a call to check or tell someone else in your team. Phishing is no longer just the promise of millions of dollars. Attackers are having much more success by sending emails that seem like business as usual and fit into the context of your day-to-day operations. But if you embed a level of caution into your processes and your culture, you’ll go a long way to protecting your business.
And as for the malicious emails themselves, the best thing to do is to select the ‘report spam’ or ‘report phishing’ option on your mail application. The more people report phishing emails, the better the service providers get at managing their filters and security settings.
2. Use two-factor authentication
Two-factor authentication (2FA) adds an extra layer of security to your online accounts. It works by requiring an additional credential after you’ve put in your username and password, usually a code provided via email, SMS or authenticator app.
While we all know it’s bad practice, many people still use one password across all our different accounts, from email and social media to bank accounts and apps. If one password is all that stands between you and all your personal and financial data, you’re not putting up enough of a barrier.
2FA is a really effective way not only to protect your own data but also to show your customers that you take the protection of their data seriously. Many applications already have a 2FA option you can enable and it’s absolutely worth doing.
Codes received via SMS are really good, but with sim swapping on the rise, an authenticator app raises the bar even higher by generating codes that change every minute. There are plenty of good free ones available and they make it much more difficult for a potential attacker to gain access to your accounts. The PCMag team looked at a range of authenticator apps earlier this year, assessing them for ease of use.
3. Use a password manager
Instead of compromising your security by reusing the same password across multiple applications, use a password manager to generate strong, random, long passwords and store them securely so you never have to remember them. Password managers are easy to set up and use across your business – to help prevent your staff members from password vulnerabilities.
4. Update your systems
Yes, those ‘install update’ notifications can be annoying, but they are essential to maintaining good IT hygiene. Those updates come with new features and security patches, and should be installed as required across your phone, computer and browser. If a bug appears that could be used by a cyber attacker, and Google, Microsoft and Apple release an update very quickly, you still won’t be protected until you install that update. In most of these systems, you can now enable automatic updates to make it even easier to stay up to date.
5. Backup your data
Don’t let your backups be an afterthought. You will be very glad you spent the time setting this up when suddenly you really need them because a laptop has been left in an Uber or an attacker has managed to encrypt your computer.
A cloud-based service like Google Drive or Dropbox is ideal for making sure you always have a real–time copy of your data. Cloud–based computing is more efficient than maintaining an on-site server and is usually faster and more secure, and allows ease of collaboration and remote access.
Making these five practices integral to your small business operations can significantly strengthen your cybersecurity. While you might eventually take on security experts as your business grows, most small businesses can implement these tools and processes easily and inexpensively themselves.
Cybersecurity at Prospa
At Prospa we are protecting more than 10,000 people’s data. And, because we like to walk our talk, we take it very seriously.
We have a dedicated in-house cybersecurity team with a strong commitment from the leadership team and executives to ensure customer data is kept secure, and it maintains the tools and systems to do so. Our Product Security function makes sure our products are built securely, and our Security Operations function monitors and responds to potential security threats.
We only keep the data we need. For example, when a customer enters their bank account details so Prospa can quickly assess the appropriateness of a loan, only the data required to support that loan process is accessed.
This does not provide us with your login credentials or passwords, or the ability to access your internet banking, other than to access your banking transaction data linked to that account.
Still anxious about entering bank details online? It does make the loan process quicker but if you’d rather get on the phone and speak with our customer service team or manually upload a PDF of your bank transactions, you can do that as well.
Prospa mandates 2FA across all our applications – it is a key component of our data security policy. If you use the Prospa mobile app, you can also set up biometric security features built into it including facial recognition and touch ID.
While Prospa is larger than small businesses and is the guardian of large quantities of customer data, the principles described above still apply: be on alert for suspicious email activity, use 2FA and password managers religiously, and maintain the utmost IT security hygiene with best practices across the business.
If you’re after more detailed guidance, the ACSC has recently updated its fantastic guide designed to help small businesses protect themselves from the most common cybersecurity incidents.
With Prospa’s fast application and decision, this time tomorrow you could have the funds you need to change your business for the better. Find out more.
Two winners of Prospa’s radio competition share how they intend to spend the prize money, and their ambitious plans for future business growth.View more
Subscribe to the Prospa Blog
Be inspired! Sign up to Prospa’s newsletter to receive tips, tools and small business success stories straight to your inbox.