Attacks from cyber criminals are increasing, and increasingly brazen. Malware and bots can lurk within systems and cause considerable damage before being detected.
For example, the Marriott hotel group offers a cautionary tale. It only discovered in late 2018 that hackers had infiltrated its reservations system – back in 2014! – hijacking birth dates, phone numbers, email and mailing addresses, passport numbers, bank account details and more, from around 500 million guest accounts.
If massive organisations with sizeable IT budgets and dedicated departments are susceptible to cybercrime, how can a small business hope to keep up? The simple answer: they can’t afford not to.
In 2017, 43% of Australian small businesses were targets of cybercrime, at an average cost of $10,000, according to The Australian Cyber Security Centre (ACSC).
Without effective data protection practices, that figure could climb even higher. Because under Mandatory Data Breach Notification laws, failure to notify the Office of the Australian Information Commissioner (OAIC) could mean fines of up to $2 million.
The good news is that you don’t need to spend a fortune to secure your data.
James Nunn-Price, Deloitte Asia Pacific Cyber Leader, says that for small businesses and sole traders, it should be as easy as following these six steps:
1. Only keep data you need
“It’s a human instinct to hoard,” says Nunn-Price.
“But one of the issues we’re seeing in this area is that as newer, more secure systems are put in place, no-one’s addressing legacy data.”
Nunn-Price’s advice is to set up a routine to review the applications or individuals you no longer deal with.
“If it’s going back a year or two, securely delete that data if it’s no longer needed,” he says.
2. Maintain good cyber hygiene
No matter what devices you use, make sure they have a good anti-virus solution and firewall.
And don’t rely on the free versions that come bundled with software.
“Pay for a better quality one,” says Nunn-Price. “And ensure that hard discs are encrypted.”
3. Back-up in a separate place
Whether you choose a cloud back-up system or a separate network drive at home, make sure it’s encrypted.
“That way if you get one of those CryptoLocker viruses that encrypts all your data and holds your machine to ransom, you can recover it,” says Nunn-Price.
4. Enable multi-factor authentication
Nunn-Price says most incidents he’s dealt with recently have involved organisations or individuals whose user password have been stolen.
“Multi-factor authentication prevents cybercriminals accessing or intercepting emails with attachments and other personal or financial information,” he says.
“You get codes via SMS or an authenticator app for your phone or tablet. All the major platforms offer it, it’s free, and it immediately makes you a harder target for phishing emails and so on.
“Turn it on for everything, even personal things like Facebook, LinkedIn and Instagram.”
5. Turn to the cloud
Opt for a cloud-based service and pay extra for the security, is Nunn-Price’s advice.
“It will cost a bit more, but if you’re dealing with lots of personal and financial data, you’ll get a better level of protection and assurance.”
6. Become a human firewall
“Being aware of risks and threats to your data is your best protection,” says Nunn-Price.
“There’s a lot of material on government websites such as Stay Smart Online, and they also tell you where to report things when they go wrong.”
Want to keep one step ahead? Sign up for our monthly enewsletter, full of insights and tips to help you in your day-to-day.
Important: This article has been prepared without taking account of the objectives, financial or taxation situation or needs of any particular individual. Before acting on the information, you should consider its appropriateness to your circumstances and if necessary, seek appropriate professional advice. Any information used in this article is for illustrative purposes only. Deloitte is an external entity that is not a member of the Commonwealth Bank of Australia Group of Companies (the Group) and the content or any view expressed by Deloitte and its employees does not represent an endorsement, recommendation, guarantee or advice in regard to any matter. CBA, nor members of the Group accept any liability for losses or damage arising from any reliance on external parties.