Table of contents
In simple terms, cyber security involves the protection of computer systems, networks and programs that are connected to the internet from digital attacks. It’s a combination of the methods, technologies and processes that protect your business’s assets and information from accidental or illegal use, corruption, theft or damage (collectively known as cyber attacks).
As we increasingly use the internet to do business, it’s vital to have an effective information security strategy in place to protect your organisation from cyber attacks.
What are some common cyber threats?
As businesses become more digitally focused, cyber threats are becoming increasingly common – and cybercriminals are getting more creative. While cyber attacks come in all different shapes and sizes, some of the most common approaches are:
Malicious software (Malware)
Malware is a general term used to describe unauthorised software designed to cause harm. Malicious software includes viruses, spyware, trojans and worms, and is often used to steal confidential information (such as payment details and passwords) or install programs without your knowledge.
Malware is usually distributed as a link or attachment in spam email or messages, via malicious websites that attempt to install the malware when you visit, or by impersonating legitimate software that you download and install yourself.
Ransomware
Ransomware is a type of malware that makes your computer or files unusable unless you pay a fee (ransom) to unlock them.
The Australian Cyber Security Centre advises against paying any ransom that’s demanded after a cyber attack as there is no guarantee that your device will be unlocked, and paying a fee may make you more vulnerable to future attacks.
Scam emails (phishing)
Phishing emails appear to come from reputable, well-known companies or sources, such as banks or government agencies. These emails mimic the branding, logos and language of legitimate emails from these organisations and aim to trick readers into clicking a link or opening an attachment that asks them for confidential personal or payment information.
Like malware, phishing attempts are becoming increasingly sophisticated, with SMS, instant messaging and social media platforms now being used.
Why is it important to keep my business safe?
A cyber security incident can be devastating to a small business. While most SMB owners recognise the importance of cyber security, they often lack the time, expertise and budget to implement a strong information security strategy. This means that they’re vulnerable to cyber attacks, which may have significant impacts including:
- Financial loss – from theft of money, financial information (such as bank details or credit card details), other data, or disruption to trading.
- Reputational damage – cyber attacks can erode customers’ trust in your business, leading to a reduction in sales and profits. Reputational damage may also impact your relationships with suppliers, investors and other third parties.
- Legal consequences – data protection and privacy laws require your business to effectively manage the security of all personal and payment data you hold. If this data is compromised because your information security approach is inadequate, you may face fines and regulatory action.
How can I protect my business from cyber attacks?
A strong cyber security strategy includes multiple layers of protection spread across people, policies and processes, and technology.
Your employees can create some of your greatest cyber security risks. Using weak passwords, not locking computer screens when away from their desks, opening suspicious emails and failing to keep applications and software up to date are some of the information security hygiene factors your employees should be aware of. With more people working from home than ever before, you should ensure your staff are thinking about these risks wherever they’re working from.
Your cyber security policies and processes should be current and reviewed as part of your employee onboarding process and regularly ongoing. These documents should capture your key cyber security risk areas and outline what your team should do in the event of a cyber attack.
Lastly, you should ensure your operating systems and applications are up to date across all devices used to access your business software, including personal devices. Turning automatic updates on is a simple way to ensure updates are installed as soon as they become available.
The Australian Business Government website has some helpful tips for protecting your small business from cyber threats, including a cyber security assessment tool that lets you identify your strengths and areas for improvement.
How can I keep payments secure?
Whether you run a brick and mortar business or online store, if you accept card payments, you must comply with the PCI DSS (Payment Card Industry Data Security Standards). All Australian businesses must meet these standards, regardless of size or turnover. Look for a payment platform that makes secure payments as simple as possible, like Square.
How can Square keep my business secure?
Square’s approach to security is designed to protect both you and your customers. We look out for you at every step by:
- encrypting payment information as soon as it’s received
- tracking each sale until it arrives in your bank account
- monitoring every transaction to detect suspicious behaviour
- using advanced algorithms to identify and freeze any malicious activity
Square’s network and servers are housed in a secure facility monitored 24/7 by a dedicated team, and our software and card processing systems are PCI-DSS Level 1 compliant.
If something does go wrong, we manage payment disputes on your behalf and provide real-time reporting via your Square Dashboard. Since 2011, we’ve saved Square Sellers $330 million by managing and winning their disputes for them.
For more information about how Square keeps your business data and payments secure to protect your income, visit the Square Security page.
This article is for informational purposes only and does not constitute professional advice. The information contained herein is subject to change and may vary from time to time in your region. For specific advice applicable to your business, please contact a professional.