$142 million.
That’s how much money was lost through cyber attacks on Australian small businesses...in 2020 alone.
According to the Australian Cyber Security Centre (ACSC) there were 4,255 reported instances of cyber attacks, though the number is likely to be much higher when taking into account the cases that went unreported.
With the theft of valuable data and millions of dollars being siphoned from the accounts of hard-working small businesses, it’s clear the threat of cyber crime isn’t likely to go away. In fact, in a survey of 1,700 small business owners, 72% said they have experienced a cyber incident - and there’s a good chance you have too.
As a small business owner you should be regularly auditing your site’s SEO, but are you auditing your site’s cyber security too?
Why would a cyber criminal want to target my small business?
You’ve probably heard about reports of major hacks or cyber security breakdowns in the news, but these attacks aren’t limited to Facebook or Google. In fact, the majority of cyber attacks target small businesses as they typically have smaller budgets for IT security, and present as easier targets.
Cyber criminals are likely to target your business for one of the following reasons:
- Hold your data ransom in exchange for money
- Steal your business’ data to sell to others
- Access your bank accounts or finances and steal funds
To keep your business and finances safe in 2021, we spoke to risk-management specialist Mark O’Reilly from Aust Brokers to discover 7 proven ways to protect your small business against cyber attacks.
1 - Educate your team about cyber security
“It’s a mistake to think your technical levels of security are your most important” explains Mark, “what’s equally important, if not more so, are the steps you take to educate your staff and team.”
Cyber-vigilant team members are your best line of defence against cyber attacks. This can be as simple as a clear IT security policy that’s regularly checked and signed by all staff members, through to ongoing training to keep your data safe.
- Does your team know how to spot a social engineering scam?
- Does your team know how to spot a fraudulent email?
- Does your team know how to spot a phishing attack?
If your employees can spot threats and know how to protect information, you’ll already have an advantage from the start.
2 - Don’t settle for ‘password’ as your password Setting passwords
can be a chore, especially with so many online tools, accounts and business software requiring you to come up with a password.
The WORST decision possible is to opt for a standard password across all entry points (especially if it’s along the lines of ‘password’ or ‘1234’). In fact, a study of the top 10 most popular passwords of 2020 showed over two million people used ‘123456’ as their password.
And the time it takes to crack this password? Less than one second.
Wherever your small business data is concerned, whether it’s banking, employee information or business-related data, opt for strong passwords. This is made easier as the majority of online tools, accounts and software offer automatic password creation to combine lowercase, uppercase, letters, numbers and symbols to keep your sensitive info safe.
3 - Use a password protection system
Struggling to remember all your passwords?
We get it, a password like ‘17jIg87_*bFO7^’ doesn’t roll off the tongue.
To make your life easier, consider using a password manager like LastPass which encrypts and decrypts your data at the device level - to the point not even LastPass knows your passwords!
This system allows your employees and staff to log in to their LastPass account, click on an account, tool or software and have the hidden password entered for them. Not only does this keep out cyber criminals who look to exploit weak passwords - but it makes it impossible for any staff member to leak or take a password with them when they clock off.
4 - Invest in IT security
As Mark explains, it’s better to be proactive rather than reactive. You can fight technology with technology to provide additional layers of protection against cyber attacks.
For example, firewalls can stop malicious hackers from accessing your system and should be installed on all office or employee computers, smartphones and network devices. Though there are many additional areas where IT security spending can be applied, including:
- Wireless Security
- Endpoint Security
- Advanced Malware Protection
- Access and Authentication
- Data Protection
- Monitoring and Analytics
Of course, it’s always important to measure the risk against the cost.
It’s not worthwhile to adopt a $10,000 cyber security plan if the risk reduction is only worth $5,000.
5 - Back up your data regularly
With millions of dollars lost every year to cyber-attacks, it’s not pessimistic to adopt an attitude of “when” rather than “if”.
Whether it’s an email containing a virus that was accidentally opened, or a targeted attack that’s trying to extort money out of you for the return of data, regular snapshots of your system mean you won’t lose your valuable data when you need it most.
6 - Apply custom security solutions to suit your website
Every website builder comes with its own weaknesses that need strengthening.
WordPress, as the most popular Content Management System (CMS) powering 35% of the world’s websites, is particularly attractive to hackers because there are so many WordPress sites to target. If your website is built on WordPress you should be applying specific WordPress security provisions, whether through plugins or installing an SSL Certificate.
The same applies to websites built through Joomla or Drupal - it’s worth looking into plugins and custom security features to protect your specific website.
7 - Consider cyber insurance
Cyber insurance is a booming industry thanks to the rise of scams targeting both small and large Australian businesses.
“This could be as innocuous as clicking the wrong link in an email” says Mark, “to cyber criminals accessing your data and changing invoice details so you inadvertently pay the wrong individuals.”
There are many forms of cyber insurance with different coverage levels, for example some plans may cover you if someone hacks into your system but not if you accidentally let someone into your system - such as a telephone scam where you believe you’re speaking to Telstra or Optus.
While your individual needs will determine whether cyber insurance is right for you, the cyber protection tips outlined in this article will ultimately go a long way towards keeping your data and finances safe.
Cyber protection isn’t just great for your bank account. It’s also great for your SEO
It’s only natural you want to protect your data and finances from cyber-attacks, but keeping your information safe is also beneficial to your SEO goals.
A business with a compromised website can run into plenty of technical problems, such as:
- Site traffic being redirected to third-party sites
- 404 errors as pages stop working or are not found
- Malicious code triggers anti-virus warning messages on every page
These types of problems have two MASSIVE flow-on effects.
Firstly, Google considers a hacked website as dangerous and may hand out SEO penalties to avoid people ending up on a compromised site. Secondly, the downtime and broken pages on your site will send people running for the hills. As people leave your site you lose traffic, which is a user engagement signal that will lead to further rankings drops, and your reputation cops a hammering.
No one wants to visit a website that sets off anti-virus alarm bells and is filled with malicious viruses.
In short, when you protect your data and finances from cyber-attacks, you also boost your SEO.
Are you concerned your SEO isn’t up to par? Claim a FREE SEO Analysis to find the holes in your SEO and patch them up.
