Not protecting your customer information could have an impact on the reputation of your business or the relationship you have with your customers.
Practising online security is particularly important for home-based businesses which often share their computer resources with family members.
For many businesses it is their virtual assets-the data and information being stored on their computers and fileservers-that are the most valuable and often irreplaceable assets. Protecting that information is an issue for all businesses but particularly small to medium businesses where they may not have the money to spend on dedicated IT Security support.
Many businesses are also increasingly doing business via the internet as online commerce allows them to reach a broader customer and supplier market. Doing business online increases the importance of having effective online security practices. Providing a secure environment for transactions is critical in building and maintaining customer confidence and trust. There are also legal obligations which govern how businesses must manage customer information to ensure privacy.
If your business uses computer equipment, is operating online or even using email to conduct business, you need to make sure you put in place effective security and you and your staff are using the internet in a safe and secure way.
The Defence Signals Directorate's information security function promotes cyber security to all Australians. Their Top 35 Mitigation Strategies emphasise the importance of keeping software up to date to minimise the opportunities for criminals to steal or misuse your information. Their CyberSense videos show some of these threats.
- Install security software that includes a firewall, anti-virus and anti-spyware. Ensure that it is updated automatically.
- Develop a backup strategy for your critical data. A good strategy includes daily backups, an additional weekly or monthly backup and offsite storage of at least the weekly back-up media. Test that you can recover with back-up data.
- If you do not have a dedicated IT Manager, assign at least one person in your organisation to have responsibility for network security (password, backups, AV updates).
- Develop clear policies for staff using your computer or network. Ensure that staff understand how they are allowed to use email and the internet.
- Develop a 'culture of security'. Businesses need to have Internet security measures in place and make sure staff are aware of and follow internet security practices.
- Use software from reputable sources. Keep your software patches up-to-date.
- Use spam filters to reduce the amount of spam that your business receives. Know how to manage the spam that gets through and ensure your staff know how to recognise scam and hoax emails and to avoid clicking on links or opening attachments from suspicious emails.
- Keep yourself informed about the latest cyber security risks. Subscribe to email notification services that keep you informed about the latest cyber security risks and solutions. See our Alert Service.