Cybersecurity TipsAug 01, 2021
Prefer to watch on our YouTube channel? >>> Click here
What you Need to Know
Cybersecurity has become a much bigger issue in the last few years than it has ever been for business owners.
There are lots of new schemes and security issues popping up that you need to be aware of. You should know I am not a cybersecurity expert. But as a business educator and someone who helps people manage their time and their money, I really want to encourage business owners to have a good understanding of why cybersecurity is important and why you need to be across the basic things you can do to protect your business. Otherwise, if you are the unlucky victim of a cyberattack, it will cost you money.
One of the main things to keep an eye out for and be very careful of is phishing emails.
Now that there is much-improved security online for business owners, online scammers are really focusing on phishing emails.
These emails are the ones that come to you looking like they're from, for example, Westpac or Go Daddy or Google. They do a really good job at copying emails from those companies and they can look very real.
Business owners can easily be tricked into thinking the email is from those companies.
When you click on a phishing email, it might say something like, 'Your bill is overdue'. Now if you happen to have a bill due from that company, then you're already on the back foot and may think you need to pay it.
And so you use this email. You might click on the link that it has at the bottom to say, for example 'pay your bill now'.
However instead of that money going to, let's say, Go Daddy, it goes to the scammers who are doing these emails and they've falsely taken your money. In this situation, there's really no way of getting your money back in most cases. These are very common emails, please keep an eye out for them. Let your staff know to be very careful about clicking on any suspicious or unusual emails.
Be knowledgeable about what emails do come to you from regular suppliers, and if the timing or wording of an email seems a bit unusual, or if it gives you a feeling of '
Is this correct?' then it likely isn't. You should look into the email detail's and confirm whether the content of the email is correct, for example, whether a bill from that company is actually overdue.
You can also usually tell from the email address in the 'From' section. It often has misspelt the company name so, at first glance, you might think it's correct eg Westpac might be Westpac. Or the email address can also be very obvious that it's not from the company suggested.
Additional Security Measures
Let's look at some additional things you can do in your business to reduce the likelihood of your business being attacked. Another growing trend is a scammer getting control of your business, your login's, and locking you out of your business, for which they then request a ransom. These sorts of attacks on small business owners are more common than you think. I personally know 2 business owners this has happened to in the last 6 months (as of August 2021).
The first security measure you should implement if you haven't already is two-factor authentication. It requires logging in with your normal logins to a system and then accessing or being sent a code to put in to get into the actual system.
It will often use software like an Authenticator app, or via text or email with a code.
This is something that's highly recommended. If someone is trying to get into your online systems to lock you out of your own business, then two-factor authentication is one of the best ways to stop that from happening.
If they don't have your phone, they're not going to be able to get the additional code required to log in.
I would suggest having two-factor authentication set up on any program, software or system you use that offers it to you. Some people don't like the additional step, but you have to consider that the inconvenience of login and then enter an additional code from your phone is far better than someone hacking into your system and locking you out of it.
The second security measure is to make sure your phone, iPad and your computers are always turned off or use a pin code to access them so they're not accessible or not left open for anyone to walk up and start using it.
And additionally, make sure you log off computers properly at the end of the day and that you do the updates when it's suggested as you log off.
As the business owner, you need to ensure that all company phones, i-Pads and other work equipment have all of the apps updated regularly, as well as the plugins on your website if you use something like WordPress.
Hackers can get in through old versions of apps and website plugins, so that's a really easy security measure to implement, making sure they're all up to date and also doing regular backups.
On phones and i-pads in particular, it's very easy to do a backup when you are connected to WiFi and charging at the same time. Also making sure that you are regularly checking equipment for required backups through the settings function, where it will usually let you know when the next backup is due.
Doing the Basics
It's really important the basic security measures are in place in your business. Two-factor authentication and updating apps and plugins regularly are things you could implement today to help prevent your business from being affected by a cyberattack.
There is also the more common security that businesses usually already have in the form of online computer security systems, such as Nortons or McAfee. These subscriptions should be monitored to ensure they don't expire, and most will alert you regularly coming up to your renewal date.
For any business owner, being locked out of your online systems and unable to run your business will be an inconvenient, very costly and time-consuming event and one to be avoided at all cost.
One final security measure to consider is an app that I use called LastPass.
There are plenty of free ways online now with Google etc, that will save your passwords and accept/sync them across all your devices. Some even advise you if they suggest changing your password due to it being too frequently used or compromised in a data leak.
LastPass provides this type of password security and management but at the next level of security from a free version like Google Password Manager.
Using LastPass means you don't need to log in every single time, on every single platform. You login once to your LastPass account, then click through to the apps or pages you want to log into, that you have set up under LastPass.
It saves all of your passwords, like Google, but it's a very highly secure system.
There are other options besides LastPass. If you Google 'LastPass' you will get other options from their competitors.
I highly recommend LastPass. I use it in my own business, it's very affordable and easy to use.
It's a great way to protect your business with the multitude of passwords we now have to manage daily. There are still people using written notebooks containing all of their passwords (this used to be me until LastPass).
This is a much more secure way of recording your passwords, with lots of additional benefits. It is also a safe way to share passwords to staff members while managing their access eg a Virtual Assistant.
You can check out LastPass here. (this is not an affiliate link)
So those are my best tips on making some quick changes in your business to protect you and things to be aware of at a basic security level.
Please do implement these minimal security measures into your business. As business owners, we cannot afford to lose precious time and money due to security issues we could easily avoid.
Have any other security tips? Let me know and I'll add them to this blog for other business owners. You can email me at [email protected]
New blogs, podcasts and quick-action resources for finance and money management.
We hate SPAM. We will never sell your information, for any reason.