Australian small and medium businesses (SMBs) lose an average of between $46,000 to $97,000 per cyberattack they experience. While more than half of small businesses believe cybersecurity threats pose a medium or high risk, four in 10 have no or low confidence in how to prepare for a cyber incident and to recover from one if it occurs. 

Although the nature and severity of cyberattacks are constantly evolving, good cyber hygiene practices can go a long way in reducing the risks and help protect business data and reputation. 

‘Stop the Hack’, a new campaign by the National Office of Cyber Security’s Executive Cyber Council for Cyber Security Awareness Month, aims to raise awareness of best cyber practices among SMBs. The campaign focuses on four simple actions businesses can take to safeguard their information, identify potential threats, and avoid falling victim to an attack. 

Mark Anderson, National Security Officer at Microsoft Australia & New Zealand about Stop the Hack and Cyber Security Awareness Month says “Technology is a key enabler for SMBs, and many of them are digital natives. Technology helps manage their operations, scale and maintain their competitive edge. However, it is important that the technology is trusted so that we can maximise its potential, and that’s where good cyber hygiene practices come into play. While measures like multifactor authentication or password managers might appear as obvious tips, the reality is that many incidents still stem from vulnerabilities that could be easily addressed with such simple practices.

SMBs are savvy – they understand that cyber presents risks to their business, but where they often fumble with what to do about it or how to take action as cyber security is often perceived as a deep technical challenge that only IT geeks can solve, but in reality there are basic measures that can be taken which will significantly reduce your chance of becoming the next victim of cybercrime. With Stop the Hack and the broader work we do at the Executive Cyber Council, we are committed to supporting Australian businesses on their cyber journeys. From providing information and resources to actions they access to experts; it will help build a more resilient digital nation.”

Tips and hints for SMBs to improve their security and safeguard their businesses

Activate multi-factor authentication

Multi-factor authentication (MFA) is a crucial security measure that protects your business platforms, such as your email or online accounting platform from unauthorised access by requiring a second form of verification when logging in. This second form could be typing in a code that your MFA app on your phone has generated, or even a code sent to you by SMS. Using MFA means that even if your password is compromised by a cybercriminal, this extra layer of protection requiring another verification step which is on your phone will prevent them from gaining access. Activate MFA on all critical accounts to reduce the risk of breaches. It is one of the most effective ways to safeguard your business. It is also a good idea to activate MFA on all your personal accounts, including social media. 

Apply all software updates

Software updates are more than just minor improvements, these updates often include patches for software vulnerabilities that hackers can exploit. By applying updates promptly, you protect your systems from potential threats and ensure your business operates smoothly. Applying these updates as soon as they’re available is a simple yet powerful step in preventing unauthorised access and keeping your business safe from potential breaches. Make updating your software across all your devices a priority.

Avoid password reuse

Where possible, move to password-less solutions, but when you must use a password make sure you use a unique one for each system you log in to. Using unique passwords per system is essential because if a cybercriminal manages to guess your password for one site, they will try it on other services, so it may only be a significant service you use which initially gets breached, but if the same details work on your banking website, the consequences will be significantly different! Investigate the use of tools such as password managers to manage and protect your passwords, and never share them. Keeping passwords confidential is essential to safeguarding your business from potential security breaches.

Ask ‘is this a phishing email’

Phishing emails are a common threat and can lead to serious security issues for your business, often appearing legitimate to trick you into sharing sensitive information or downloading malware. Look out for red flags like unexpected requests, poor grammar, suspicious links and unfamiliar email addresses. Even when you think the email may be legitimate, there is nothing wrong with an extra level of due diligence, if you are being asked to pay an invoice, call the company (don’t reply to the email!) to check if it is legitimate and that the bank details for the transfer are correct. Train your team to identify these phishing tactics and report suspicious emails. Encourage a culture of skepticism and verify any requests for sensitive information through trusted channels. Staying vigilant can help protect your business from costly security breaches.