14th July, 2016
The internet is a land of opportunity for many businesses, but it can also be a dangerous place if you don’t keep your wits about you.
Small businesses can be viewed as soft targets because they often treat online security as an afterthought. We don’t all have the luxury of a well-resourced in-house IT department to manage security threats.
There’s no one-click solution when it comes to business cyber safety. It demands multiple layers of security measures and ongoing attention.
Thankfully there are a few online safety precautions you can take to help keep digital intruders at bay, protecting your own business information as well as sensitive customer data.
Disclaimer: This information is intended to be general in nature. For information that is customised to your business circumstances, please seek specialist advice.
Many online services support two-factor authentication, which adds an extra layer of security to your account to keep out uninvited guests.
Two-factor authentication relies on something you know, typically your password, and something you have. The something you have is often a one-time password sent to your smartphone in an SMS or generated by an app. Alternatively it might be a USB security dongle or a keyfob that generates one-time codes.
Enable two-factor authentication on your cloud storage, and when you log into your account from a new device for the first time, you’re asked for both your password and the secondary one-time code. This foils would-be intruders who managed to discover your password.
Often the cloud service can remember your specific devices for 30 days so you don’t need to go through the two-factor process every time you log in from your own computer or handheld gadget.
It’s certainly convenient to use public wireless hotspots when you’re on the road, but you should never trust the network in an airport lounge, cafe or hotel — whether you’re using Wi-Fi or an Ethernet connection.
It’s possible the network operator is spying on your activities, or that the network has been compromised by someone with malicious intent such as corporate espionage. It might sound paranoid, but these kinds of attacks are disturbingly common, especially when travelling overseas for work.
The best way to protect yourself in this situation is to enable a Virtual Private Network (VPN) to encrypt your communications. This digital shield ensures that the network operator and other users can’t eavesdrop on your online communications. Nor can the internet service provider, allowing you to bypass government-sponsored surveillance and web filtering which is enforced in some countries.
These days many websites use HTTPS encryption by default to protect your privacy, but engaging your VPN offers an extra layer of protection, which also helps guard against targeted attacks such as fake websites and malware disguised as security updates.
Rather than breaking into your IT systems, it’s often easier for attackers to trick staff into handing over sensitive information or clicking on malicious links and attachments to infect their computers. Some threats are easy to spot, such as clumsy scams littered with spelling mistakes, but businesses also face more cunning attacks.
A seemingly legitimate notification of a missed parcel delivery often contains cryptolocker malware, which encrypts the computer’s hard drive and demands a ransom for the return of your data. Other dodgy emails might bring fake invoice scams, hoping to strike an employee who will pay the bill without asking too many questions.
You might even encounter sophisticated “spear phishing” attacks that specifically target your business, crafting genuine-looking emails that can appear to come from customers, suppliers or even senior managers within the business. Sometimes they’re chasing passwords and other sensitive information as part of a multi-stage attack.
Strict policies and procedures, combined with a healthy skepticism, can be the best line of defence against these attacks.
Educate staff on cyber safety and encourage them to question the legitimacy of emails and other requests, whatever the source. Also introduce strict guidelines regarding paying invoices and other dealings with external organisations, making these issues the responsibility of a central person or department that is trained to spot the fakes.
People are the weakest link in your security, and the bad guys know it. It’s vital that everyone in the office plays their part to keep the business safe.
Keeping your business information safe and protected is vital.
That’s why MYOB uses industry best-practice security protocols
to keep your data safe, secure and private.
Read about MYOB’s Security Commitment here.