How to strengthen your cybersecurity

Consider these expert tips for strengthening your small business’s cybersecurity practices. 

At a glance

Here’s a snapshot of the advice from our interviewees:

  • Strengthening your business’s cybersecurity starts with installing the appropriate antivirus software and setting automatic updates.
  • Passphrases are increasingly preferred to passwords due to their length and unpredictability.
  • A system is only as strong as its weakest point, so educate yourself and your team members about the dangers of social engineering.

Implementing and maintaining robust cybersecurity practices is a top priority for small business owners. As much as we might not like to think about cybercrime, it can present a real risk to the security of the data, information and finances of businesses and customers.

The Australian Cyber Security Centre found that during the 2021-2022 financial year, the latest range for which data is available, the average cost per cybercrime report to the ACSC was $39,000 for small business – making lax cybersecurity practices a tangible threat to the health of businesses.

Fortunately, there are straightforward and cost-effective ways owners can increase their resilience to cyber security risks.

Basic cybersecurity tips

The ACSC recommends small business owners consider a series of easily implementable actions. These suggestions include:

  • Turning on automatic updates, especially for operating systems
  • Creating passphrases – rather than passwords – that are long, predictable and unique
  • Educating yourself and your staff against cyberthreats

Jackson Yin, Managing Director and Co-Founder of kit home supplier iBuild Building Solutions, shares some of the techniques he has used to help protect his business’s cybersecurity. These include:

  • Basic security measures. “We’ve installed antivirus software and firewalls, and enabled two-factor authentication to prevent cyberattacks.”
  • Employee training. “We educate our employees on basic cybersecurity best practices, such as identifying phishing emails and securing their devices.”
  • Data backup. “We regularly backup our data from our shared Google Drive onto our network attached storage drive to prevent data loss in case of a cyberattack.”
  • Software updates. “We ensure that all software, including operating systems, applications and plugins, are up-to-date with the latest security patches.”
  • Security audits. “We conduct quarterly security audits to identify vulnerabilities and address them before they can be exploited.”

These techniques require vigilance, says Jackson, but the boost to cybersecurity is worth the effort.

Tips from a Prospa expert

Shai Haim, Chief Technology Officer at Prospa, identifies four key motivations for introducing effective cybersecurity practices:

  • Business continuity. “First of all, there’s the issue of business continuity,” he says. “A cyberattack can take your business down completely, so if you are online in any way, there is potential for someone to get into your system and disrupt your business.
  • Customer trust. “There is also the issue of trust. Customers entrust you with their personal data and sometimes their financial data. You do not want to betray that trust.”
  • Finances. The financial and time-related cost of recovery from a cyberattack can be excessive, and more than some small business owners might be able to afford, says Shai.
  • Data compliance. “Depending on what kind of small business you are, there might also be regulations you must follow to stay compliant,” he adds. “If you are an accountant or a law firm for instance, there will be regulations around what you can do and how you should protect data.”

Shai suggests a two-part approach to cybersecurity. First relates to technology and having good “device hygiene”.

“Make sure your software is up-to-date on all your devices and use a password manager if you can,” he suggests. “A password manager is the best solution for all of these problems.

“These days, the recommendation is not to use a short password with high complexity. It’s to use long but memorable passphrases. Take a line from a song that you like and use that as your passphrase; a 14-character phrase would be harder for anyone to break.”

The second aspect of a good cybersecurity strategy is remembering the human factor.

“At the end of the day, a system is only as strong as its weakest point,” says Shai. “Humans are the weakest point in security systems, so educate yourself and your team members, if you have them, about social engineering.

Social engineering refers to the methods used to manipulate people into carrying out specific actions or divulging information.

Stay vigilant to who has access to what information, as this can pose a risk.

“You do not want to get to a point where an employee manages to get access to information they should not have.”

Prospa’s dedicated in-house cybersecurity team works to ensure customer data is kept safe and secure, and takes a variety of security measures to help protect small businesses, including fraud controls, two-factor authentication, advance data encryptions and card freezing.

A Prospa Business Account can help you keep track of expenses, revenue and profit – and maintain a steady eye across your business’s finances.

The information in this post is provided for general information only and does not take into account your personal situation. Nothing contained in this post constitutes advice or an endorsement or recommendation of any kind by Prospa. Any links to third party websites are strictly for informational purposes only. You should consider whether the information is appropriate to your needs, and where appropriate, seek professional advice from financial, legal and taxation advisors. Although every effort has been made to verify the accuracy of the information as at the date of publication, Prospa, its officers, employees and agents disclaim all liability (except for any liability which by law cannot be excluded), for any error, inaccuracy, or omission from the information for any reason, including due to the passage of time, or any loss or damage suffered by any person directly or indirectly through relying on this information.