The need to protect computers, programs, networks and data from attack, damage, theft or unauthorised access is not restricted to governments and large businesses.
With governments and large businesses spending considerable sums of money protecting their systems, criminals are turning their attention to softer targets like small businesses.
According to CPA Australia, one of the world's largest accounting bodies, across the Tasman in New Zealand, cybersecurity is therefore a real issue for small business.
For most, it is not a matter of if you will be attacked but that you have already been attacked or will be attacked.
The question therefore is - taking into account that client data may be the primary target of such attacks - what can you do to reduce the risks of attack and the damage such attacks may cause?
There is no one single action you can take that is going to protect you from cyber attacks. The following lists some of the actions you should consider to improve your cybersecurity:
Know your business
It is important to be fully informed as to how all aspects of computing services your business uses are provided and protected.
For a small business today, there have never been so many services and applications that can be accessed via the internet or cloud, and can be used in the office or on a mobile device.
There is usually little or no opportunity to vary the terms of use of these services. You should consider how your business would operate if that service was unavailable for a period of time, how easily you can move your information to another provider and how your provider is protecting your information from data loss.
Cybersecurity starts and ends with you and your staff
You can invest considerable sums of money on systems and hardware to protect your network only to find a simple error or an inadvertent sharing of passwords by a staff member can allow a criminal to circumvent all those protections.
You must therefore establish and enforce basic security policies, and train staff so that they are aware of secure behaviour, and have a reasonable idea of when someone may be inappropriately seeking confidential information from them.
This could be via an email (known as phishing), over the phone (known as vishing) or even via text message (sometimes called smishing).
You should give one staff member responsibility for regularly communicating and training you and your staff on cybersecurity issues.
Keep your software up to date
Have anti-virus software and make sure it, your web browser and operating systems are up to date. Set anti-virus software to run a scan after each update.
Enable automatic updates of such software and prevent employees from disabling these updates. Use application ‘whitelisting’ to help prevent malicious software and unapproved programs from running.
Have a firewall
Make sure your operating system’s firewall is enabled and prevent staff from disabling it. If employees (or others who have access to your system) work remotely, ensure their systems are protected by an appropriate firewall and that it is up to date.
Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office and operating system vulnerabilities.
Identify your assets that may be vulnerable to attack
Do a stocktake of what assets you have that could be vulnerable to attack so you know what you need to protect and prioritise risks. Assets include physical and virtual such as intellectual property.
Do regular backups
Regular back-ups that are stored at a secure offsite location or in the cloud should allow you to get your business up and running very quickly after an attack.
Fully test whether those backups work on a regular basis. If you use a cloud backup service and you are storing sensitive client information, you should encrypt the back-ups beforehand.