5 Cyber security tips for your business

12th February 2018, 04:08pm
If you're on the Internet, you face security risks. You can no longer afford to assume that your business won't be a target because you're not big enough.

While big businesses have the finances and the resources to invest heavily in cyber security, only about 14% of small businesses rate their businesses as highly secure — and hackers know it. As a result, approximately 43% of cyber attacks target small and medium businesses. Almost 60% of Australian companies detected at least one cyber threat in 2016, and those numbers continue to rise — which means you can't let your security slide. These big business takeaways can substantially benefit your business' security.

Five policies for stronger security

Whatever the size of your business, here are five key cyber security lessons you can pick up from the way big businesses manage their information IT.

  1. Security training for employees in your business is critical. Over half of all businesses recognise that they are at risk from within. Accepting fraudulent email, handling passwords carelessly, and using unsecured devices are major causes of breaches. Multi-factor authentication can make break-ins harder and employees need to learn how to use it properly. Good security practices need to become habits, not just textbook knowledge.
  2. Regular audits will help to protect your business. Assessing risks lets you determine what most needs protecting and where vulnerabilities are most likely to be. Audits determine how well these areas are covered. Computer networks change frequently, so it's necessary to make sure protections are up to date. The NIST Cybersecurity Framework provides guidance for auditing a network.
  3. Test your people. Your employees are among the biggest cybersecurity threats to your organisation. Some are actively trying to steal information, but the biggest threat is sheer carelessness. Checking whether people are actually following security practices tells you whether the training was effective or not. Penetration testing can help to determine how secure your network is. Sending test phishing messages to employees will show you who might need a refresher on their training.
  4. Managed services are a great way to keep up with security when your resources are limited. Hiring full-time cybersecurity specialists may not be feasible for your business, but you can still get access to these specialist skills with outside, with a much more cost-effective model. Keeping software up to date is essential for your security. Firewall configuration errors can leave gaping vulnerabilities. A managed services company can stay on top of these issues for you, much better than an overburdened IT manager. They can also monitor your network 24x7 to spot any unusual activity, so you can detect and respond to breaches quickly. 
  5. Make sure that all elements of your business are secure. If it's connected to your network, you need to know how it has the potential to impact your security. Mobile devices and cloud services are easy to overlook. Devices on the Internet of Things often have serious vulnerabilities. Partner sites can also open up risks if they're careless with their own security. The infamous Target security breach of 2013 was the result of giving network access too freely to a business partner who didn’t have robust security measures in place. A bring your own device policy can also create risks for your business if it's not carefully managed.

Defence in depth

No single measure is enough to stop all attempts at cybercrime. Employees need to learn to handle spam. It’s always best to have them send spam and suspicious emails to IT, so that filters can be updated and similar messages blocked from reaching other users. But some employees will still make mistakes. Anti-malware software should protect against their mistakes, but it won't catch every hostile executable file. Access control will limit the damage malware can do but not stop it completely. Breach detection will catch what gets through all those lines of defence, as long as it isn't overloaded. Data loss prevention, including offsite backups, helps to recover from ransomware and other attacks. Every defensive measure contributes to the security of the whole network.

It's a lot to deal with. More and more businesses are turning to managed service providers and auditors to help them keep up. Canon's IT Security Essentials Assessment powered by Canon owned IT provider Harbour IT, will help ensure that your business doesn't have any uncomfortable security holes.

At the same time, an organisation has to stay security-conscious and make sure that all its employees are. Some large enterprises set a great example with comprehensive security; others make headlines when their measures fail. Big businesses have dedicated teams to guard against cyber threats, as well as ample financial and technical resources. You can learn from their experience and find ways to apply it to your business.
Follow us on

Get the best Business Insights in your inbox

Sign up for the latest Business Insights news, how-to's and events to stay informed and ahead of the game. Bigger and better starts today

Subscribe
Back to Business Insights