When I mention online security for small business I do note that many, many business people's eyes just glaze over.
I get it. It can be a dry topic and one in which pedlars of solutions ramp up the rhetoric of fear to force you into their sales funnels.
But this week I was lucky enough to interview the Adelaide Joint Cyber Security Centre's Director, Dr Gaye Deegan, on behalf of the Adelaide Business Hub, and she was quite frank about how real the cyber security threat is, especially for small to medium businesses.
I'll share some of her messages, below, but for context, two other items hit my desktop this week, that make it a no-brainer to stop what we're all doing and take our online security seriously.
Firstly, the auDA (au Domain Administration Ltd - the body that develops and administers the rules for Australian, top level domains), released its report, Digital Lives of Australians 2021, and secondly, Spotify (the online music streaming service) sent me and other users our personalised report of our top artists and songs from 2021.
Let's unpack this.
The Digital Lives of Australians and what it means for us and our online security for small business
At a very top level (no nerdy pun intended) the auDA CEO, Rosemary Sinclair AM, drew our attention to a few salient findings from the nationwide survey that leaves no doubt that neglecting online security is a recipe for personal and business disaster.
- Most consumers (89%) feel that the Internet has a positive impact on their lives and has improved all aspects of their lives.
- Most small businesses use the Internet every day and almost all small businesses (92%) feel the Internet is important to their business and is an invaluable channel for generating revenue
- 84% of small businesses value the Internet as an important channel for engaging with customers
- The majority of working Australians rely on the Internet, with 58% telling us they could not perform their job without it
So now it's time for an "imagine if" scenario. Imagine if we got locked out of our computers OR our social media accounts were taken over by criminals or vandals? Let's just think about the pain and disruption, the financial cost, and the potential reputational cost involved.
It's hard to even force ourselves to think about it.
But when we see that 89% of us believe the internet has improved all aspects of our lives (including how we engage with businesses and buy from them) and that 58% of us simply could not do our work without it (move over Covid, we can work around you but an internet disruption ups the stakes beyond your level of dystopia), it really is time to MAKE TIME for going through some sort of audit or discussion about online security for small business (yours and those of other people you know).
Spotify just made it real
The Spotify annual, personal report of my most listened to songs and most listened to artists is disarmingly accurate and comprehensive.
For example, it revealed that Hallelujah by Leonard Cohen was my most played song this year. And it surprised me by revealing that Bruce Springsteen was my most played artist overall. I would never have guessed that, but upon reflection, the Leonard Cohen song was used in the green room before each of my performances and speaking engagements this year, and Springsteen was on heavy rotation for a while ahead of me reviewing a Bruce Springsteen Tribute Show and needing to get up to speed.
What this quirky little tidbit should remind us is that every single online service we touch or use, remembers everything about us. Our digital fingerprints are many. What follows is that having weak links in any of our more serious services (email, banking, websites, social media accounts), not only gives criminals access to funding and the ability to charade as us, but they also get a front row seat into our lives and history; business and personal.
Dr Gaye Deegan and online security for small business
One of the most sobering insights from Dr Gaye Deegan was her revelation that the cost per cyber attack for small and medium businesses is much larger than the cost for attacks on big business.
Let that sink in.
We are more vulnerable because we tend to have less protection in place and a smaller pot of money we're operating with, therefore, if and when we get hit, we get disproportionately hit.
And yet, there are some really simple measures that can be put in place today.
According to Dr Gaye Deegan, some fast gains can be made by:
- Implementing Multi Factor Authentication - turn on the options for your email service, website administration, banking accounts, and social media accounts to prompt for a second or third form of identification whenever you log in, eg, send a confirmation code by SMS.
- Take passwords seriously - by switching from simple passwords or even short, jumbled passwords to passphrases that you can easily remember, can make it exponentially harder for criminals to crack the code, eg, pizzamustalwayshavepineapple could be easy for you to remember but is terribly hard for a crim to crack, even harder than 8jHg4$3ba.
- Double check emailed changes from suppliers - when you get emails from suppliers alerting you to different bank accounts to pay into, or other important changes, always confirm by calling them via a publicly available phone number (not one that came in the potentially compromised notification message) to make sure, eg, many businesses have fallen for this and paid money into a criminal's account because they understandably trusted the email that had come from a trusted source.
- Always apply updates - patch, patch, patch, always apply updates to software and operating systems as soon as possible so that you benefit from the latest moves to reduce vulnerabilities.
- Back up with a version offline - it's one thing to do backups but it is another thing to always have an offline version because if your system falls victim to ransomware (bad code locks all your files until you get the decryption code from the crook for money - which Gaye says you shouldn't pay), make sure you have a backup that is independent of your system because the malicious software almost always locks back up files too.
I'm going to make this a priority to review over summer and I hope you follow.
The Australian Cyber Security Centre has just released a lot of new resources, which you can find and access here: Australian Cyber Security Centre Small To Medium Business Resources.
Here's to a Merry Christmas and a SAFE, SECURE, and prosperous New Year.