With consumers still reeling from the various cyber-attacks faced by Optus, Medibank, Uber, Microsoft, Woolworths MyDeal, Vinomofo – the list is seemingly endless – it’s critical that all small businesses tighten up their cybersecurity.
According to a 2022 report by Verizon, 82% of data breaches occur due to a human element. In other words, it’s the mistakes made by everyday employees that put businesses– and their customers– at risk.
Despite small businesses generally having less knowledge and resources to spend on cybersecurity than larger companies, they still need to implement safeguards so they don’t expose themselves as easy targets.
This is especially true as we head into the holiday season, which research from Kapersky Lab finding financial phishing grows by 9.5% during the holiday season, with spam and scam activity also growing in numbers and variety. Cybercriminals are aware that businesses are sitting empty, not paying the usual attention to their systems and websites, making them the perfect target for a wide range of sophisticated scams and hacks.
So, what should small businesses look out for? One popular scam involves hackers imitating legitimate suppliers by sending photoshopped invoices to businesses. These invoices can often look so legitimate that many unwitting employees end up making payment, losing both money and exposing important financial data in the process.
Businesses should incorporate security discussions at every staff meeting so employees at all levels are made aware of recent scams, how to identify them, and what processes are in place to protect company data. Put regular training in place, so that your entire team knows what to look out for.
Failing to update website extensions, or plug-ins can leave gaps in a website’s security that hackers can easily take advantage of, leaving customer data vulnerable and causing far-reaching implications. While this is a relatively simple task that can be easily managed on the backend of a website, far too many businesses let it fall by the wayside.
For small online stores using self-managed platforms like WordPress and WooCommerce, this means manually checking that all extensions running on a website are up to date. Reputable web developers will make updates to programs and apps to ensure they meet important security requirements, so make sure you always have the latest version installed.
Every now and then, a software provider or website may experience a password leak where user information ends up in the hands of hackers. While a single breach may not seem like a major issue, the reality is that many employees use the same password variations for numerous logins – meaning hackers will inadvertently be able to access a plethora of additional login details in one fell swoop.
To mitigate this risk, all businesses should have a password policy in place to ensure all login details are as secure as possible. A reputable and secure password manager app will store all passwords securely, incorporating unique words or phrases that cannot be easily guessed and using a variety of characters, symbols, and numbers. Where possible, enable double authentication to provide an extra layer of protection if a hack is attempted.
Finally, it’s critical to show customers that their data is safe in your hands. This can be as simple as incorporating a ‘trust seal’ at checkout signifying the secure nature of the website, or creating a data policy page outlining how the business securely handles customer information.
By putting the right policies and processes in place, your small business will be able to provide peace of mind to cyber-conscious customers, along with minimising the risk of financial and reputational damage in the wake of a data breach.
Liz Ward is the Co-Founder and CEO of Navii, an independent organisation helping small businesses navigate the digital world.