[adning id=”12070″]

[adning id=”12070″]

2 Reasons cybercriminals call small businesses ‘sweet spots’

Firstly, small businesses are in the so-called ‘sweet spot’ of having more money in their bank account than the average consumer. They also move money around far more often than regular people, such as paying invoices, money transfers and payroll.

In a recent article for internet security company ESET, André Lameiras noted that with much of the media coverage focused on truly big security breaches, many small business owners might be forgiven for thinking they’re safe.

ABF media

“Far from it,” he warned, “These days, no company is too small to be noticed by the criminally inclined – or become collateral damage from attacks aimed at other targets. Too often, companies fall victim to attacks that are indiscriminately deployed at scale to haul in a bigger catch.”

The second reason why SMEs are the ideal target for attackers is because of their size – put simply, they are less secure than large enterprise organisations. This may be because of a false sense of security, but it could also be because the business just hasn’t made cyber security a real priority.

Mr Lameiras says that regardless of their size and stage of preparedness, businesses should regularly evaluate their incident response capabilities, even more so in times of increased risk.

“If your company is only now assessing its security risk, it is safe to assume your security posture is at a fledgling stage. There are, however, a few simple steps that you can immediately take to protect your data and the data of your employees,” he said.

Make an inventory to assess your risk: If you don’t know what you have, you can’t protect it. Maintain a list of all your hardware: PCs, laptops, mobile phones, routers, and printers. Also include your digital services, like the software you use, bank accounts, and cloud services such as Google Docs and iCloud. This inventory will make it easier to know where and what could go wrong.

ABF media

Define your security policies: Safety and good leadership go hand in hand. Make sure you communicate to your employees why this is an important topic, why only authorised staff can enter the office, or why they should not use personal laptops or other devices to access work data. If they work remotely, explain why they should be careful when connecting to public Wi-Fi hotspots.

Set up your controls: To ensure that the policies agreed upon are being implemented, it is important to put IT controls in place. A foundational step is to set a unique username and password or passphrase for each employee to access their laptop and the company’s intranet. Set out the protocol that workers should follow in case they encounter any kind of security issue or incident. You should also use security software to protect employees from malware. Finally, consider using encryption to prevent data from being accessed and read by an attacker and two-factor authentication to provide an extra layer on top of the password.

Test your security policies: With the previous steps taken, your company already benefits from a certain level of protection. But you still need to make sure all steps have been well adopted and that they offer a smooth response in case of an attack. Keep in mind that you need to make sure employees use strong and unique passwords.

Educate: Increasing employee cyber security awareness is a long-term effort. Even well-informed workers might fall for simple phishing emails. An effective security strategy depends on your leadership to inform and educate employees.

Keep testing: Once you’ve been through the previous steps, don’t let your guard down. You need to reevaluate your processes at least once a year or more often during periods of crisis. Make sure your employees maintain compliance with your guidelines, that all software is up-to-date to stay safe from known vulnerabilities and to disable or remove the accounts and access of employees who have left the company.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on print
Print

Leave a Comment

Your email address will not be published. Required fields are marked *

SUBSCRIBE FREE
SME NEWS BRIEFS

Get breaking news delivered
  • This field is for validation purposes and should be left unchanged.

RECEIVE GOVT GRANT OF $10K to $250K*.

Austrade Approved Business Events
AVAILABLE NOW APPLY BEFORE 30th MARCH 2021 (Condition apply)

  • ABF Events are approved and listed below have been certified by Austrade on the Schedule of Approved Business Events.
  • This allows exhibitors, sponsors, delegates and partners to participate in the Business Events Grant Program. Note event bookings need to be confirmed ASAP to participate in the grant program
  • The program provides 50% rebate (based on a minimum spend of $20k) for approved items including ABF event-media packages, exhibition stands, corporate function tables, delegate registrations.
  • Govt Grant applications are now open until the 30 March. Please contact ABF to discuss how we can assist, we have experts to assist grant applications.
  • Grant funding will cover up to 50% of eligible expenditure incurred in participating at pre-approved business-to-business events as buyers or sellers during the 2021 calendar year.  All grant applications must be submitted for approval via the following link: https://business.gov.au/grants-and-programs/business-events-grants
  • For further information please see this fact sheet.