Protecting your business – staying safe online
Fake news, alternative facts, scammers, hackers, fake emails, identity theft, ransomware, doxing and phishing expeditions which definitely don’t pull in the catch of the day – doing business in our global online environment presents risks and threats that no business can afford to ignore.
While we might have a sly chuckle at the reports of ‘fake news’ from a certain high profile source, the risks to your business from online threats is very real and encompasses a wide scope of issues under the umbrella of ‘cyber security’. The risks threaten your entire business IP (intellectual property) with the outcomes potentially expensive to fix and in some cases signalling the end to the business entirely.
We take actions to protect our health and our families, install security systems to protect our homes, cars and valued possessions and even greater diligence should be applied to our business operations.
What’s the Risk?
While much is publicised about personal identity theft, your business may face an even greater level of risk. Your business IP –all your business data, information, systems, processes, customer and supplier information– are at risk from online threats.
The Australian Government Cyber Security Centre website cites a number of eye-opening statistics: 30% of small businesses experienced a cyber-crime incident in the year prior to mid-2015 and 109% more security incidents were detected in Australia in 2015 than 2014.
With reports of cyber attacks and breaches to even high level international government systems, it follows that SMEs would be a soft target for cyber criminals.
While most SMEs don’t have the resources – time and money – to engage full-time high level IT specialists, there are steps you can take yourself to minimise risk and stay safe online. At least as a starting point.
Guiding Your Business to Safety
In 2016, the Australian Government launched a Cyber Security Strategy, which highlights the challenges which businesses must meet in order to successfully operate in the online environment.
The website www.acsc.gov.au offers business guidance, resources and a central point for keeping updated with cyber issues affecting Australian businesses. A key resource and worth a read is their ‘Stay Smart Online Small Business Guide’ which provides some basic practices that businesses can initiate.
The key points include:
Taking responsibility seriously: include system security practices in your business plan and staff training.
Limit access to your systems by only allowing system administrators and not all users, access to key to areas. Review what access each employee needs to carry out their role.
Educate your team: with more and more people using mobile devices for work purposes, staff should be made aware of the risks. Stay Smart Online advises that staff should be told to create strong ‘passphrases’ for their accounts and where possible, have two stage verification and authentication.
Be aware: stay up to date with the latest IT scams and threats and ensure others, including customers, suppliers, family and friends are equally aware of the risks.
Be suspicious: be on the lookout for phishing and scam emails and don’t take a chance on opening any attachments before verifying their authenticity. These are getting more and more clever so you have to be on guard. Fake emails from banks, energy providers, even ATO and ASIC are circulating so you need to check before you click through any links or open attachments.
Ask yourself – do I even have an account with that bank or energy provider? Doesn’t my accountant receive all my notifications from the tax office? If in doubt, call the business and ask if a genuine email has been sent to you.
Site checks: when visiting websites, look for the all important padlock symbol in your browser address bar and that they have ‘https’ at the start of the website address.
Device and network security: install and regularly update anti-virus and other security software and ensure it is installed on any mobile devices also.
Educate staff to be wary of using public wifi which may not be secure.
Back up data regularly to a location which is separate from your main operating system.
Ensure your website is secure and discuss practices with your web developer.
While this source stresses taking your responsibilities seriously in regard to cyber security, that extends also to your staff as inadvertent actions by an employee, e.g opening a fake email in error, can have dire consequences, so ongoing training in this area should be a non-negotiable for all smart businesses.
While most businesses focus on the risks posed from external threats, risk also exists internally, that is, through what you and your staff post on your website and through social media channels and what is posted concerning you.
Peter Keel, Director of Disputes and Risks at boutique advisory and law firm, Ash St, advises clients in regards to social media policies and risks and says that in Australia, the law has been somewhat slow to catch up with the evolution of social media.
“Social media are here to stay. The law is slow to deal with such fast moving and worldwide technologies. At present Australians have no right to privacy. Anything that is published online can only be remedied under laws that came into being well before publication to the world at large -instantly-in cyberspace was possible, and the means of publishing that material became easily available to most anyone,” Peter said.
“This means that social media users and those who may have suffered at its hands, face clumsy or onerous regulation, or technical hurdles which worked when we wrote with quills, but are now unnecessarily complex, or unable to give a remedy at all.”
Peter passed on the ACCC recommendation that social media posts on a company’s website and channels be monitored at least every 24 hours and that illegal material be taken down.
“As a publisher you must be aware of the risk of social media, as an employer you should have guidelines in place and make sure your employees know of those risks,” Peter advises.
However, he notes the challenges facing small business in finding the time and resources to actually to do this, with marketing material increasingly sent out on social media and seemingly innocuous comments posted by many staff members, many times per day, the task of monitoring will get tougher, more expensive, and less exact.
“We advise our clients to protect their business by consulting with a specialist law firm to analyse social media policies and risk and provide recommendations as to how to adopt best practice and staff training in the area and review the procedures regularly,” Peter said.
Be Smart, Stay Safe
There are no guarantees in life or business, but being smart is our best and probably only defence to protect our businesses against the threats and risk in the online environment.