As more Australians have started to and continue to work from home, business owners and managers need to place their cyber security strategy at the forefront of their minds and focus on building long-term strategies to protect personal and business data.  In this article we explore eleven cyber security tips for small business.

These are fundamental actions that all small businesses must consider to protect their business, employee and customer data.

1. Develop and execute a company security policy from inception
2. Ensure all software is updated and regularly
3. Use password protection software
4. Use two-step authentication
5. Ensure that only selected staff members have full access relevant software and platforms in use
6. Discourage the use of auto-fill services by all employees no matter how convenient
7. Enforce limits on file upload type and size
8. Implement an SSL certificate
9. Use a spam filter
10. Be wary of social engineering
11. Employ the services of a security specialist.

Cyber security tips for your small business

Develop and execute a company security policy from inception

When first setting up any new business, relevant staff must develop a security policy that is specific and right sized for the business.  Once developed, distribute to all staff members, deliver security training, provide practical training where required and ensure the policy is easily accessible to all employees  Any new staff members must receive this training as part of their on-boarding.

Any security policy must extend to the avoidance of sharing passwords, saving passwords and using personal devices in a work setting.

Ensure all software is updated and regularly

All software must be constantly upgraded and updated.  Hackers have the heightened ability to find the loopholes and weaknesses in software, so you need to be vigilant and not put off updates when alerted.

Staff must be trained and reminded to not click on spam emails.

Use password protection software

Employees should only be granted access to software and platforms if deemed necessary to perform their job, otherwise they should not be shared.  There are software programs available to generate random passwords, so the same password is not used repeatedly across different programs.

Use two-step authentication

Using two-step or double-factor authentication allows businesses to minimise any risk associated with multiple employees using the different platforms and software that you use.  Users can take on the form of multiple passwords or confirming their identity through another device to gain access.  Software such as Microsoft Authenticator is a good example of this.

Ensure that only selected staff members have full access relevant software and platforms in use

Business owners need to ensure they are aware of who has been granted access to the different software you use.  Often, the less people that are given access, the safer you’re likely to be.

Discourage the use of auto-fill services by all employees no matter how convenient

By requesting staff to disable auto-fill on their devices, your security level will increase.  This means that browsers will not save passwords or personal data, whether they are used with a password sharing platform or not.  Ultimately this makes it difficult for hackers to gain login details.

Enforce limits on file upload type and size

A large volume of file uploads over a short period of time can lead to leaks in your online security system via a bug.  This makes it easier for hackers to access to your files and data.  This can be avoided by opting for small short of data uploads rather than one large file upload.

Implement an SSL certificate

Ensuring that you have an SSL certificate will make your data more secure.  It is vital as it offers end-to-end encryption on any information that you publish online.  Your data is transferred via plain text between your browser and server, making this information easy to read by hackers.

Use a spam filter

By using a spam filter, it will minimise and slow the transfer of content delivered to your systems.  It will filter dangerous content that may spread viruses and assist hackers in any cyber-attack.

Be wary of social engineering

There are number of different ways that hackers are able to access systems and gain information.

Social engineering generally involves ‘scamming’ people into compromising security practices and rules and handing over personal information.  Ensure that you and your staff never share passwords, they are forced to regularly change passwords to something different from the most recent iterations.

Employ the services of a security specialist

A trained security specialist can oversee the development and implementation of your security policies and monitor on a longer-term basis.  While some business may not be able to afford this support, it is strongly recommended that someone internally is educated and trained in this space to help protect your data and systems.

The prevalence and sophistication of cyber-crime in Australia and across the globe means that having a well thought out and executed cyber security plan is non-negotiable in ensuring the protection of your business and its networks.