Another government organisation has published a practical cyber security guide for small businesses.
This year has seen organisations globally, from Cadbury to Victoria Police, hit by hackers. If organisations of this size, with their cyber security experts, are falling victim, what chance do smaller businesses have?
Last year’s Symantec Cyber Security Survey found that nearly one in five Australian businesses had experienced some sort of cyber attack – and the consequences of those breaches can be high. Small and mid-sized businesses are paying an average $276,323 to recover from a successful attack, according to Mailguard founder Craig McDonald in his ebook, Surviving the Rise of Cybercrime.
Fortunately, there’s no shortage of resources for those looking to protect their business – including independent advice from government. The Australian Signals Directorate (ASD), for example, earlier this year updated its highly regarded recommended cyber security strategies to an ‘Essential Eight’.
Now the UK’s National Cyber Security Centre (NCSC) has released a guide with practical advice specifically for smaller businesses. Its advice is just as relevant here in Australia and while it won’t necessarily prevent every kind of attack, it is a great place to start.
Here are the NCSC’s five ways you can improve cyber security within your organisation “quickly, easily and at low cost”.
The first piece of advice given in the guide is to back up your data in a separate place from your computer. This could be in a physically separate place, like a USB kept in another building, or in the cloud. The NCSC guidelines say to do this every day.
The second piece of advice is protecting your organisation from malware using antivirus software and avoiding dodgy apps. Another way to stay away from malware is to keep your software up to date, and control how many people use USB sticks.
Protect mobile devices
Cyber security is not only about laptops and computers. The NCSC guidelines provide five steps to protect your phones and computers, including password protection, tracking if the phone is stolen, updating security software and apps, and not connecting to unknown Wi-Fi.
Use strong passwords
It might sound obvious, but password protection is the first step in preventing a cyberattack. Two-factor authentication should be used whenever possible, and people should avoid using default passwords or predictable ones.
Protect against phishing
One of the most common kinds of attacks is phishing, where someone sends an email or text with a disguised link, in an attempt to get the person to click bad links or share their personal information. To avoid phishing attacks, business owners can configure accounts, make sure staff understand what kind of requests they are likely to receive, keep an eye out for obvious signs and report when attacks happen.
“Cyber security can feel daunting for a small business, which is why we've made [an] easy-to-access guide to help them thrive online,” said Alison Whitney from the NCSC.
“Protecting against malware, backing up data and avoiding phishing attacks should be as second nature to a small firm as cashing up or locking the doors at night. Whether you own a bakery, a building firm or you sell products online, our advice will help all business owners avoid threats that can cost time, money and reputation.”
This guide is based on an article that originally appeared at IT Pro.