Data security for small business

Australia had its’ highest volume of data security breaches in 2015, with hackers not discriminating against business size. In fact, small businesses are often a more attractive target to hackers, having rich data assets and often poor security compared to larger organisations.

Hacking victim David Wood, co-owner of a community medical centre in Queensland, says: “We’ve got all the antivirus stuff in place – there’s no sign of a virus. They literally got in, hijacked the server and then ran their encryption software,” he told the ABC.

The hackers demanded a $4,000 ransom not to decrypt sensitive data – part of a wave of attacks throughout Australia last year.

Small businesses are often caught up in broad-reaching attacks done on a large scale. With the threat escalating, how can small business owners fight back? The key lies in being prepared and planning how to handle an attack.

Do a stock take

The first step in protecting your data is finding out exactly what is at stake. There are legal reasons for doing so too – under the Privacy Act, all businesses are responsible for the security of records containing personal information.

Back up

Do it NOW and do it often!! Backing up will help you to recover what you’ve lost in the event of security risks like viruses, hackers or hardware failure. Just like you’d insure your business against fire damage and other risks, backing up is insurance against data risk.

The government has even created a guide to backing up data, which explains the various ways this can be done.

Get employees onboard

It’s important to educate employees about how they can minimise data theft in the workplace. Key risks include opening malicious attachments, leaving computers unattended, not frequently changing passwords and visiting restricted sites.

Downloading a pirated video game that has malware on it or opening a virus email file without realising can have significant consequences for data security.

There is always the possibility of an inside attack or fraud by an unhappy employee, so monitor employee behaviour to see if anyone is accessing information more frequently than normal, or in an unusual manner – like not completing transactions. And if you terminate someone’s employment or they move on, remove their access to your systems and social media accounts immediately.

Secure every entrance

In the age of BYOD (Bring Your Own Device) the likelihood of data loss caused by personal devices increases. Staff should also be aware that sharing too much information online is also a risk. That Facebook reference to a pet dog could be a perfect clue for a hacker trying to guess a password.

Don’t make life easy for hackers by using common passwords such as “123456” or “password.” According to SplashData, these are the current top favourites along with “qwerty” and “letmein” (exactly what a hacker might appreciate).

Just like you’d lock the doors and windows of your office before leaving, lock all the entrances to your business online by using antivirus and security software. And monitor security on a regular basis. You can try and catch hackers before they can do serious damage by installing software that monitors unauthorised access and scans emails.

Have an understanding of the basics

Knowing the difference between a firewall (which protects a network or system against unauthorised access) and antivirus software (which detects and remove malicious software) can make all the difference when it comes to understanding your risks and the expenses associated with them.

But consider having someone to turn to

As a small business owner you’ll be well aware that several roles fall under your job description. However, when it comes to data security and dealing with breaches, it may be easier to work with an expert. Having an IT professional who can work ad-hoc if or when you need will give you peace of mind and ensure any issues you may have get dealt with as efficiently as possible – it’s an extra cost that could end up saving you thousands.

Cyber attacks don’t just happen to big companies. The more your business grows, the more data you have to lose, so small businesses need to protect themselves. Preparation is the key – have a plan for preventing and handling security breaches and make your staff know what to do too.

In case you were wondering, Prospa is compliant with all applicable Australian quality and security standards. We also encrypt all personal, sensitive and financial data. Where you have given consent, we use an advanced bank verification system link to instantly verify your bank information online so we can provide a response in one hour.