Implementing and maintaining robust cybersecurity practices is a top priority for small business owners. As much as we might not like to think about cybercrime, it can present a real risk to the security of the data, information and finances of businesses and customers.

The Australian Cyber Security Centre found that during the 2022-2023 financial year, the latest range for which data is available, the average cost per cybercrime report to the ACSC was $46,000 for small business – making lax cybersecurity practices a tangible threat to the health of businesses.

Fortunately, there are straightforward and cost-effective ways owners can increase their resilience to cyber security risks.

Basic cybersecurity tips

The ACSC recommends small business owners consider a series of easily implementable actions. These suggestions include:

  • Turning on automatic updates, especially for operating systems
  • Creating passphrases – rather than passwords – that are long, predictable and unique
  • Educating yourself and your staff against cyberthreats

Jackson Yin, Managing Director and Co-Founder of kit home supplier iBuild Building Solutions, shares some of the techniques he has used to help protect his business’s cybersecurity. These include:

  • Basic security measures. “We’ve installed antivirus software and firewalls, and enabled two-factor authentication to prevent cyberattacks.”
  • Employee training. “We educate our employees on basic cybersecurity best practices, such as identifying phishing emails and securing their devices.”
  • Data backup. “We regularly backup our data from our shared Google Drive onto our network attached storage drive to prevent data loss in case of a cyberattack.”
  • Software updates. “We ensure that all software, including operating systems, applications and plugins, are up-to-date with the latest security patches.”
  • Security audits. “We conduct quarterly security audits to identify vulnerabilities and address them before they can be exploited.”

These techniques require vigilance, says Jackson, but the boost to cybersecurity is worth the effort.

Tips from a Prospa expert

Shai Haim, Chief Technology Officer at Prospa, identifies four key motivations for introducing effective cybersecurity practices:

  • Business continuity. “First of all, there’s the issue of business continuity,” he says. “A cyberattack can take your business down completely, so if you are online in any way, there is potential for someone to get into your system and disrupt your business.
  • Customer trust. “There is also the issue of trust. Customers entrust you with their personal data and sometimes their financial data. You do not want to betray that trust.”
  • Finances. The financial and time-related cost of recovery from a cyberattack can be excessive, and more than some small business owners might be able to afford, says Shai.
  • Data compliance. “Depending on what kind of small business you are, there might also be regulations you must follow to stay compliant,” he adds. “If you are an accountant or a law firm for instance, there will be regulations around what you can do and how you should protect data.”

Shai suggests a two-part approach to cybersecurity. First relates to technology and having good “device hygiene”.

“Make sure your software is up-to-date on all your devices and use a password manager if you can,” he suggests. “A password manager is the best solution for all of these problems.

“These days, the recommendation is not to use a short password with high complexity. It’s to use long but memorable passphrases. Take a line from a song that you like and use that as your passphrase; a 14-character phrase would be harder for anyone to break.”

The second aspect of a good cybersecurity strategy is remembering the human factor.

“At the end of the day, a system is only as strong as its weakest point,” says Shai. “Humans are the weakest point in security systems, so educate yourself and your team members, if you have them, about social engineering.

Social engineering refers to the methods used to manipulate people into carrying out specific actions or divulging information.

Stay vigilant to who has access to what information, as this can pose a risk.

“You do not want to get to a point where an employee manages to get access to information they should not have.”

Prospa’s dedicated in-house cybersecurity team works to ensure customer data is kept safe and secure, and takes a variety of security measures to help protect small businesses, including fraud controls, two-factor authentication, advance data encryptions and card freezing.