As a small business owner, the last thing you need is an online security breach. That’s why it’s well worth getting the right security measures in place and reviewing them on a regular basis, writes PAUL MACPHERSON, Head of Security, Xero.
Most of us couldn’t get through the day without using the internet. Whether it’s helping us get to work or schedule plans with our family, one things certain – this access to the internet has massively transformed our lives for the better.
The same goes for small businesses, giving them access to a connected, global world and the ability to transact and operate with far greater efficiency. However, as more small businesses take advantage of the exciting opportunities that the internet offers, it’s crucial that cybersecurity is the number one priority.
According to security software company Norton, globally 689.4 million (31%) people were affected by cybercrime in the past year. What’s more 63% of people also believed it’s become more difficult to stay safe and secure online over the past 5 years. Criminals are getting smarter online – and small businesses, with often limited resources at their disposal, can be particularly vulnerable.
In many security breaches, cyber-criminals simply exploit insecure remote-access software, employee activity and weak password security to gain access. Hacking methods such as phishing and social engineering, as well as sophisticated malware are popular methods used to breach seemingly secure systems.
As a small business owner, the last thing you need is the consequences of an online security breach. That’s why it’s well worth getting the right security measures in place and reviewing them on a regular basis. Here are four focus areas that should be deployed immediately to safeguard your business from attack:
- Choose the right security software, and don’t forget to update it
It pays to install reputable anti-malware software and regularly update it. Malware often tries to exploit known vulnerabilities in software and this could seriously compromise your systems. Anti-malware will detect and stop most malicious software including computer viruses, worms, Trojan horses, ransomware, spyware, adware and scareware from entering your systems.
As well as keeping your anti-malware software up to date, you need to keep your operating system and application up to date with the latest security patches. It might seem obvious, but you’d be surprised at the number of businesses who don’t do this. Look at the recent WannaCry and NotPetya ransomware instances in which a known Microsoft SMB vulnerability was exploited which organisations should have patched.
- Equip your employees with the right skills
Many scams and attacks rely on manipulating people to do something that gives hackers the information or access they’re after. Known as social engineering or phishing, these tactics include using personal information to earn trust from unsuspecting employees. All it takes is two seconds for you or one of your team to click on a link or attachment in an email, or enter a password on a fake login page, and you’ve let the criminal in.
No matter what industry your business operates in, you’ve got to educate every last member of staff – including yourself! There are easy-to-use online tutorials available that help train people in the dos and the don’ts when it comes to staying safe online.
- Use 2SA
The 2SA or Two-Step Authentication is like putting an extra deadbolt on your front door. It involves two layers of security. First, enter your existing password and then input the verification code generated by an app on your smart device. This significantly reduces the risk of account takeover – the cybercriminal may get hold of your password but that’s not enough for them to gain access.
2SA (or 2FA, MFA or 2SV) is also an important security measure to protect your email account. An insecure inbox is incredibly risky; once hackers get hold of it, they’ll be able to reset all your passwords. A compromised business email account is often used for invoice fraud, by intercepting and changing the payment bank account numbers on invoices attached to emails as PDFs.
- Enforce strict password protocol
The number of passwords most people have these days can be quite overwhelming. So it’s natural for you to pick something that is relatively easy to remember, but this can a dangerous move. A basic password is easy to hack – a dictionary attack can crack a basic code in a couple of seconds.
Make sure you reinforce just how important it is that everyone picks a robust password. Ask them to run it through a password checker to make sure they’re being as safe as possible. Rather than changing your passwords regularly (this can lead to bad password habits and predictable passwords), create a strong password from the get-go. This should include a mix of at least 12 characters of different types. Of course, if you suspect that your password has been compromised then change it immediately.
Using a different password for each login is also good practice. Having a unique password helps prevent a compromise of one login becoming a compromise of many. Consider installing a Password Manager to help generate strong, unique passwords for each site.
A small, agile business typically allows employees to access email or other business apps from their phones. If this is the case, ensure that your employees protect their phones with a password, PIN, or biometric (fingerprint) authentication. A mobile device manager (MDM) can enforce security policies and delete access to business data if the phone is lost or stolen.
Unfortunately, we are living in a world in which these online threats are only going to get more frequent and more sophisticated. Global research tells us that more than 50% of cyber attacks target small businesses. But, the measures you can take to combat these threats are also getting wiser. It might seem like a large commitment with not much ROI, but in the long run it could be the making or breaking of your company.
Mobile is the new branch
Standard Bank has launched an account for mobile devices that gives back 500MB of data a month
Standard Bank has introducd a R4.95p/m bank account called MyMo that customers can open on their mobile devices, loaded with data and airtime offerings and other benefits such as virtual and Gold physical card.
MyMo account holders will also enjoy the convenience of a cheque account through a Visa and Mastercard gold card. Once the account is open, users can choose to either receive R50 in airtime or 500MB of data a month, if their card is swiped more than four times a month. A further megabyte of data is loaded on the account for every R20 spent.
