In Australia, the rates of cybercrimes and cyber attacks against business are increasing every year.
But the good news is that the more you do to prepare your IT security, the more resilient you’ll be against potential cyber security threats against a small business like yours.
We’ve created this Small Business IT Security Checklist. It runs through the basics to help you set up your security systems, and minimise your business’ vulnerability against cyber threats.
1. The nuts and bolts: ensure your building is secure
Small business IT security isn’t solely relegated to the online world. A data breach can be as simple as the wrong person walking into your office, logging on to a free computer, and accessing your data then and there.
So make sure that your computers, databases, and servers are in a secure location in your building. Ensure that only the right people are coming into and out of your offices. And for your staff, provide unique user accounts for your staff, and be sure to erase them when they leave.
2. Is your wifi secure?
The wrong wifi settings can mean that your network isn’t secured, and is available for anyone to access. This is an open invitation to anyone seeking to get a free ride—but also to hackers.
Make sure that you only use a secured wifi network for your business operations. Change your wifi passwords regularly to keep your network safe and secure. And if you must offer a free guest network, keep this separate from your business network.
3. Install a good antivirus program
Installing robust antivirus software is your first line of defence against cyber security threats for small businesses.
And make sure to keep it updated. Antivirus companies are identifying and combating new viruses all the time—after all, it’s their job. Regular updates means your software is secure against the latest threats.
4. Enable your firewall
Your next line of defence is your firewall. Firewalls work in the background of your system to filter incoming and outgoing data and traffic on your computer and network. It inspects this data, and stops any packets of suspicious-looking data from entering.This includes hacking attempts.
A firewall is an easy, low-maintenance way to protect your business.
5. Get a VPN
Virtual Private Networks do just that: they provide a secure, encrypted network that only people with the right access details can use. It ensures that your business’ data and activity remains secure, and is only visible to the people on that network.
VPNs can be set up for both in-house and remote access, and enable a secure way for your authorised staff to access your systems wherever they are.
6. Provide cyber security training
Providing regular cyber security training will remind your staff of your IT security policies, and keep them up to date on the latest security threats that are relevant to your business.
This includes common sense training, like email security. And, importantly, it should cover password security. You’d be surprised at the passwords people are using.
Make sure your staff are across robust password practices. Ensure they understand the need for a minimum of eight characters, upper and lower case, numbers, and other characters and symbols. Password2 just isn’t going to cut it.
7. Limit user access
Not all of your staff need to access every piece of your business’ information. So set up strict user access rules to ensure that only the right people are able to access certain parts of your systems, database, and networks. Limit user access to only the specific data they need to go about their daily tasks, and provide a chain of authorisation for any user seeking extended access.
8. Set up two-factor authentication
One of the easiest ways to add an extra layer of security to your systems is through two-factor authentication.
It’s a simple set-up. When signing in to your business accounts and systems, your staff will be required to receive either a text, email, phone call, or a notification to a special app or USB drive. This notification will contain a code that they then add in as a secondary login step.
They’re the only person that gets this code, which works to thwart any suspicious login attempts. If they receive a code without trying to log in, they know their account is under attack.
9. Manage mobile devices
Make sure that you and your IT security provider keep a log of all mobile devices that attach to your network. You can do this by putting a strong BYO Device policy in place.
Again, you can create a chain of authorisation for any user seeking extended access to make sure these devices all follow proper security procedures and protocols. You’re then able to set the authority levels for different users to ensure only the right people can access certain types and areas of data on their devices.
10. Update your systems and software
Outdated operating systems and software mean that they’re wide open to cyber threats. Old programs aren’t updated by the manufacturer anymore, so don’t receive security updates. Software companies regularly search their software for vulnerabilities, and are frequently coming out with patches to fix the problem, so it’s reasonably easy to keep your systems and software up to date.
11. Backup your data
Having both on-site and external data backup sources provides security and peace of mind that your business information is safe and secure, no matter what happens. Set up automatic, regular backups to ensure your data is duplicated as often as possible, so you’re prepared at any event against data breaches and loss.
12. Get a cyber security assessment
A cyber security assessment performed by a professional and experienced IT security team will ensure you understand the strength of your network.
At Data Express, we provide thorough, holistic cyber security assessments for small businesses like yours. We scan your network, identity any issues, vulnerabilities, and threats, and then put processes in place to fix these issues.
A cyber security assessment is your ticket to gaining a holistic view of your network, and peace of mind that your IT security meets your needs—now and for the future.
Contact us today to organise a cyber security assessment for your business.