Around 63% of businesses were interrupted due to a breach last year. And with year-on-year increases in reported cyber-security events – like cyber crime and cyber attacks that can lead to identity theft – the right time to correctly set up your business’s data security with a health check is today.
Why do you need to do a complete audit?
A myth endures, especially when small businesses consider their network security: that only bigger businesses are the targets of cyber attacks that aim to steal data via a security breach. But the past five years have brought about a paradigm shift in cyber threats.
Whether your business is small or large, your data is equally valuable and, more and more, cyber-criminals will attack a smaller business to reach someone else in their contacts list. With the right code or ransomware, a cyber-criminal can target a thousand small businesses in the same time it takes to attack one large enterprise.
So how do you counter these threats and protect your small business from a cyber attack? You need to evaluate all areas of your business, and an effective – and essential – way to do this is with a cyber-security health check, a process that involves more than basic internet security hygiene like updating your software and antivirus tools. Ensuring the basics are in place is just the beginning.
The principles of a cyber-security health check assessment
Vulnerability: An assessment of the level of security and governance in place.
Complexity: The size of your business and the variety of components in your business.
Desirability: The value of your business’s information, whether for theft or ransom.
Is your business at risk of cyber crime?
Learn to assess risk and safeguard your business against online threats.Access reportIs your business at risk of cyber crime?
Arrive prepared: Here’s how to speed up your health check
Unless you’re an IT professional, you may not be aware of the different ways cyber-criminals can get at your business and your customers’ data.
Do you think it’s a matter of keeping your antivirus software up to date, being phishing-aware or avoiding dodgy links? Think more broadly about network security. A properly governed health check covers all layers of essential business operations.
Why? Because there’s more to it than just the security-specific measures you have (or don’t have) in place. Assessing your business’s overall cyber-security posture helps you safeguard your data protection and information security. Taking a holistic, business-wide approach puts you in a better, more secure position.
Make a start: Six things to think about before a cyber-security health check
- Where is your data? Many people don’t understand what data they have, where it is and what’s important – different types of data have a different value.
- Who has access to your information? During a security audit, it’s common to find staff who have left a business yet still have access to important items.
- Do you practise identity data management? It’s vital to make sure files are only accessible to the people who should have access.
- How do you back up your data? Know what backup regime – if any – you have in place. A disconnected hard drive holding valuable data, for example, might be improperly (or never) assessed. And simply uploading everything to the cloud isn’t enough.
- Do you know what antivirus software you have? And what you’re using across devices? Many small businesses collect a mixture of devices and software as their needs change. A clear idea of what you use on every device is essential.
- Are you aware of machines and devices that only use your network occasionally? What the experts can’t see, they can’t evaluate. To properly audit, a specialist needs complete access to all your devices.
Checklist: Step-by-step preparation for your cyber-security health check
The cyber-security experts you commission for your health check don’t need every detail upfront before they start, but a close-to-complete picture will help them prioritise and solve your business’s biggest weaknesses first.
Here’s a checklist you can start ticking off right now to help you collect all the things you’ll need to know and show, so you can shore up your security more quickly.
Assets: Be informed about your information ☐
Locate all the information you have, including any within business intelligence tools – from customer details, payment records and employee information to all business and personal financial and legal records. This also includes any intellectual property, like marketing creative and product design.
Recovery: Consider how you bounce back ☐
Check whether you have a plan to recover from a cyber attack or resulting data breach. If you lost information from computers, mobile phones, servers, online or in the cloud, consider how long it would take you to recover based on the plan you have in place.
Systems: Make a list of your systems tech ☐
Make a list of all the systems technology you use in your business. This includes firewalls, routers and servers, plus anything for physical security that’s connected to the network, like cameras, security systems, point-of-sale tech and third-party cloud services.
Devices: Take a closer look at how you approach device security ☐
Collate details of all the employee and business devices you use. Take stock of how you manage security across them all. Think: Do you use PINs, fingerprints or passwords? Do you have a dual-authentication process? Are antivirus and malware scanners enabled? Do you use whitelisting?
Measures: The things you’re doing now ☐
Ask yourself if you update and patch all apps, systems software and devices; prevent personal devices from accessing your business network; actively manage passwords; and oversee the approval of all apps that run on work devices.
Your website: Make a note of your site’s functions ☐
Jot down any and all functions on your website that involve the following interactions with a website visitor: e-commerce payments and transactions, file uploads, discussion boards and chat. It’s important to know where and how you collect data.
Backups: How do you do them? ☐
Record your backup process. Backups need to be regular and across multiple locations, for added security. How you back up your files, data and so on, will make a huge difference to how well you respond to an attack.
Rules to follow: Compile your policies, guidelines and plans ☐
If you have a register of important business information items and a list of responsible people, locate these. And unearth any policies and guidelines you have about information access, software updates, data storage, how you identify security threats and more.
Testing testing: Make it routine ☐
An easy one that's easy to miss: look at your schedule for security testing.
You’ve taken the first step towards stronger security
Data protection in small business is essential. And now you have a clear picture of most of the elements that go into a cyber-security health check for your digital security. What’s next? Evaluation. Telstra Business Cyber Security Services experts can take the information you’ve collated, assess your business’s current security posture and offer personalised recommendations.
Ensure your business is cyber-secure
Get security assessments, updates on the latest threats and 24/7 support with Telstra Business Cyber Security Services.Find out moreEnsure your business is cyber-secure