Cybersecurity for small businesses: 11 areas to consider

26 August 2020

Approximately one in five Australian small businesses report that they have previously been the target of a cyber-attack. Additionally, 43% of all cybercrimes are targeted at small businesses. As a small business, have you considered which of the following areas may affect you?

  1. Cybersecurity policies and procedures
    Do you have an overarching cybersecurity or IT security policy that is documented and communicated within your organisation? Does the policy translate into day-to-day procedures which staff can follow?

  2. Working remotely and two factor authentication
    Do you allow employees to use their own devices and home computers to access your corporate network? Have you considered implementing ‘two-factor’ authentication?

  3. Education and awareness
    Are your staff regularly informed and educated on cybersecurity including the dangers of poor passwords, phishing, and USBs?

  4. Outsourced third parties
    If your third parties suffer a cybersecurity incident or data breach, how does this impact your business?

  5. User access and passwords
    Do you know who has access to your IT environment, including outsourced contractors and third parties? What password requirements do you enforce for your IT and business systems?

  6. Data and backups
    Do you know what your critical business process are and where sensitive data is stored? Do you know about the importance of backups e.g. in context of ‘Ransomware’?

  7. Cybersecurity incidents
    Is there a defined process for responding to security incidents and data breaches? Do you have a relationship with a specialised security provider to assist?

  8. Monitoring and detection
    How do you routinely monitor and detect for potential cybersecurity vulnerabilities, events and incidents?

  9. Anti-malware and website security
    Are all your devices protected by anti-virus software? Is a regular independent review of your website security performed, including a ‘penetration test’?

  10. Patching of applications and systems
    Have you established a routine patching process which covers all of your IT applications and systems, including desktops, laptops, servers and critical applications?

  11. Use of USBs and removable media
    Are you aware of the risks of using untrusted and unsecured USBs? Do you have a ‘removable media’ policy which prescribes the usage to staff?