Article
A guide to cyber security for small businesses
Any business and individual could be targeted by cyber criminals, but there are various steps you can take to protect you and your business and minimise the risks.
A cyber-attack is when an online criminal or state, often known as hackers, gains unauthorised access to a computer system in order to steal, change, expose or destroy information.
The Australian Cyber Security Centre has urged Australian organisations to “urgently adopt an enhanced cyber security posture… in light of the heightened threat environment”.
To prevent their businesses from being negatively impacted by cybercrime, it’s important that everyone is well prepared and business owners take responsibility for the security of their business and themselves. This guide outlines how small businesses can develop an effective cyber security strategy.
Cyber Threats
There is a wide range of threats which can be deployed by people who wish to do you or your business harm ranging from simple attacks which can be carried out by anyone with a laptop and an internet connection to groups dedicated to this kind of activity who are well organised and funded.
Some common threats include:
Phishing: Fraudulent emails or text messages, which often appear to be from a legitimate company, asking the recipient to send personal information such as passwords and bank details. Phishing is one of the most common methods of cyber-attack used by hackers on businesses.
Malware: Software that gets unauthorised access to a computer and causes harm. Viruses, which infect legitimate software are a common form of malware. Ransomware is another one. This is when a criminal blocks access to data or systems until a ransom is paid.
Denial of service: An attack designed to shut down computer systems so they can’t be accessed by legitimate users by flooding systems with traffic. This is often used as a distraction to overload defences in order to carry out other more destructive attacks.
Cyber security tips
To combat cyber-attacks, there are various actions businesses can take:
Provide employee training
Employees should be trained in cyber security and how to work safely online. They should know how to spot a potential cyber-attack and how to report it should one occur.
For example, staff should be educated in the threats posed by phishing emails. It’s common for criminals to send emails which appear to be from the boss of the company asking employees to make a payment to a bank account. The emails might also ask the recipient to click on a link. Doing so could lead to malware being installed.
Signs of phishing to look out for include bad spelling and grammar, poor quality branding and a veiled threat to act quickly.
Secure passwords
All your devices and online accounts should be protected by complex, unique and secure passwords. Many modern devices also use fingerprint and face recognition which can replace a password.
Avoid using predictable words such as your pet’s name or phrases like ‘password123’ that a criminal could easily guess.
To cut down on the passwords you need to remember, you can use a password manager. This is a tool which stores and creates multiple passwords that you access using one master password.
For important services such as banking and social media, switch on two-factor authentication. This adds an extra layer of security by requiring two methods to verify your identity such as adding your email address and password followed by a code sent to your phone as a text message.
If you suspect a cyber-attack has occurred, you should change your passwords as soon as possible.
Most accounting software requires two-factor authentication, which ensures that a business's data has only been accessed by the correct person. Make sure you choose the right software to protect you data. Your local TaxAssist Accountant can advise you further on this.
Backup your data
You should make sure you regularly backup important business data such as customer details, payment information, documents, emails and photographs. This means you’ll have a copy if your company is attacked.
Backups should be restricted so they are not accessible by employees and not permanently connected to the device holding the original copy. Malware can also infect back up storage devices such as a USB stick.
Keeping backups in a different location, such as using cloud storage solutions, is also recommended. It’s a good idea to regularly test that back-ups are working correctly.
Install antivirus software
Antivirus software plays a key role in preventing cyber-attacks and is one of the easiest ways to protect your business.
You should install anti-virus software from a reputable company on all devices you use.
Run regular scans from your antivirus software and immediately deal with any issues that a scan identifies.
Switch on firewalls
A firewall monitors traffic coming in and out of a computer or network. It acts as a buffer between your systems and external networks, such as the internet, to block threats.
A basic firewall is included with most operating systems, however professional can offer a wider range of protection and assurance.
Use up-to-date software
All software, operating systems and apps should be kept up-to-date with the latest versions from vendors. This ensures you get critical security updates that protect your devices.
Automatic updates should be switched on where possible and when updates are no longer available because support has been withdrawn by the developer, you should consider replacing it with new software. Businesses still using old versions of Windows which are no longer supported leaves them more vulnerable to cyber-attack.
Date published 29 Jul 2022 | Last updated 5 Oct 2022
This article is intended to inform rather than advise and is based on legislation and practice at the time. Taxpayer’s circumstances do vary and if you feel that the information provided is beneficial it is important that you contact us before implementation. If you take, or do not take action as a result of reading this article, before receiving our written endorsement, we will accept no responsibility for any financial loss incurred.Choose the right accounting firm for you
Running your own business can be challenging so why not let TaxAssist Accountants manage your tax, accounting, bookkeeping and payroll needs? If you are not receiving the service you deserve from your accountant, then perhaps it’s time to make the switch?
Local business focus
We specialise in supporting independent businesses. Each TaxAssist Accountant runs their own business, and are passionate about supporting you.
Come and meet us
We enjoy talking to business owners and self-employed professionals who are looking to get the most out of their accountant. You can visit us at any of our multiple locations, meet with us online through video call software, or talk to us by telephone.
Switching is simple
Changing accountants is easier than you might think. There are no tax implications and you can switch at any time in the year and our team will guide you through the process for a smooth transition.