5 tips to prevent cyber crime

5 Tips to help prevent Cybercrime

You may think that as a Small business owners you are immune to cybercrime. Perhaps you mistakenly believe that hackers are after bigger targets. You only need to seek the recent “Cyber Hijack” on a Byron Bay School to realise any organisation is vulnerable. It is also the smaller companies who will have less security measures due to cost limitations.

A recent survey by Symantec found that 77% of small and medium-size businesses believe they’re safe from hackers, viruses and malware. And 83% of SMEs take no formal measures against cyber threats — even though almost half of all attacks are aimed at SMEs.

As we have previously discussed here, many people don’t even spend a few minutes to come up with a secure password. The two most common computer passwords today are “password” and “123456,” according to security software firm SplashData.

Protecting your systems, data and hardware may cost time and money. But the consequences of a cyber attack can be far more expensive. At the moment Banks are guaranteeing their own systems including the fraudulent access of their accounts via Hackers who have obtained Bank customer’s details but how long will this go on for? Courts seldom hold banks liable in cyber attacks.  Also this only applies to the Banking side. What about when your confidential files are accessed? Your database taken, duplicated or corrupted? If your web site or intranet is hijacked or closed down by a Hacker? The onus is on the business to protect itself from any cyberthreat — and absorb the damages.

Don’t take the risk of remaining vulnerable. 

Here are five tips that may help to protect your small business from cyberattack.

1. Review your weak points. Have an IT Professional review your systems. CPR Insurance Services has a long list of experts in this area who are available to assist here. They are becoming as important as other external resources such as Accountants and Human Resource Consultants.

Before even doing this though, have a look at the strength of your Passwords as a place to start. Make sure you and your employees change them regularly. Do not use the same password for all your accounts. Enforce password policies with rules for complexity and frequent changes. A good standard is to change passwords every two months. It is frustrating to do so but is an effective loss control tool.

Firewalls are vital controls for small businesses, especially if customer data and other sensitive information are linked to the Internet. Also make sure that updated antivirus software and spyware are installed on every worker’s computer. An IT specialist can assist in this area.

2. Back your data up.Small businesses can lose data as well as money in a cyberattack. But until now, most haven’t been able to afford an online data-backup solution. Thanks to cloud computing and other Internet technologies, data-backup services are finally cost-effective for small-business owners. Some of these services, like DropBox and Google Drive, will only cost a small amount per month. A combination of systems is most effective including external hard drives, but secure these with encryption and/or take them home each night.

3. Educate employees. Employees are your first line of defence against cybercriminals, however they are also potentially a large security risk. Careless mistakes made by employees are the most common cause of data breaches. We have heard about mobile phones being left in Bars, staff taking home work on USB drives or emails sent with confidential information to an incorrect address. Mistakes can happen but they should prevent them if made aware of the risks and their responsibilities.

You can greatly reduce your risk by educating your staff on basic security measures, such as how to recognise potential threats and why it’s important always to take precautions. A security plan without active participation by your employees is like an alarm system that’s never switched on.
4. Separate banking to one computer. Fraud is the biggest risk for small businesses and not for profit organisations. In 2011 many businesses experienced some kind of payment fraud, or an attempt at fraud and this included account takeover and fraud online.

One easy way to fight fraud is to use a dedicated computer for all online financial transactions. Because this machine is not used for email, web-surfing or social media, it’s much harder for outsiders to gain access to your sensitive information. Also make sure to review your banking transactions daily, so you can spot fraud in near real time and possibly recover the funds.

5. Take out specialist Insurance. No matter how hard you try, you’ll never be completely safe from cyber risks. So your last line of defence is transferring the risk to insurers. You can get an insurance policy that covers any losses such as cybercrime and computer fraud in a Commercial Crime policy, to defamation and infringement of copyright within a Multimedia policy.

Then there are more comprehensive covers that cover “first party” losses such as a server or website being shut down. Then “third party” losses such as confidential client information being released and the resultant breach of confidentiality claim. All which can be covered within a Cyber Insurance policy.  There are limited markets for this type of cover at present but cover is available. It will be interesting to see if it takes off in Australia.