Top tips to protect your small business against a cyber attack

Peter Wolski, Head of Information and Cyber Security at MYOB.

As the adoption of digital tools has become increasingly more important for doing business, it’s crucial that business owners know how to protect themselves and their operations against cyber-attacks, says MYOB’s Head of Information and Cyber Security, Peter Wolski.

COVID-19 increased the urgency for many businesses – particularly SMEs – to adopt digital tools. The 2022 MYOB Technology Snapshot – a survey of more than 500 New Zealand SMEs – showed 43% of SMEs increased their use of digital business tools (in the 12 months prior to the survey) due to COVID-19 restrictions, while 46% of SMEs hoped to improve the digitisation of their business further over the course of the year.

While we’ve seen an increase in digitisation, our Snapshot also highlighted that many businesses haven’t prioritised putting cyber security processes in place. In fact, just over a quarter (26%) of SMEs said they don’t have cyber security processes or systems established, and almost another quarter (24%) of respondents weren’t sure if they did or not.

With 15% admitting they don’t feel confident and 43% only feeling slightly or somewhat confident in knowing what to do if a cyber-attack occurred, it’s no wonder more than half of New Zealand’s SMEs are concerned about a cyber-attack on their business.

Cyber-attacks are on the rise across the world, including in New Zealand. Data from CERT NZ outlines each quarter there is an average of over 2,200 incidents reported and an average loss of $4.2million. With a range of geopolitical tensions on the rise and cybercriminals becoming more sophisticated, it’s worthwhile setting aside some time to assess your business’s cyber security systems and processes, to make sure you and your team are protected and ready to respond.

Here are five key tips to consider in line with CERT NZ’s guidelines:

Educate employees on cyber security
Our latest poll revealed that only 16% of SMEs currently offer staff training to protect themselves and the business from scammers or online phishing. Learning how to be cyber-safe and identify the red flags should become regular, essential training for business owners and employees. This includes understanding what to watch out for in terms of a potential cyber-attack and strengthening knowledge around the basics, like ensuring everyone in the business creates strong, unique passwords, as well as backing up data securely and using two-factor authentication (2FA).
Install software updates
Keeping your devices updated is one of the most effective things you can do to keep your system safe. Our research shows almost three-in-five (59%) New Zealand SMEs have around half or more of their business digitised. By setting your system preferences to install any new patches automatically it helps keep all digital systems secure. If systems need to be tested, ensure these patches are applied by an IT Support provider within a few weeks. It’s also important that those employees using devices for work purposes – even if it’s a personal device – ensure they’re using a supported operating system and software before accessing the business network, as well as keeping their devices up to date.
Implement two-factor authentication
Implementing two-factor authentication (2FA) will help protect both your systems and your customers’ details or accounts. It means that anyone who logs in will then also need to verify that they are who they say they are, and it can be implemented through internal systems or your customer-facing systems. It’s a simple but extremely effective tool for mitigating credential reuse, the risk of sophisticated phishing attacks, and many other cyber security approaches. While our 2022 Technology Snapshot showed that 43% of SMEs already have 2FA in place which is encouraging, it really should be mandatory for all business systems.
Back up your data
It’s extremely important to keep all your data safe – particularly personal employee or customer details, and documents generated by your organisation. Ensuring all data is backed up will mean you can still access the information if it is compromised in any way. It’s a good idea to set backups to happen automatically and stored in a safe location somewhere offline or in the cloud.
Have plans in place to enact if you are targeted
Having processes in place for when a cyber-attack happens is extremely important. In such high-stress situations, people aren’t always able to think clearly and a plan that helps team members understand the order of what needs to be done and by who, could make all the difference. This could include having a list of people to report suspicious behaviour to, in order to get on top of any malicious activity straight away. New Zealand’s Computer Emergency Response Team (CERT NZ), should be your first port of call to report any suspicious online activity. Their website also has a range of guides to help SME owners keep their business safe, online.