Tech and accountancy business MYOB says cybersecurity is a key risk smaller businesses often don’t pay attention to.
MYOB Head of Product, SME, Dale Dixon says companies and their staff need clear guidelines on how to protect themselves and governments ramp up lockdown restrictions
“In Australia we’ve never experienced a disruption to business on this scale. Not all businesses will have the knowledge or capability to implement a significant change to how they work quickly and safely,” he said.
“In addition to the technical challenges of implementing or scaling up remote working technology comes the risk of securing businesses against cyberattack.”
Dixon says the things SMEs should do to protect themselves online include updating software with the latest security upgrades and patches, installing and updating firewalls on home services and using technology to enable password protection, such as 2-Factor Authentication (2FA).
It’s also important that other home users, such as children, are aware of the risks from scams, malware and phishing attacks, especially when scammers have already moved quickly to try and exploit concerns over coronavirus.
Business communications should be protected by a VPN or another secure communication method if you’re hooked into public WiFi, Dixon said.
MYOB has produced a checklist of key security recommendations for SMEs working from home.
Here’s what you need to do:
- Update all software and operating systems with the latest security updates and patches
- Make sure firewall technologies are installed and configured appropriately on systems used at home
- Keep all endpoint protection services, such as anti-virus and anti-malware software enabled and updated
- Ensure routers and other telecommunications equipment don’t use default passwords and credentials.
- Use multi-factor authentication (2FA) for all remotely accessible services and systems where possible (2FA creates additional security by requiring a one-use code generated by an authorisation app)
- Update filtering for spam and malware on email systems
- Ensure backups are in place on all key systems and data
- Don’t store customer data without adequate security
- Keep staff informed of all incident response procedures as they apply to remote working
- Ensure that administrators or privileged users are aware and follow all security processes and procedures
- Provide adequate security awareness training regarding staying safe at home. You’ll find more on that here
The Australian government has more on cybersecurity in the time of COVID-19 here.
The Australian Signals Directorate’s Australian Cyber Security Centre has the following recommendations on the best ways to address cyber threats.
- Review your business continuity plans and procedures.
- Ensure that your systems, including Virtual Private Networks and firewalls, are up to date with the most recent security patches (see guidance for Windows and Apple products).
- Increase your cyber security measures in anticipation of the higher demand on remote access technologies, and test them ahead of time.
- If you use a remote desktop client, ensure it is secure.
- Ensure your work devices, such as laptops and mobile phones, are secure.
- Implement multi-factor authentication for remote access systems and resources (including cloud services).
- Ensure that you are protected against Denial of Service (DoS) threats.
- Ensure that your staff and stakeholders are informed and educated in cyber security practices, such as detecting socially-engineered messages.
- Ensure that staff working from home have physical security measures in place. This minimises the risk that information may be accessed, used, modified or removed from the premises without authorisation.