Protecting Your Business Online

Man on phone

There are several risks that you’ll face in business from cybercrime and loss of data to potential denial of service ransom requests. Safeguard your business from anything that may impact your survival and growth.

Watch out for warning signs

First, it’s worth paying attention to anything the seems out of the ordinary such as:

  • Large, unusual transactions from unknown buyers.
  • Payment with many different credit cards.
  • Rush orders or any type of unusual urgency from a customer.
  • A high volume of transactions in a short period of time.
  • A customer orders small amounts and pays on time (building trust), then places a very large order (which they don’t intend to pay for)

If you’re not sure whether a transaction is legitimate, implement a few extra steps to double check.

  • Call the customer to confirm their order
  • Reject any order you’re still suspicious of. If it doesn’t feel right, it probably isn’t.

Educate your team

Provide training and regular updates to help your team identify and prevent fraud and spot suspicious transactions. Make sure your team are aware of the consequences of fraud. Customers could be heavily impacted as they won’t have access to funds for an extended period and your business could be liable for purchases made on a compromised card.

Secure your data

Your business data is possibly your most valuable asset. Imagine if all the information on your computers, laptops, software and devices was wiped clean (either by mistake or by a malicious attack). Reduce the chance this will occur by:

  • Only hold the customer data you need. The more information you hold, the higher your security risk.
  • Regularly back up automatically and store them secure offline. You can then restore your data if it’s lost, leaked or stolen.
  • Set up logs to record all the actions people take on your website or server. Set up alerts to notify you if an unusual event occurs. Make sure someone checks the logs when an alert comes in.
  • Create an incident response plan to help you get your business back up and running quickly if your business is targeted by cyberattack. Talk to your staff about the plan ahead of time.
  • Select a cloud services provider who will provide the right services for your business. Check their data and security policies. Ask if they’ll do backups and if they offer two-factor authentication
  • Create an Acceptable Use Policy for all employees to agree to that clearly states the restrictions of communication, data, and other guidelines to minimize risk and data loss.

Check your internal systems are well managed

Part of protecting your business online is putting in place procedures that are compulsory for all employees to agree to (often it’s best to put these conditions into employment agreements and flag non-compliance is serious misconduct). Consider asking staff to:

  • Make sure anyone who logs in to your system has to provide something else on top of their username and password, to verify that they are who they say they are.
  • Change default passwords and check for default passwords on any new hardware or software. If you find any default credentials, change the passwords.
  • Use creative recovery answers as security answers like your pets name or your school can be easy for an attacker to find out. Choose novel answers that aren’t necessarily real.
  • Create unique passwords for each account so if an attacker gets hold of one of your passwords, they can’t get access to all of your other accounts.
  • Don’t give out personal information. Legitimate-looking emails are very clever at trying to trick us into giving away personal or financial information. Stop and check if you know who the email is from.
  • Be smart with social media. What you and employees post on social media can give cyber criminals information that they can use against you. Set your privacy so only friends and family can see your details.

Protect your financial information

Possibly you could survive a cyberattack which disrupts your business. It could be annoying, time wasting and embarrassing to fix whatever has been hacked. But if your finances are impacted, it’s a different story.

Reduce the chance of financial loss by:

  • If you need to pay a new supplier, or to change bank details, double check it manually by phone or text before you approve any payments. Do this for any unusual or unexpected requests.
  • Check bank statements regularly as that could be the first tip-off that someone has accessed your accounts. Ring your bank immediately if you see something suspicious.
  • Get a regular credit check to alert you if someone else is using your details to get loans or credit.
  • Keep an eye on your network and install software updates to stop attackers getting access to your business network through known vulnerabilities. Software updates often contain security fixes. Vulnerability Scanning software can help spot weaknesses on computers, and network devices that need to be remediated.
  • Enable security software, like antivirus, to prevent malicious software being downloaded to any device that accesses your business data or systems. Free online antivirus software can be fake. Purchase antivirus software from a reputable company and run it regularly.
  • Configure network devices like firewalls and web proxies to secure and control connections in and out of your business network. Use a VPN that uses mf authentication if you need to remotely access systems on your network.
  • Be careful using free Wifi and hot spots as they are untrusted networks so others could see what you are doing.

Like most things in business, prevention is better than a cure; a little planning now could save you a significant financial cost in the future.

Buy cyber insurance

Most people pay home, motor vehicle, business interruption or disaster insurance but a catastrophic cyber event could do more damage than burning down your business.

Cyber insurance has a place to reduce the impact of any event, depending on the likely cost of all your IT systems and reliance on the internet being stable. If cyber insurance is cheaper than cleaning up the outcome, then you should probably buy it.

If you don't want to buy insurance, at the very least, spend money and time to mitigate the event in the first place.

Skip to content