Tips to improve your business’s cyber security

Cyber security incidents are on the rise for small businesses. The Computer Emergency Response Team (CERT NZ) received 8,831 reports in 2021 and that number is only expected to grow. The cost associated with those incidents was almost $9 million.

As cyber resilience expert and director of Outfox Jan Thornborough explains, it’s time to make cyber security for your small business an urgent priority.

What is cyber security?

“Cyber security refers to the tools you use to ensure your systems and data are safe from cyber attacks,” explains Jan.

“We encourage businesses to engage in cyber resilience, which takes into account not just those digital tools, but also the quality of your business processes, staff training, knowing how to mitigate an incident if it happens, and ensuring your cyber security tools are fit for purpose.”

What are the different types of cyber security attacks?

Cyber threats can come in the form of:

• Message scams that try to get you to send money, click on malicious links, or reveal personal data including passwords or credit card numbers; they could come via email, SMS, social media or phone calls
• Phishing attacks that might contain a link to a false website that encourages you to give up sensitive data such as the logins or passwords to your business’s social media accounts
• Ransomware attacks that leverage limited security measures to encrypt a business’s data and stop the business operating until a ransom is paid
• Malware attacks that use malicious software to gain access to sensitive data resulting in identity theft or other kinds of fraud

Why would cyber attackers bother with my small business?

“Many cyber attacks are automatic these days,” says Jan. “They take a scattergun approach that will take in any businesses that have vulnerabilities, no matter their size.

“It could be that you don’t have anti-virus software installed on your devices or that you’re not regularly updating your software and applications with the patches that address bugs and weaknesses. Or maybe you share your work computer with others, and your child has downloaded a game that contains malicious code onto your laptop.”

As Jan explains, sometimes small businesses make especially good targets because they’ve got so much to lose.

“With ransomware attacks, small businesses will often pay up in order to avoid having data lost or exposed because a breach like that could end their business altogether.”

What other damage could a cyber attack cause?

“Imagine you have 100 customers and their data is breached by a cyber attack on your business,” says Jan. “You then have to contact all of them to explain what’s happened and what you’re going to do to fix it – [this is] incredibly time-consuming, not to mention potentially damaging to your business.”

“And if you fail to report a serious data breach to the Privacy Commissioner, you can be fined up to $10,000.”

Even at the most minor level, the operational inconvenience a data breach can cause to a small business can be disastrous. After all, few small businesses can afford not to be up and running for any length of time.

So what should I do to protect my small business?

“We strongly recommend small businesses get an IT provider to look after their IT systems,” says Jan. “You don’t do your own legal contracts or your own dentistry! IT security is the same – a skill that requires specialised expertise and ongoing training.”

“Think of anti-virus software and multi-factor authentication as the bare minimum. You should also have business professional licensing for Windows which gives you extra protections, and endpoint protection which gives you protection outside of the office. [This is] essential in a world where work computers are so often out of the office.”

“An IT provider can help you put this in place along with making sure your data is fully backed up and can be accessed if something does go wrong.”

Staff training and robust payment systems are also critical, especially when it comes to a business email compromise, which involves an invoice being intercepted and duplicated but with a different account number.

“You pay money into the new account and it goes straight to the cyber attackers account without your even realising,” explains Jan. “So make sure your staff know to be on the lookout for phishing attempts and false invoices.

“If you’re not absolutely sure, call the business and check – it’s five minutes that could save you a lot of money.”

Is it expensive to be cyber resilient?

“I totally understand why small businesses try to do it all themselves – we’re a small business too,” says Jan. “But experience shows me the investment is worth it and could save you the money, reputational damage, time and heartache associated with a cyber attack.”

There’s one other benefit to investing in IT and cyber security.

“It can be a real selling point for businesses, and help to attract customers and build confidence. No one wants to leave their information with a company that’s not taking care of it.”