Data security pitfalls: What every business should know

Cybercriminal activity ranks as the second most reported economic crime in Australia as businesses become more reliant on cloud computing, online banking and social networking. According to a PricewaterhouseCoopers (PwC) Global Economic Crime survey, more than 60 per cent of businesses believed cybercrime risk had increased over the past 12 months, yet less than two in five had the resources to investigate this type of fraud.

Another survey by the Australian Business Assessment of Computer Use Security (ABACUS) revealed nine in ten small businesses failed to set automatic IT updates for their systems - highlighting the importance of taking concrete measures to ensure data security.

Data security, described by Small Business NSW as techniques for ensuring that computer data can't be read or compromised, is an area that most small businesses neglect. In fact, this is probably one of the last things SMEs think about but is no less important than the day-to-day running of their business. Here are three key areas that businesses tend to overlook and what they can do to safeguard themselves.

Employees

Employees may be unwittingly opening themselves and the business up to the many forms of cybercrime, for instance by clicking on links within spam emails, failing to regularly change their passwords or giving out their personal information.
This enables malicious software to be installed on your computer system that can not only corrupt your data but also gives hackers unintended access to your network. This can 'leak' out sensitive customer data such as full names, addresses, passwords and credit card information, causing irreparable damage to your reputation and potential financial loss.

And if you think that scammers would never be interested in targeting a small business, think again - SMEs make easier targets than bigger businesses as they generally have more lax security policies and software.

Some tips to improve your data security practices include:

  • Encouraging Employees to frequently change their passwords (at least once a month) and to choose a combination of letters, numbers and symbols.
  • Training staff in sensitive document management, e.g. refraining from storing sensitive documents on USB or external drives
  • Disabling accounts when an employee leaves
  • Shredding sensitive documents that are no longer needed
  • Determining who can access certain types of information - not everyone needs to know everything
  • Encouraging Employees to log off their computers when leaving their desk

Computer systems

Don't wait for a security breach to occur before you review or update your computer IT systems - after all, prevention is always better than cure. While Employees play a vital role in ensuring malicious software doesn't get installed on your system, inadequate security infrastructure, such as poor firewalls and passwords, can make your business vulnerable to hack attacks.

According to data security company Trend Micro, businesses should focus on data-centric security for confidential information, which entails relying on not only traditional outside-in protection but also on protection from the inside-out.
Consider the following points to help you strengthen your systems:

  • Use Secure Sockets Layer (SSL) or other secure connections for all online financial transactions
  • Encrypt confidential data
  • Review security logs - this can alert you to failed attempts to logon
  • Perform regular network scans
  • Update your operating system and application software, particularly anti-virus software
  • Ensuring that only a limited number of Employees have remote access
  • Installing passwords on sensitive data/files
  • Backup your data regularly

Social networks

LinkedIn's recent security breach - in which millions of passwords were stolen by hackers - called attention to the importance of safeguarding data on social networks as well as how much information users should share online.
According to a PwC report on social networking, hackers can use social media to infect a corporate network with malware and viruses as well as steal intellectual property. It doesn't stop there - Employees may share confidential company details with their social network (sometimes unintentionally), which can spread like wildfire online and damage a company's reputation.

While you can't stop your Employees from accessing Facebook, LinkedIn and Twitter, you can reduce your risk of cyber attacks by taking the following steps:

  • Develop a social media policy for your Employees and for your corporate social pages, if you have any
  • Educate your organisation on social media risks
  • Improve your Internet security by installing anti-virus and verification software to prevent phishing and block spam
  • Install data loss prevention (DLP) software to scan outbound information
  • Limit social media access on company computers

For more information on cybercrime and SME fraud, read Fighting fraud or Fraud protection for SMEs.

Connect with us to receive updates throughout the day:

Like us on Facebok Follow us on Twitter

Dun and Bradstreet AustraliaTop of page Dun & Bradstreet Australia Pty Ltd 2015 | D&B Small Business    *About Us    *Sitemap    *Advertise    *Privacy    *Terms & Conditions