The impact of serious security breaches is certainly real and can be devastating for your business. Photo / Thinkstock
Opinion
Every business owner today is reading about businesses being hacked around the world. But just because global corporates like Sony and Microsoft make the news, doesn't mean small businesses aren't at risk of being under threat too. The key questions I'm asked by small business owners are "Does it really affect me?" and "What should we be doing to prevent these attacks?"
So with that in mind, here are five simple steps to help keep your business in check to beat the threat of cyber security:
1) Plan for an incident 2) Use the latest tech, hardware and software 3) Embrace the cloud and SaaS (Software as a Service) 4) Use proper user accounts and passwords 5) Deploy all the best options available
No. 1: Incident Planning is the most important step. For just about everyone today your technology and information drives your business, and most of the information held isn't yours, it's your customers. So don't just think about how much you care about information security, think about how much they care.
Don't stick your head in the sand, crossing your fingers that it'll never happen. Your customers are starting to really care about their information and privacy, so you should too.
No 2: Use the latest technology and keep it updated. The next biggest issues are outdated, unsecured and unmaintained systems. It really is an arms race between the software vendors (e.g. Microsoft) and the bad guys constantly trying to hack-in.
Don't let your systems age and become out-of-date or unmaintained, as you'll run the risk of your information coming under threat, without even knowing. If you have laptops, PCs, Servers and WiFi routers over three years old that have never been touched, they may need replacing.
As for your software, patch, patch, patch. Whenever Windows tells you there is an update, apply it. If the vendor of your core business app roles out an update, install it. Nearly 90 per cent of security issues are caused by systems just not being updated to patch for known security flaws.
No 3: Embrace the Cloud and SaaS. If the thought and investment required to maintain systems is just too hard to comprehend, that's where Cloud / SaaS (Software as a Service) kicks in.
In a nutshell Cloud and SaaS means you're paying for an application or computer systems online, where a professional team updates and secures the systems for you as part of its services. Whether it's Office 365, Google Apps or Xero, for a SME it is crucial to use the Cloud and SaaS options.
Decide how much you care about your company's own security. If you do care, don't get complacent.
The next big failing we see is shared user accounts across IT, and weak / re-used passwords. The rules here are simple. Have a unique user account for every user in your system. Only make them administrators when they need to be, and not just because it can be easier.
Use strong passwords, never share passwords and never use the same passwords for different systems. It may seem cumbersome in the beginning, but it will be worth it in the long run.
No. 5: Know the options and get help, because naivety is no excuse. There are many companies around today who can help you think about your cyber security risks and ways to manage them. There are even insurance companies who will now insure you against cyber security events.
The biggest question SMEs will have to ask themselves is "Would a cyber-security incident affect me?" The impact of serious security breaches is certainly real and can be devastating. From SMEs putting their life's work into building their business, only to have it taken offline, to large businesses losing the ability to service millions of users, as well as real people being unable to perform critical daily tasks.
So decide how much you care about your company's own security. If you do care, don't get complacent. Following these simple steps could be the difference between having your business compromised from malicious data breaches and system outages that can often be difficult (and very costly) to get back up and running.