Data security is the practice of protecting digital information from unauthorised users. A good data security strategy considers the physical security of hardware and the cyber security systems that can help protect business software applications.
When you have a data security strategy, it helps defend your business against hackers and cyber criminals. The increasing importance of data protection reflects the changing landscape of business security, which now extends beyond the perimeters of your physical premises.
Online ways of working have changed the ways we share and interact with digital data. No longer do we engage with colleagues and customers in person only, we also frequently do so online. This reality creates what IBM refers to as an "expanded attack surface" that can be more challenging to monitor and secure.
Today, many businesses are aware of the importance of data protection. Even so, several myths about best practices remain. Here, we debunk five key myths to help you maintain strong data security practices.
The reality is, cyber criminals target businesses of all sizes. Big software companies are constantly monitoring their products for potential vulnerabilities that hackers can exploit. So, ensuring that your employees’ operating systems are up to date is the easiest way to help ensure that your small business cybersecurity systems are protected against known issues.
This is true for all devices, including computers as well as any phones and tablets your team may use for work.
Working from home and remotely is now the preference for many employees. When people work from a range of devices in different locations, network security becomes more important. So, if you run a business, it’s important to ensure that staff connect to their devices on trusted Wi-Fi networks.
If your employees are working in public places, encourage them to avoid connecting to free networks and to instead tether to their mobile device. Open networks are unsecured, and cyber criminals have been known to establish their own networks in public spaces to lure in unsuspecting users.
As defined by Cisco, cyber insurance is an insurance product designed to help businesses defend themselves against the effects of cyber crimes, such as:
If employees forget to update their passwords, cyber insurance can help cover you against cyber threats. Passwords should also be updated regularly to minimise the risk of security breaches. So, it’s good to encourage employees to update their passwords regularly.
Tip: The strongest form of password is what’s called a passphrase, basically a password made up of a series of words, special characters, and a mix of upper and lower case characters. Passphrases should be unique to each device and software system to help further protect your business.
Businesses are sometimes the target of impersonation attacks. This is a form of fraud that involves a hacker pretending to be a trusted party to trick you into doing certain things. The cyber criminals behind impersonation attacks may pretend to be an individual, brand, or organisation you know and may convince your business to do the following:
An impersonation attack is a particular type of social engineering attack, a kind of cyber security attack that relies on the psychological manipulation of human behaviour. So, make sure you educate staff on signs of social engineering scams, including the receival of unusual requests that are often written with a sense or urgency.
Tip: Teach employees to be sceptical of unusual messages, even if they appear to come from someone they know. Information protection is crucial, so encourage them to delay acting on requests until they’ve established the identities of the people they’re talking to.
The truth is that security breaches can lead to data loss. To help with data protection, you can set up a business central server that staff can access remotely. This allows employees working across multiple locations to save data to a central location.
When data is saved on a business central server, you’ll still be able to run your business effectively if individual employees lose their local data, or if data is corrupted or stolen due to a cyber crime. Remote back-up systems also defend your data against incidents such as data theft or loss, helping to keep your business data safe from privacy breaches.
When it comes to creating a cyber security strategy, it can be tricky to know where to start. The good news is there is a lot of help available for small and medium businesses in Australia.
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats.
To check if your business is ready to defend itself against cyber security threats, it’s worth reviewing the Strategies to Mitigate Cyber Security Incidents by ACSC. This document highlights what is referred to as the ‘Essential Eight’, which are the top eight security practices recommended by the ACSC.
To learn more, you may also like to explore the Essential Eight Assessment Guidance Package, a resource that provides business owners with detailed assessment methods for each security control within the Essential Eight.
Originally published November 2021. Updated March 2023.
By signing up for Cyber Wardens, a program from the Council of Small Business Organisations of Australia (COSBOA) that aims to educate businesses like yours on how to help fight online threats.
Learn how to choose the right technology solutions. Get help to boost efficiency, build skills, and integrate tech.
