11th October, 2024
October is Cyber Security Awareness Month, which means it’s the perfect time for Australian solopreneurs to take a closer look at their digital security.
Unfortunately, in today’s digital and interconnected world, even the smallest businesses can be targets for cybercriminals.
The good news? You don’t need to be a tech expert to significantly improve your cybersecurity.
Here are some simple yet effective steps you can take to protect your business today.
Your first line of defence is a strong password. Forget using “password” or your birthday or any other basic choices for these codes!
Tara Whitehead, Security Engagement Manager at MYOB, says, “Think of your passwords like your toothbrush – don’t share them, change them regularly, and definitely don’t use ‘yourbusiness123’!”
Instead, focus on creating complex, unique passwords for each of your accounts.
Use long phrases with a mix of upper and lowercase letters, numbers, and symbols, which makes your passwords significantly harder to crack.
In fact, according to the Australian Cyber Security Centre (ACSC), the best option is to create passphrases rather than passwords.
Unlike conventional passwords, passphrases combine four or more random words, ideally exceeding 14 characters, to create a formidable barrier against hacking attempts.
This approach bolsters your online protection and simplifies things by being easier to remember.
To craft an effective passphrase, focus on length, unpredictability, and uniqueness, using at least four unrelated words.
The ACSC also suggests you can enhance the strength of your passphrases by incorporating service-specific modifiers, such as ‘crystal onion clay pretzel Facebook’ or ‘crystal insta onion clay pretzel’.
It’s also crucial not to reuse passwords across different accounts, because if one account is compromised, you don’t want it to jeopardise all your other accounts.
To manage this complexity, consider using a reputable password vault.
These tools, available as apps or web services, can generate and store complex passwords securely, allowing you to maintain strong, unique passwords for all your accounts without the need to remember them all.
You access your password manager through a single master password or PIN.
However, it’s crucial to choose a reputable password manager and implement strong security practices for them, as these valuable tools can themselves become targets for cybercriminals.
If you’re working from home or a local cafe, your Wi-Fi connection could be a weak link in your security chain.
Tara says, “I always remind people that your Wi-Fi is like the front door to your digital life. Just as you wouldn’t leave your front door unlocked, you shouldn’t leave your Wi-Fi unprotected.”
So, always use password-protected Wi-Fi networks, even at home.
Your home network should have a strong, unique password that’s different from your router’s default settings.
When working outside your home, be cautious about using public Wi-Fi for sensitive business tasks, including logging into your accounting solution.
Public networks are often unsecured and can be easily exploited by cybercriminals.
If you must use public Wi-Fi, consider using a Virtual Private Network (VPN) to encrypt your data and protect your online activities.
A VPN is “a service that encrypts and secures your data when using the internet” and adds an extra layer of protection when using public Wi-Fi.
Multi-factor authentication (MFA) also adds an extra layer of security by requiring two or more verification methods to access an account.
This typically involves something you know (like a password), something you have (such as a code sent to your phone or email address or a token that updates with new codes regularly), and sometimes something you are (like a fingerprint or face ID).
By enabling MFA on all your important accounts, especially email and financial services, you significantly reduce the risk of unauthorised access.
“It’s one of the simplest and most effective ways to protect your accounts from unauthorised access,” Tara notes.
Even if someone manages to obtain your password, they won’t be able to access your account without the additional verification method.
This simple step can be a game-changer in protecting your sensitive business information.
Your passwords are the keys to your digital kingdom, and they should be treated with the utmost care.
Never share your passwords, even with trusted colleagues or family members.
Each individual should have their own unique login credentials, so even if you use contractors to help you with certain tasks, don’t supply them with your password to log in to things like your business website or social media accounts.
Instead, set up separate passwords for them to use as a guest and cancel these codes after they’ve finished their task(s).
Avoid writing passwords down or storing them in unsecured digital notes where they could be easily discovered.
If you suspect that any of your passwords have been compromised, change them immediately.
This might seem inconvenient, but it’s far less troublesome than dealing with a security breach.
