October is upon us, and as the season changes, it's not only the leaves that are falling. Cyber threats are on the rise, making October the perfect time to bolster your online defenses. After all, it's Cyber Security Awareness Month, an ideal opportunity to review your security protocols and ensure your small business is fortified against cyberattacks.
Over the last 12 months, we've seen some of the most significant data breaches in history, affecting millions of customers worldwide. As a small business owner or advisor, you handle sensitive personal and financial information daily. A data breach could seriously jeopardize your operations, leading to hefty fines, losses of customer trust, and even business closure.
So, how can you protect your business? Start by thinking like a cybercriminal.
The Who, What, and How of Cybercrime
Cybercriminals don't necessarily fit the stereotype of a well-funded genius lurking in the shadows of the dark web. Anyone with the right motivation can access cybercrime tools and services. They target businesses with lax security, selling stolen data for a profit and leaving destruction in their wake.
There are several types of cybercriminals, including hackers, cyberactivists, script kiddies (those who lack technical expertise and use off-the-shelf hacking tools), and malicious insiders. Their ultimate prize? Data. This could range from personal information of staff and customers to business data like sales records, banking details, or account credentials.
Cybercriminals employ various tactics to gain access to accounts, from direct attacks and phishing to malware and ransomware. They could even impersonate you, tricking your customers into paying them instead of you.
Imagine if a cyber criminal was able to access your email account. They could intercept a PDF invoice and edit the payment details, to trick your customers into paying a fraudulent bank account instead of you.
Sending an eInvoice through your accounting software, preferably Xero, is one way to avoid this risk. eInvoicing is a new way to digitally exchange invoices through your software. eInvoices are not PDF invoices that need to be printed, posted or emailed. eInvoicing allows you to send and receive invoices digitally with other businesses such as your suppliers, contractors or government. It does not apply to business to consumer transactions.
Australia has adopted the international electronic invoicing (or e-invoicing) standard, known as Peppol, as the common standard and network for eInvoicing to allows suppliers and purchasers to send and receive invoices over a secure network.
Guarding Your Business Against Cyber Threats
The good news is that protecting your business doesn't have to be complex or expensive. It's all about a layered approach, much like your home security. Here are five strategies to enhance your business's resilience against cybercrime:
1. Conduct a Risk Assessment
Identify what data your business stores, the technology used, potential vulnerabilities, and the obligations you have to manage data and disclose data breaches.
2. Establish Strong Security Basics
Strong, unique passwords and multi-factor authentication (MFA) are crucial. Consider using a password manager and enabling MFA wherever possible. Xero Verify, for example, is an MFA tool that adds an extra layer of protection to your Xero account.
3. Develop Robust Policies and Processes
Create policies that guide your team on account security, device security, and data security. Update privacy policies and ensure you have a business continuity plan in place.
4. Invest in Secure Products and Services
Choose organizations that adhere to data security standards. And remember, always use secure webpages (https instead of http) for adding or uploading information.
5. Train Your Staff on Cybersecurity
Everyone should understand how to safely use accounts, devices, and data. Encourage a culture of transparency and quick reporting of risks or mistakes.
Cyber Security: A Continual Commitment
Cyber security is not a one-time task. It's a continuous commitment. Throughout 2021–22, one cybercrime was reported every 7 minutes to the Australian Cyber Security Centre (ACSC). To avoid becoming a target, implement these four steps:
1. Install Regular Updates: They ensure you have the latest security in place.
2. Enable Multi-factor Authentication (MFA): It protects your valuable information and accounts from criminals.
3. Regularly Back Up Files: Hardware failure, theft, or virus could result in the loss of critical business information.
4. Switch from Password to Passphrase: Passphrases are more secure. Use a password manager to help you generate or store passphrases.
In case of an incident, knowing how to respond is crucial. Report the incident to Australia's cyber agency, the Australian Cyber Security Centre through ReportCyber. Contact your bank immediately if any money has been transferred as they may be able to close your account or stop a transaction.
This October, take a moment to look at your business through the eyes of a cybercriminal. Identify gaps or vulnerabilities, and shore up your defenses. It's the best way to protect your business, your livelihood, and your peace of mind. Don't let your business fall with the leaves. Stand strong against cyber threats.