“MyMo is an account for everyone, whether you just landed your first job or have been around the block. With no documentation required it only takes a few minutes to open the account,” says Funeka Montjane, Chief Executive for Personal and Business Banking, South Africa, at Standard Bank Group. “For just R4.95 a month customer will be able to enjoy free swipes and ATM withdrawals at only R6.50 for amounts under R 1 000.
“Mobile is the new branch. This account is about bringing the mobile branch into customers hands, it is about convenience and security while banking.”
She says mobile offers low cost transactional banking which integrates people and businesses into the new connected economy, making mobile the new branch ecosystem that will drive and connect Africa’s growth. Physical connections to the economy are rapidly changing to digital where banks have to move from being financial institutions to service organisations.
“In the past people congregated in communities and eventually cities to maximise the advantages of connectivity. Today a simple hand-held device has the potential to open infinite doors, transforming individuals’ access to opportunities, regardless of where they are, and like never before in history.
“Historically, a bank account represented access to economic citizenship. Today, having a simple device enabling digital access to a modern banking platform is a passport to global connectivity and vast human development potential.”
The bank says it is using technology, and mobile phones in particular, to deliver low-cost transactional channels accessible to all our customers. The evolution in mobile can be seen in transaction options like cash back at the retail checkout till rather than the ATM, free digital banking rather than using a branch, and the ability to transact using digital wallets, even without a bank account.
“Developing comprehensive connected ecosystems requires a mind-set change from Africa’s banks,” says Montjane. “Banks will evolve away from traditional financial service organisations, into service ecosystems enabling broad universal access to almost everything like enhanced purchasing experiences of vehicles and homes, online procurement of goods and services and lifestyle elements like rewards and travel.
“These connectivity drivers will also act to future-proof evolving connectivity ecosystem by allowing us to offer untold future services while deriving income from as yet unrealised revenue streams,.
From a customer perspective, the kind of ecosystems of knowledge, access and, ultimately, connectivity that banks will come to provide will radically transform the share of life that almost all individuals will be able to access.”
Two-thirds of SA staff hide social media from bosses
With 90% of people in employment going online several times a day, it can be hard for most workers to keep their private and work-life separate during the working day (and beyond). The recently published Global Privacy Report from Kaspersky Lab reveals that 64% of South African consumers choose to hide social media activity from their boss. This secretive stance at work also extends to their colleagues, with 60% of South Africans also preferring not to reveal online activities to their co-workers.
Globally, the average employee spends an astonishing 13 years and two months at work during their lifetime. Interestingly though, not all this time is directly related to solving work tasks or earning a promotion: almost two thirds (64%) of consumers admit visiting non-work-related websites every day from their desk.
Not surprisingly, 35% of South African employees are against their employer knowing which websites they visit. However, more interestingly, 60% of South African are even against their colleagues knowing about their online activities. This probably means that colleagues constitute an even greater threat to future perspectives of an office slouch or maybe the relationships with colleagues are more informal and therefore, more valuable.
On the contrary, social media activity appears to be a less private domain for many and therefore, more suitable for sharing with colleagues but not the boss. This is probably because workers fear harming the public image of a company or interest in decreased staff productivity motivates companies to monitor employees’ social networks and make career changing decisions based on that. Such policies have led to 64% of South Africans saying that they don’t want to reveal their social media activities to their boss and 53% even don’t want to disclose this information to their colleagues.
A further 29% are against showing the content of their messages and emails to their employer. In addition, 3% even said that their career was irrevocably damaged as a consequence of their personal information being leaked. Thus, people are worried about how to build a favourable internal reputation and how not to destroy existing workplace relationships.
“As going online is an integral part of our life nowadays, lines continue to blur between our digital existence at work and at home. And that’s neither good nor bad. That’s how we live in the digital age. Just keep remembering that as an employee you need to be increasingly cautious of what exactly you post on social media feeds or what websites you prefer using at work. One misconceived action on the internet could have an irrevocable long-term impact on even the most ambitious worker’s ability to climb the career ladder of their choice in the future,” comments Marina Titova, Head of Consumer Product Marketing at Kaspersky Lab.
To ensure workers don’t fall prey of the internet threats at a work, there are some core guidelines to adhere to in the digital age:
- Don’t post anything that could be considered defamatory, obscene, proprietary or libellous. If in doubt, don’t post.
- Be aware that system administrators may at least, in theory, be informed about your web browsing patterns.
- Don’t harass, threaten, discriminate or disparage against any colleague, partner, competitor or customer. Neither on social networks or in messages, emails, nor by any other means.
- Don’t post photographs of other employees, customers, vendors, suppliers or company products without prior written permission.
- Start using Kaspersky Password Manager to ensure your social media and other personal accounts are not at risk of unauthorised access by someone else in an office. Install a reliable security solution such as Kaspersky Security Cloud to protect your personal devices.