As a sole trader, your devices are the lifeline of your business, making robust security software essential.
Invest in a comprehensive security suite that includes antivirus, anti-malware, and firewall protection.
Look for solutions that offer real-time scanning, automatic updates, and protection against a wide range of threats, including ransomware and zero-day exploits (unknown or unaddressed security flaws).
Many quality cybersecurity packages also include additional features like secure browsing extensions, password managers, and VPNs, providing an all-in-one solution for your digital safety.
Paid solutions typically provide more comprehensive coverage and timely updates against emerging threats than free security software, so it’s worth investing in a trusted paid product.
Remember to install security software on all your business devices, including smartphones and tablets, not just your computer.
Regularly run full system scans and keep your security software updated to ensure you’re protected against the latest threats, too.
Those pesky software update notifications that pop up on your devices may seem like an annoyance, but they’re crucial for your cybersecurity.
Regularly updating your operating system, web browsers, internet router, antivirus software, and any business applications you use is essential.
These updates often include security patches for newly discovered vulnerabilities.
By keeping your software up-to-date, you’re closing potential entry points that cybercriminals could exploit.
Make it a habit to check for updates weekly, or better yet, enable automatic updates on your devices whenever possible.
You can check out the ACSC’s guide to setting up automatic updates, whether you use Windows or Mac systems.
Phishing remains one of the most common and effective cybersecurity threats these days and is a type you need to be on the lookout for.
These attacks often come in the form of emails or messages that appear to be from legitimate sources (such as banks, government agencies, or telecommunications companies), asking for sensitive information or urging you to take immediate action.
Be wary of unexpected attachments, urgent requests for money or data, and links to unfamiliar websites.
Pay close attention to the sender’s email address and look for subtle misspellings or irregularities that can highlight that you’re viewing a phishing message.
When in doubt about the authenticity of a communication, always verify the sender through a separate, trusted channel.
Remember, legitimate organisations won’t ask for sensitive information via email or social media sites.
By staying vigilant and questioning suspicious communications, you can better avoid falling victim to these deceptive tactics.
While not strictly a cybersecurity measure, regular backups can be a lifesaver if you fall victim to ransomware, a system crash due to a hacker, or other types of data loss.
“Backups are like digital insurance – you hope you never need it, but when disaster strikes, you’ll be glad you have it,” Tara explains.
“Implementing a robust backup strategy ensures your data is safe from ransomware, system crashes; any type of data loss, really.”
So, create a robust backup strategy using a combination of cloud storage solutions and external hard drives.
Cloud storage provides the advantage of off-site backup, protecting your data even if your physical devices are damaged or stolen.
External hard drives offer a local backup option but should be stored securely and separately from your main work devices.
Consider using automated backup software to ensure your backups are performed consistently without you having to remember.
You don’t want to just set and forget your backup system.
Regularly test your backups by attempting to restore files, too.
This ensures your backup system is working correctly and that you’re familiar with the restoration process should you ever need it in an emergency.
Take a look at the ACSC’s tips for performing backups on your files and devices.
By implementing the measures covered above, you’ll be taking important steps to protect your solo business from cyber threats.
Remember, cybersecurity is an ongoing process, not a one-time task.
“Building a good security posture is a marathon, not a sprint,” says Tara.
“Just like any other business problem, we need a growth mindset and must continually chip away at an evolving strategy.”
For this October and beyond, make a commitment to regularly review and update your cybersecurity practices.
Your future self (and your business) will thank you!
Information provided in this article is of a general nature and does not consider your personal situation. It does not constitute legal, financial, or other professional advice and should not be relied upon as a statement of law, policy or advice. You should consider whether this information is appropriate to your needs and, if necessary, seek independent advice. This information is only accurate at the time of publication. Although every effort has been made to verify the accuracy of the information contained on this webpage, MYOB disclaims, to the extent permitted by law, all liability for the information contained on this webpage or any loss or damage suffered by any person directly or indirectly through relying on this information.