How to protect your business and yourself online

The workplace is a very different place from a decade ago. More than two in three Aussie employers now allow remote working, automation is freeing up workers to be more creative, and most businesses have an online presence.

But while there are plenty of financial benefits to selling your products and services over the internet, there are dodgy characters lurking in the shadows just waiting to steal your personal and business information and money. That’s why it’s important to be prepared against the rising threat of cyberattacks.

What you need to consider for cybersecurity today

Cyberattacks on Aussie businesses are growing year-on-year, with the average company experiencing 65 breaches every year. What’s more, according to Accenture’s 2019 Cost of Cybercrime study, the average cost of cyberattacks for Aussie companies in 2018 was US$6.79 million (AU$9.86 million).

That’s money you could, and should, be spending on things like hiring more staff, expanding your service offering, or rewarding your team with a nice end-of-year bonus.

So, what can you do to protect your business from online threats? Here are four things to keep in mind.

1. Strong passwords aren’t enough

Yes, it’s important to choose unique passwords and never double-up with the same username and password across different programs (e.g. email, accounting software, online banking, etc.). However, hackers are pretty smart, and they use tactics like phishing to steal your (and your employees’) passwords all the time. They even sell them to other hackers on the dark web.

Instead, think about investing in a password manager. It’ll take care of every single password you use and store it in a secure database. Two-factor authentication or multi-factor authentication (MFA) is also a great idea. It means anyone logging in needs to enter two or more authentication factors such as a unique code or PIN, a physical token (or card) or; a fingerprint or iris scan.

2. Update your software!

It sounds like a no-brainer, but you’d be surprised by just how many Aussie companies are exposed to cyberattacks and experience data breaches. In 2019, for example, massive companies such as dating website Plenty of Fish and delivery service DoorDash suffered data breaches. Plenty of Fish customers had some of their private details freely displayed and DoorDash exposed details of five million of their customers. Even Monash IVF had to warn their patients that personal data may have been breached due to a cyberattack.

The good news is that you can set up your online programs and mobile software to automatically download and install updates as soon as they become available. That being said, it’s still recommended that you set aside some time every month to check if there are any recent updates on your systems.

3. Create a comprehensive cyber policy

You might be the smartest business-owner in the world when it comes to protecting yourself from online threats, but it only takes one lapse in judgement from your team to bring it all crashing down.

That’s why you need to write a policy and process for how to act (and react) when online. Key points should include which applications can be used on company systems, how to set up and use MFA, what to do if you think an email might be malicious, and the contact details for the person in charge of your business’ online security.

4. Decide whether BYOD is right for your business

The traditional office is a thing of the past, and employees want the flexibility to work from anywhere, anytime. That means you may need to allow staff to use their own devices for company work from time to time. But remember that while this makes their lives easier, it also opens your business up to new threats.

So, if you do decide to allow bring-your-own-device (BYOD), you need to develop a plan for how it will be protected. This should involve rules around when the devices can be used for business, how regularly sensitive data should be backed up to the cloud (if you use it) and deleted from the physical system and installing location tracking on the device in case it’s lost or stolen.

Speaking of theft, it’s also worth installing a program that allows you to remotely wipe the device if it falls into the wrong hands.

The internet is a wild and wonderful place, and it can seriously boost your profits if you know how to leverage its power. But like any business there comes a risk with its use. Cyber Insurance is one consideration for businesses to protect potential threats however it’s important to do your homework first.

Although cyberattacks are not covered, small to medium sized businesses should also look at insurance options such as business insurance, to provide peace of mind for other common issues that affect businesses such as liability, business interruption, property damage, theft and goods in transit. Choosi can help you compare.