22nd October, 2024
In today’s interconnected business landscape where so many tasks are completed online and hackers are rife, cybersecurity is not just a concern for large corporations.
Australian small and medium-sized enterprises (SMEs) are increasingly becoming targets for cybercriminals.
Being Cybersecurity Awareness Month, October is a great time to be reminded to never take your firm’s digital security for granted.
Our guide offers practical cybersecurity tips tailored for Australian SMEs to help you keep all your business assets safer.
First, don’t just assume that because you’re not running a huge conglomerate, your business is safe from cyber threats.
You don’t have to have lots of proprietary data or customer info to become the target of an attack.
All businesses are susceptible because malicious actors are always looking for vulnerabilities with lower security measures.
You can have cybersecurity issues because of attacks involving your interlinked suppliers or clients, too.
So, instead of believing your firm’s size keeps it out of harm’s way, it’s vital to become proactive and put cybersecurity practises in place.
It pays to create a clear, easy-to-understand cybersecurity policy for your venture.
This document should outline best practises for password management, data handling, internet usage, and incident reporting.
Define how and where employees can log into business systems remotely, and define what kinds of documents should be sent securely rather than purely as email attachments, too.
You’ll need to ensure all your employees are familiar with this policy and understand their role in maintaining the company’s digital security.
You’ll need to follow the key steps we covered in our cybersecurity for sole traders article to keep “bad actors” out of your business systems.
This means keeping software and systems updated at all times, investing in quality security software and firewalls, and ensuring you use Wi-Fi from secured and encrypted networks.
You and your team should create passwords that are 14 characters or more in length, and a passphrase that uses four or more random words is a good way of making accounts harder to crack.
Multi-factor authentication (MFA) is a way of boosting security by using two or more methods of identity verification when accessing accounts.
This usually means inputting a password plus a code that gets sent to your phone or email address or using biometrics such as your fingerprint or face ID.
As an SME owner, it’s vital to enable MFA on as many of your accounts as possible, including email and financial services.
Keep in mind that many external accounts now require you and your employees to use MFA when logging in or setting up systems.
For example, the Australian Tax Office (ATO) has compliance that means everyone who has access to taxation, accounting, payroll, business registry, or superannuation-related information for themselves or other entities must use multi-factor authentication to log in.
So, whether you handle your tax and financial matters personally, have an employee help you with this, or outsource work to a bookkeeper or accountant, it’s vital to follow the ATO’s rules.
The same applies to rules relating to bank accounts, telecommunications logins, and other third-party systems.
While you need to do everything you can internally to keep cyber threats at bay, you must also be smart about who you deal with externally online.
When choosing partners or service providers, work with businesses that prioritise cybersecurity.
Look for partners who use secure communication channels, comply with industry security standards, and demonstrate a commitment to protecting data.
Tara Whitehead, Security Engagement Manager at MYOB, says, “Getting ISO27001k and PCI DSS certifications shows that a company has solid controls in place to protect sensitive information and meet regulatory requirements.
“These certifications showcase a commitment to security. Plus, they help improve risk management and operational efficiency by following structured frameworks and best practises.”
By working with businesses that take cybersecurity seriously, you’re adding an extra layer of protection to your operations, ensuring sensitive information remains secure.
Another tip is to restrict access to sensitive business data and systems on a need-to-know basis.
Before granting additional access to an employee or third-party contractor, stop and ask yourself if they really need to be able to log in and if the risk of their access is worth it.
“Strong access control is key for businesses,” Tara says.
“It ensures only the right people can access sensitive info, reducing risks and keeping operations secure. It’s a smart move for protecting assets and staying compliant, too.”
While it may be tempting to have just a few logins for your business that multiple employees or contractors share, this is not a smart way to protect your business from cybersecurity assaults.
Instead, take the time to create separate accounts for each person, whether it’s for emails, logins to software, or other systems.
Tara says, “Making sure every staff member has their own login and account is essential for security. It helps track who is accessing what and prevents unauthorised access. It also makes it easier to manage permissions and keep sensitive information safe.”
If you ever face a cybersecurity threat, being able to see who might have logged in to a system using an insecure computer or Wi-Fi, for instance, can help you plug security holes faster and limit the damage that a bad actor can inflict.
Your employees are both your first line of defence and a potential vulnerability.
Conducting regular cybersecurity training sessions is vital to keep your team informed about the latest threats and best cybersecurity practises throughout the year.
“Employee cyber security training is crucial,” Tara confirms.
“It equips staff with the knowledge to recognise and avoid threats, ensuring the company’s data remains secure. Regular training sessions help keep everyone updated on the latest security practises and reduce the risk of breaches.”
With your training, cover topics like phishing awareness and the use of anti-phishing email tools, safe browsing habits, helpful email encryptions, and the importance of physical security.
Your team should leave work devices at your properly-secured workplace or follow set protocols for keeping their gadgets safe at home, such as using screen-lock settings to stop unauthorised access, not leaving devices unattended, and not allowing family members to use work computers.
If you’re worried about implementing this training, make note of an excellent free online learning program called Cyber Wardens, which is an initiative of the Council of Small Business Organisations of Australia and features self-paced lessons.
To help simplify cybersecurity and make it more accessible for SMEs, MYOB is now collaborating with Cyber Wardens, so you can quickly and easily sign up for the program.
Lastly, take time to keep abreast of the latest cybersecurity trends and threats so you can better protect your business.
Follow reputable cybersecurity news sources and consider joining industry groups or forums where you can share knowledge with other Australian SME owners.
Remember, cybersecurity is an ongoing process that requires constant vigilance and adaptation, so as your business grows, regularly review and update your security strategies to stay ahead of evolving threats.
Protecting your digital assets is not just about preventing losses; it’s about building trust with your customers and partners, ensuring business continuity, and positioning your SME for sustainable growth in the digital economy.
Make cybersecurity a priority in your business strategy today, and you’ll be well-equipped to face the challenges of the modern business landscape tomorrow.
Information provided in this article is of a general nature and does not consider your personal situation. It does not constitute legal, financial, or other professional advice and should not be relied upon as a statement of law, policy or advice. You should consider whether this information is appropriate to your needs and, if necessary, seek independent advice. This information is only accurate at the time of publication. Although every effort has been made to verify the accuracy of the information contained on this webpage, MYOB disclaims, to the extent permitted by law, all liability for the information contained on this webpage or any loss or damage suffered by any person directly or indirectly through relying on this information.