Approximately one in five Australian small businesses report that they have previously been the target of a cyber-attack. Additionally, 43% of all cybercrimes are targeted at small businesses. As a small business, have you considered which of the following areas may affect you?
|Cybersecurity policies and procedures
Do you have an overarching cybersecurity or IT security policy that is documented and communicated within your organisation? Does the policy translate into day-to-day procedures which staff can follow?
|Working remotely and two factor authentication
Do you allow employees to use their own devices and home computers to access your corporate network? Have you considered implementing ‘two-factor’ authentication?
|Education and awareness
Are your staff regularly informed and educated on cybersecurity including the dangers of poor passwords, phishing, and USBs?
|Outsourced third parties
If your third parties suffer a cybersecurity incident or data breach, how does this impact your business?
|User access and passwords
Do you know who has access to your IT environment, including outsourced contractors and third parties? What password requirements do you enforce for your IT and business systems?
|Data and backups
Do you know what your critical business process are and where sensitive data is stored? Do you know about the importance of backups e.g. in context of ‘Ransomware’?
Is there a defined process for responding to security incidents and data breaches? Do you have a relationship with a specialised security provider to assist?
|Monitoring and detection
How do you routinely monitor and detect for potential cybersecurity vulnerabilities, events and incidents?
|Anti-malware and website securityAre all your devices protected by anti-virus software? Is a regular independent review of your website security performed, including a ‘penetration test’?|
|Patching of applications and systems
Have you established a routine patching process which covers all of your IT applications and systems, including desktops, laptops, servers and critical applications?
|Use of USBs and removable media
Are you aware of the risks of using untrusted and unsecured USBs? Do you have a ‘removable media’ policy which prescribes the usage to staff?