Go to top of page

Top 5 cyber security mistakes: by small businesses

21 July 2017

Small businesses face unique cyber security challenges but there are simple steps you can take to protect your business. Many businesses make the mistakes below because cyber security is not their priority. These mistakes can leave your business exposed to a number of cyber security threats. How secure is your small business?

1. No investment or dedicated resources

Often cyber security is a low priority for small businesses with limited resources. However, the risks posed by malware and hacking are severe enough that many small businesses are unable to recover. It’s not just the remediation costs—it’s the reputation damage, loss of business and legal costs that can follow an incident. A small investment can go a long way to protect your business and protect your customers’ information.

Have at least one person in charge of implementing cyber security measures and staff awareness training. This person should consider the following:

  • learn about threats, trends and security options
  • plan, acquire and implement security safeguards
  • help other personnel understand online security best practices and policies
  • enforce online security best practices and policies with management support
  • maintain and update the security safeguards used by your business.

Read more on including cyber security in your business planning.

2. Unaware staff

Your staff will always be your greatest asset and your biggest cyber security risk. One unsafe click by a staff member on your network can wreak havoc and spell disaster for your business.

Put in place an online security awareness program to keep you and your staff informed about good online security practices. It should include:

  • safe online behaviour training for staff (click safety and how to identify malicious emails, etc.)
  • updates and reminders on policies, standards and best practices
  • a regular, scheduled review to update existing security measures
  • signing up staff to the free Stay Smart Online Alert Service to stay up to date with the latest online threat information.

Training and educating your staff is vital to having a strong online security system in place.

Successful online security within a business of any size relies on management support, good internal communication and individuals taking personal responsibility for their online activities.

Read more on staff awareness.

3. No back-ups

With the ever-increasing threat of ransomware, many businesses are caught off guard and without back-ups of their systems.

In 2016, 50% of Australian businesses experienced a ransomware attack.

An incredibly effective and simple way to safeguard against malicious cyber activity, hardware failure and theft is to regularly back-up your data. If you don’t have a back-up, you can lose everything on your system.

There are many ways to back-up your data and you need to consider the most effective way for your businesses. This includes partial and full back-ups, single and multiple back-ups. It is also important to safeguard your backup by storing it offline in a secure location. Ransomware can lock files on backup hard-drives and shared network drives, so it is essential that these backup devices are disconnected while they are not in use. 

Back-up applications (or programs) are available that can partially or wholly automate this process and can also perform full back-ups. These applications come with some operating systems (for example Windows Back-up or Mac OS), may be bundled with storage devices, or can be purchased separately.

Develop a back-up strategy that considers exactly what will be backed-up, how often and how you will recover after an attack.

Read more on backing-up for businesses.

4. Out of date

In 2017, malware called WanaCry crippled hundreds of thousands of systems around the world. The affected businesses had not installed a software update (for a Microsoft operating system), leaving their systems vulnerable.

Keeping your organisation’s computers, websites and other applications up-to-date is one of the best ways to protect your business from being hacked.

Hackers, along with malicious programs or viruses, find weaknesses in software (called vulnerabilities) that they exploit to access computers, smartphones or tablets. Installing updates fixes these vulnerabilities and helps keep these devices secure.

Installing these updates as soon as possible, limits the amount of time hackers have to find and use these weaknesses. The longer a vulnerability is left unpatched, the more hackers will know about the weakness and how to use it.

Many software providers release patches and updates for their products to correct security concerns and improve functionality.

Most modern software and applications update automatically, but make sure you agree to install updates when prompted. 

Read more on software updates for business.

5. Bring your own device

Many organisations have a bring your own device (BYOD) policy, allowing network connectivity on personal devices.

While this can be an efficient way to do business, it can create vulnerabilities in your network. Anything connected to your network needs to have the same security safeguards as your systems.

Your business information can now easily walk out the door, be stored in apps where data ownership can change (such as messaging platforms) and it can be very hard to keep track of where data is kept.

If you have a BYOD policy, clear guidelines and safeguards need to be implemented to protect your information and network. If you do not have a BYOD policy, clear boundaries are needed to restrict access to your network.

Develop a connected device policy that considers:

  • what devices can be connected to the network
  • what security measures must be implemented on the device (such as anti-virus software and strong passwords)
  • what information can be accessed on the device and what is too sensitive.

Read more on protecting devices.