Small Businesses must Recognise that Security by Obscurity is a Myth

“Cybersecurity is not reserved for big corporations alone. Small businesses must recognise that security by obscurity is a myth in an era of automated cyberattacks. Implementing even small changes in cybersecurity practices can make all the difference. By adopting robust measures such as multi-factor authentication and keeping encryption keys separate from the data they protect, small businesses can fortify their defences and thwart potential cyber threats. Small businesses need to secure business and customer data and can also have access to enterprise-grade security no matter their size.”

1. Make it harder for hackers with Multi-Factor Authentication (MFA): MFA should be in place for all your business accounts and systems. MFA means you need to provide more than just a password to log in. This makes it much harder for hackers to break into your accounts, even if they guess your password. MFA adds an extra layer of protection and bolsters your overall security.
2. Keep Your Encryption Keys Separate: Encryption is a way to make your important data unreadable to those without the necessary decryption key. It’s important to keep that key separate from the encrypted data – otherwise it’s like having a safe with the combination written on the front. If the key gets into the wrong hands, they can unlock the data without permission. It is important to keep your encrypted data and encryption keys in separate locations allowing you to keep control of your own keys and by extension your sensitive data.
3. Bring in external security expertise: If you lack the skills or resources internally to effectively manage cybersecurity, consider outsourcing these tasks to a trusted provider. Many cybersecurity tools are available on the cloud as subscription-based services. Outsourcing can provide access to specialised expertise, advanced security tools, and round-the-clock monitoring, relieving your business from the burden of maintaining a dedicated cybersecurity team.
4. Educate your staff on potential threats: Humans are often one of the weakest links in your security defences. Ensure that your team is aware of potential threats, knows how to use and monitor the security software you have in place, and reports anything suspicious as soon as they become aware of it
5. Don’t forget the basics: Maintaining good cyber hygiene is essential to protect against potential threats. Regularly backing up your data and applying software patches are two crucial practices to prioritise. Backing up your data ensures that you have a copy in case of data loss or ransomware attacks, while patching helps to address vulnerabilities and protect against known security issues.”

By: Erick Reyes, Strategic Clients Director, Data Security at Thales Australia