Menu
Top 15 tips for Kiwi SMBs to boost cybersecurity practices

Top 15 tips for Kiwi SMBs to boost cybersecurity practices

What can SMBs do to reduce the risks of attack and the damage such attacks may cause?

The need to protect computers, programs, networks and data from attack, damage, theft or unauthorised access is not restricted to governments and large businesses.

With governments and large businesses spending considerable sums of money protecting their systems, criminals are turning their attention to softer targets like small businesses.

According to CPA Australia, one of the world's largest accounting bodies, across the Tasman in New Zealand, cybersecurity is therefore a real issue for small business.

For most, it is not a matter of if you will be attacked but that you have already been attacked or will be attacked.

The question therefore is - taking into account that client data may be the primary target of such attacks - what can you do to reduce the risks of attack and the damage such attacks may cause?

There is no one single action you can take that is going to protect you from cyber attacks. The following lists some of the actions you should consider to improve your cybersecurity:

Know your business

It is important to be fully informed as to how all aspects of computing services your business uses are provided and protected.

For a small business today, there have never been so many services and applications that can be accessed via the internet or cloud, and can be used in the office or on a mobile device.

There is usually little or no opportunity to vary the terms of use of these services. You should consider how your business would operate if that service was unavailable for a period of time, how easily you can move your information to another provider and how your provider is protecting your information from data loss.

Cybersecurity starts and ends with you and your staff

You can invest considerable sums of money on systems and hardware to protect your network only to find a simple error or an inadvertent sharing of passwords by a staff member can allow a criminal to circumvent all those protections.

You must therefore establish and enforce basic security policies, and train staff so that they are aware of secure behaviour, and have a reasonable idea of when someone may be inappropriately seeking confidential information from them.

This could be via an email (known as phishing), over the phone (known as vishing) or even via text message (sometimes called smishing).

You should give one staff member responsibility for regularly communicating and training you and your staff on cybersecurity issues.

Keep your software up to date

Have anti-virus software and make sure it, your web browser and operating systems are up to date. Set anti-virus software to run a scan after each update.

Enable automatic updates of such software and prevent employees from disabling these updates. Use application ‘whitelisting’ to help prevent malicious software and unapproved programs from running.

Have a firewall

Make sure your operating system’s firewall is enabled and prevent staff from disabling it. If employees (or others who have access to your system) work remotely, ensure their systems are protected by an appropriate firewall and that it is up to date.

Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office and operating system vulnerabilities.

Identify your assets that may be vulnerable to attack

Do a stocktake of what assets you have that could be vulnerable to attack so you know what you need to protect and prioritise risks. Assets include physical and virtual such as intellectual property.

Do regular backups

Regular back-ups that are stored at a secure offsite location or in the cloud should allow you to get your business up and running very quickly after an attack.

Fully test whether those backups work on a regular basis. If you use a cloud backup service and you are storing sensitive client information, you should encrypt the back-ups beforehand.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags SMBscyber security

Featured

Slideshows

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

The channel came together for the inaugural Reseller News Emerging Leaders Forum in New Zealand, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry. Hosted as a half day event, attendees heard from industry champions as keynoters and panelists talked about future opportunities and leadership paths and joined mentoring sessions with members of the ICT industry Hall of Fame. The forum concluded with 30 Under 30 Tech Awards across areas of Sales, Entrepreneur, Marketing, Management, Technical and Human Resources. Photos by Gino Demeer.

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019
Show Comments