Cybersafety and your business: is your data secure?
The ACCC’s Scamwatch has reported that losses to online shopping scams have increased 42 per cent this year, and they are warning Australians to be careful over the Christmas and holiday period.
There is no underestimating that cybercriminals are hyper-aware of small business and consumer spending habits, particularly exploiting Black Friday and Cyber Monday online shopping channels. It, therefore, is critical for businesses to revisit cybersecurity measures.
Data loss can be a costly nightmare for a business. In particular, businesses that invest significant time and capital into their budgets for the holiday season and marketing efforts respectively are at increased risk during the merriest of seasons.
Unfortunately, cyber attackers increasingly target businesses that are less likely to have extensive security protection in place. Cyber attacks are also on the rise due to businesses continually transforming their workplace, enabling and promoting a digital first approach.
Personal identifiable information, account details, credit card information, as well as digital activity and geographic location are at risk of exposure, with recovery efforts and delays due to data loss grinding productivity to a halt, during the busiest of seasons.
Could your business be at risk of a cyber attack? Follow these simple tips to increase cybersafety and security for your business.
1.Educate your team
Nearly half of data loss happens when employees don’t know how to protect company data or are guilty of being careless. Ensure your employees do not use their business email address or passwords for online shopping. For any corporate personal technology such as a business laptop, mobile phone or tablet, all devices should have passcodes or passwords.
Let staff know how important data security is to your business. Discuss potential security risks and restrictions on employee access to HR, customer and financial data. Go over specific strategies for keeping paper and computer files secure – such as enabling 2-step authentication (2SA), restricting access to sensitive data with security passwords and taking care not to download apps that might carry malware.
2. Plan for security
Does your business have a customised plan in place which outlines your information assets, identifies potential security risks and the specific steps your organisation will take to mitigate those risks? Think of your data security plan as a living document; it will need to be updated regularly to keep up with shifts in digital technology as well as changes in personnel. A key aspect of your security plan is to outline how you ensure employee access to data terminates when they leave your company.
Conduct regular audits to test the effectiveness of your security plan, by monitoring how well your staff follow protocol. Following an audit, you’ll be able to address and fine tune strategies to keep your business safe and your data secure.
As part of your security plan, ensure that you work closely with your internal or external IT company and that they are aware of your security process and plans should a cyber attack occur.
3. Include a device policy
It’s hard to imagine small businesses functioning without mobile devices. The reality is, many small business employees work from home or remotely, staying in contact via a tablet, laptop computer or mobile phone. Unfortunately, the risk of a mobile device being lost, stolen or damaged is high. Protect your company data by requiring staff to keep company data off their personal devices – and set up work devices to be wiped remotely in the case of theft or loss.
Other key security measures are data encryption, up to date anti-virus protection and tracking software – as well as a system of regularly scheduled, automatic back-ups.
Your data security plan is only as good as how well it is followed.
Invest time to meet as a team to discuss security planning and address any questions about protocol. Be clear on the consequences of a data security breach should it be discovered the cause was due to employee negligence or outright theft. Think about how you can reward your staff for their efforts to protect your business by strictly following security protocols.
With more people shopping online this year due to COVID-19 restrictions, the ACCC’s Scamwatch reports that scammers are now targeting Christmas shoppers. You can read their full article here.