Is your small business at risk from a cyber-attack?

7 min read
Emma Wardill

From multinational hacking events to the “hi mum” text scam, new cyber security threats seem to be emerging at an alarming rate.

Small businesses can be particularly vulnerable to online security risks and the impacts can be devastating.

Not only can a cyber threat cost your business money and time, it can also risk exposing your customers too, particularly if you collect and store their personal data.

However, you don’t need to be an IT security expert to take steps to protect yourself and your business from bad actors online.

In light of recent hacking incidents, it’s a good time to lift the bonnet on your business and see if there’s any security tweaks you can make to help keep you and your customers safe.

How do I know if my business is at risk?

Last financial year one cyber-attack was reported in Australia every eight minutes according to the Australian Government’s cyber security watchdog.

So, it’s safe to assume that a threat exists for all businesses, particularly businesses:

  • With eCommerce sites that handle customer credit card details and logins
  • That store any kind of personally identifiable customer data

Business email compromise is also a significant threat, accounting for almost 7% of the cybercrime reports officially made in 2020-21 in Australia.

Self-reported losses from cybercrime in 2020-2021 were on average $8,899 for small businesses.

Person looking at a laptop showing a padlocked door

With the rate of cybercrime growing and the significant financial risk attached, it makes sense to take steps to protect yourself even if you don’t think it can happen to you.

A GoDaddy survey last year found 74% of Australian entrepreneurs believe cyber security was “very important” for their business while more than three quarters of Aussie GoDaddy customers believed that small businesses are under threat from cybercrime.

What are the risks?

Understanding where the potential cyber threats come from is the first step in knowing how to protect yourself.

There are a number of ways malicious actors can execute a cyber-attack.

Here are the most common.

Malware (Malicious Software) – unauthorised software like a virus that can give criminals access to your systems to steal important information like credit card details and passwords.

Malware can sneak in and allow a criminal to take control of your computer or to spy on it, often without you even knowing about it.

Scam messages (phishing) – these are emails, social media messages, texts or calls designed to trick you or your employee into handing over money or data. Recent examples have included the “Hi mum” scam, where criminals targeted parents by pretending to be their children asking for money or bank details.

Other phishing scams include criminals pretending to be from a bank or institution and requesting personal or account details.

Ransomware – a form of malicious software that locks your computer or prevents access to files until you pay a ransom fee. Earlier this year, Costa Rica declared a national emergency after a ransomware attack breached the government.

So, what can I do to protect my business?

With multinationals and even governments coming under threat from hackers, the task of protecting your small business systems might seem daunting.

There are some basic tips you can take today to make yourself and your small business safer online.

1. Keep your software up to date

Ensuring you perform scheduled software updates for programs, apps and operating systems right away can reduce the risk of a cybercriminal exploiting weaknesses to launch a hack attack.

Turning on automatic updates is the easiest way to ensure you don’t forget.

2. Change your password every three months

Regularly changing your password — and making sure your employees do it, too — is one way to ensure you can thwart cyber criminals who, for example, may have accessed your password in a data leak.

Here are some tips on how to create a strong password and remember it. For those with too many passwords to remember, use one of the password managers on this list.

3. Use multi-factor authentication (MFA)

MFA usually means using a combination of a password or pin plus an authenticator app or token or biometric information like a face scan.

Having multiple layers of security protecting your information and assets makes it much harder for cyber criminals to penetrate your accounts.

Read more here about multi-factor authentication for small business.

4. Schedule automatic backups

Making a digital copy of your website and databases is important in the event your data is lost or stolen. Having a backup of your business’s key data stored on an external hard drive or in the cloud can help your business to recover quicker in the event of a cyber-attack.

Editor’s note: Website Security is a one-stop website safety net that includes automatic daily backups, an SSL, malware scanning, as well as a firewall that turns away suspicious traffic before it even gets into your site.

GoDaddy Website Security Dashboard
Website Security from GoDaddy can help keep your website safe.

5. Get an SSL certificate

An SSL certificate is a form of digital certification that creates an encrypted link between your customer’s web browser and your web server.

SSLs create a digital safe space where sensitive information like passwords, banking details and usernames can be safely shared.

It’s a great first step in protecting your e-commerce website and giving customers confidence to shop with you. They even offer SEO benefits for your website to help it get found in search. Conversely, not having an SSL could get your website labeled “Not Secure” in Google results.

Find out more about SSL certificates and how to get one here.

6. Manage your access control

Making sure you carefully curate who can access your business data is another good step to improve your cyber safety. Access control can limit access to items like files and folders, databases and mailboxes so only those employees that require access can get in.

Business critical systems should be locked down to only those trusted few who absolutely need access.

This includes your customer relationship management system, as this is a goldmine for hackers.

7. Get a firewall

A firewall checks all data requests from your server and reviews them before allowing them into your site.

Installing a firewall is particularly important if you have employees working remotely.

The firewall included with GoDaddy’s website security tool acts as a security door protecting your business website.

Read more about how to keep hackers away from your business systems and IT intranet with a network firewall.

8. Scan your website for attacks

Installing a security system that scans your website for malware can help find any malicious software before it causes damage. A malware scanner that checks your website regularly will ensure you are alerted if malware is found.

Find out more about how GoDaddy’s site security tool scans and removes malware here.

9. Secure your email accounts

Email accounts are a rich bounty of information for cyber criminals as they contain so much of our information — from contact numbers to travel plans and events.

Using a spam filter and checking your email account security are a great first step.

The Australian Cyber Security Centre has a step-by-step guide for checking your email account security for Outlook and Gmail.

10. Talk to your employees about cyber safety

Ensure your employees know how to:

  • Take steps to protect themselves from potential threatsWoman talking to two people
  • Identify a dodgy email, invoice or social DM

There are plenty of online resources available to help you educate yourself and your staff.

Check out Scamwatch from the Australian Competition and Consumer Commission and the Australian Cyber Security Centre, which both have dedicated resources for small businesses.

Looking for more support for your small business? Head over to our #GoForward hub for new GoDaddy offers, free educational resources and more.

The information contained in this blog post is provided for informational purposes only and should not be construed as an endorsement or advice from GoDaddy on any subject matter.