The Internet in its broadest sense is the Swiss army knife of business tools. As a minimum, all business at least use email, some of their functions are tied up with the cloud,or Point of Sale (POS), social media channels are the primary marketing tools, CRM is where all the customer data is, and many have their whole business built around a digital landscape. As we all become more enmeshed with online as a place for our business operations, whether front or back of house, it is important to be across how to do good business online and how to do safe business on line – and protect and mitigate business from being open to cyber attack.

Unfortunately, when there is a global disruption to business like COVID-19, and many businesses and people are in survival mode, this is when businesses become vulnerable to cyber attacks. As Australia and Tasmania head into pre-emptive preparedness with social distancing measures like working from home, and moving bricks and mortar businesses to e-commerce operations, it is important to audit your cyber security measures and make sure you are able to focus on what is important – keeping you and your family safe and your business trading.

Cyber attacks on small business fall under a few different categories. These tend to mimic the same strategies used with big business and government. You may wonder what your small or micro business could possibly have that would be of interest to cyber criminals hanging out in the dark web. The answer is the same thing that motivates all criminal activity – money, data and often just pure malicious disruption. While you may be a little fish, when data is stolen from a number of little businesses, all those small fish add up to a big school. And most small businesses don’t have the security in place like the big ones do. To mix a metaphor, it’s like stealing candy from a fishbowl. Let’s look at some of the main areas where your business can be at risk with this handy checklist:

• No unknown downloads. Make a rule against downloading files from unknown senders.
• Check your Firewalls. Make sure everything is up-to-date on all machines.
• Use current virus protection on all devices. Keep it current and updated whenever new patches become available.
• Insist upon strong passwords. Weak passwords are like an open door to your business.
• Update your operating system regularly. This is especially important when new security patches come out. Many computers do this automatically, but make sure you have the auto update function turned on so you don't miss out.
• Use a virtual private network (VPN). These connect you to the web with an encrypted connection so data being shared online can't be seen by third parties. VPN providers offer secure data connections between remote workers and your network too, which can be especially helpful if you send workers into the field (for deliveries or repairs, for example).
• MFA/2FA. Enable multi or two factor identification on all devices and accounts where it is offered.
• Make sure mobile devices used for work are secure. Don't store important passwords on any mobile device. Learn how to use remote wipe capability on your phones and tablets.
• Disaster recovery plan. Not having a plan is a disaster. By thinking through the critical elements of your business that could be compromised, and what the damage may be, you can apply the fixes and antidotes before anything happens - and have a plan of attack when it does.
• NDB (notifiable data breach). Never send sensitive data unencrypted and unsecured, not just end to end via email, but physically controlling who has access to the data/file. A document containing personally identifiable data or medical records for example should be transmitted via a password protected PDF (or equal alternative) as a minimum.
• People are flawed. Yes, even you. So don't assume everyone is doing the right thing, and be actively alert and across your staff, their actions and all elements of your business and give them adequate security training.
• Outsource overwhelm. All too hard? There are plenty of companies and consultants who will happily come in, audit your business and provide solutions. Whether it is your time and money or their time and your money, this is a non-negotiable expense that will save you far more than it will cost you in the long run.

The COVID-19 pandemic is a graphic reminder that disasters happen and they happen to us. You don’t want to double the devastation of business continuity and disruption by not being able to access any of your business data. The good news is managing Internet security, even in a global pandemic, is simply a matter of knowing the risks and mitigations for your business, thinking through a strategy and putting suitable measures in place.

To help you out, read through our comprehensive fact sheet [insert new link here], keep up to date with what is happening nationally through the Australian Cyber Security Centre and be wary of any unsolicited attempts that ask for sensitive personal or business information, even if they seem to come from a reputable organisation.

This is an example of a current scam targeting people about getting tested for the virus. Yep, those scammers will stoop to anything.

Stay healthy, stay trading, stay alert (but not alarmed).