ESET's Guide to Small Business Cybersecurity

Cybersecurity incidents are costing Australian organisations as much as $29 billion per year – and small businesses are no exception. Cyberattacks are just as likely to happen to small and medium organisations as they are to large ones, so it’s critically important you and your team are equipped to deal with any threats that come your way.

Cybersecurity threats for small businesses can appear in many shapes and sizes, from phishing scams and ransoms to data hacks and fraud – contributing to drops in revenue, lost intellectual property, damaged brand reputations, and even lawsuits. But there are simple ways to counter these threats and keep your data, staff, and customers protected. Here are six simple small business cybersecurity tips from leading IT security vendor ESET that you can use to keep your company secure:

1. Perform a cybersecurity audit

A good place to start is with a business-wide audit or risk assessment. Identify and evaluate any potential risks that might compromise the security of your company's networks, systems and data. Noting any potential threats will help you create an action plan to address any gaps in your security posture. We recommend you check:

• Software updates
• Protection of passwords
• Encryption of data at rest (disk encryption)
• Encryption of data in flight (suitable network protocols and VPN for remote access)
• SSL certificate on your website
• Your use of a firewall. Do you have one? Is it up to date?
• Inventory of business-sensitive data – what, where and who has access
• Implementation of regularly scheduled backups of critical data
• Security of mobile devices and connected things, such as smart TVs and printers
• Documentation of cybersecurity policies and staff training on cybersecurity

As part of your audit, determine the risk levels of possible cybersecurity incidents, and how breaches might potentially affect your company. Then, create a recovery plan in the event of a cyberattack to help your business stay running in any situation.

2. Regularly update your software

Once your assessment is complete and you've identified key risks, begin to develop or improve your cybersecurity strategy – and continue to do so at regular intervals for optimum protection.

In particular, the software that your company is using should be updated regularly in order to minimise exposure to vulnerabilities over time. Updates are important for adding patches that close coding loopholes, blocking malware and keeping company data safe and sound from hackers.

For additional protection, consider using ESET Security for Small Businesses. This will give you a useful single-point overview of your network security, one of the best firewalls for small business, and automatic notifications if incidents occur so you can react immediately from wherever you are.

3. Encourage secure password management

You’re only as strong as your weakest link – so educating your team on cybersecurity best practices for employees is key to a robust defence. If you haven’t already, draw up some documentation of cybersecurity policies and implement IT security training so that everyone is on the same page.

One of the main reasons for cyber breaches - 80% in 2019, in fact – are company employee’s weak passwords. Like most companies, you likely have a long list of company and individual passwords you need for online tools, accounts and

services. If your list is getting too long, consider investing in some password management to store your passwords, and suggest stronger ones than the classic “Password123”.

4. Be doubly safe with two-factor authentication

Most small businesses these days rely on cloud services for their everyday work. As handy as this is, many cloud services rely on a strong password to stay protected. To add an extra layer of protection to your files, it’s a good idea to encourage company use of encrypted cloud storage and two- or three-factor authentication.

This setup requires not just a username and password, but also additional pieces of information that only the user can access, often in real-time – such as a code generated by a hardware token or by a secure app on their phone. This makes it far more difficult for cybercriminals to gain access to sensitive company data.

5. Backup company files regularly

In the event of a cybersecurity breach, your valuable company data may be compromised, stolen or deleted. This can slow down daily processes, impact deadlines, lose vital client information, and even force your business to freeze operations and start from scratch.

To help, regularly backup your files, and consider using a trustworthy backup program. In the event of an attack or breach, you can restore your files with confidence. Remember, it’s a good idea to store copies of your backups offline and offsite so they can’t be damaged in an attack or in a physically damaging event such as a fire or flood.

6. Install quality anti-malware software

If you’re serious about your company’s cybersecurity, you need anti-malware software that will protect your devices, network and systems from the wide range of cybercrime targeting business.

Make sure your chosen software not only offers protection, but also flexibility. For all-in one security, customised to suit your business needs, build your own ESET Security Solution Pack.

Consistency is key

Small businesses take time, passion and effort to get up and running – and they deserve (and require) just as much protection as a large enterprise business when it comes to cybersecurity. ESET understands that your data, people, and customers are precious, so if you need any assistance with guarding your company from cybersecurity threats, get in touch with the ESET team today.

This is a guest post of ESET and was first published in the Arrow Networks IT Blog. Arrow Networks is a reseller and integrator of the full ESET product range.