Top tips for protecting your business online Oct 13

Editor's Notes

• #2: Introduce yourselfiPads / laptopsWifiSurvey at end
• #4: Raise your hand if you think protecting your business online is important?Discuss with the group:Ask everyone “Why is protecting your business online important?”
• #5: Why protect your business online?:More and more business are doing business online, whether thatsselling or paying employees/creditors so the risk of a cyber-attack is on the riseYour business has legal obligations which govern how you must manage your customer’s information to ensure privacyAn online security breach (credit card scam, access to people’s private information) could impact your business’s reputation and/or your relationship with your customers as they will lose trust in your businessYou need to protectyour business’s virtual assets the same as you would your tangible assets – that is the data and information being stored on your devices/serversOften in small/home-based businesses computer/devices are share with their family, So it is very important that you make sure you put in place effective security process, and that you and your staff (and your family) are using the internet in a safe and secure way.
• #6: Discuss with the group:“Why is now a good time to doing more business online?”
• #7: We are seeing more and more people turning to the web to shop, study and search for information about products and services.Online education and shopping are among the top five industries predicted to grow by around 10% both in 2012 and 2013, and beyond
• #8: The internet is a game changer, with a number of industries significantly changing or being ‘broken’, for example :Music industry being changed by ‘peer to peer’ file sharing which significantly impacted the number of retail musiceBooks means that we are seeing less and less bookstoresMurdoch can’t dump his newspaper shares quick enough as it’s a dying industryPlaces like Harvey Norman, Myer etc are feeling the impact of online shoppingDeloitte Access Economics (NBN Business Readiness Survey) is predicting that:One third of business are significantly being impacted by the internet now, with nearly 5 out of 10 businesses feeling some impact (32% + 17%) on the short fuseWhere does your business sit on this quadrant?
• #10: At least 85% of the targeted cyber intrusions that the Australian Signals Directorate (ASD, formerly DSD) responds to could be prevented by following the following simple tips for protecting your business online.
• #11: Install security software that includes a: firewall - Hardware or software which monitors information going in and out of your computer. anti-virus - A virus is a computer program designed to 'infect' and corrupt a computer and is able to copy itself. The virus can disrupt programs installed on a computeranti-spyware - Software that is installed on a computing device and takes information from it without the consent or knowledge of the user and gives that information to a third party. Set it to scanregularly.Ensure that it is updated automatically. What are people using? Payvs Free Security SoftwareSecurity Software is not required on mobile devices (smart phones / tablets) or Apple computers
• #12: Develop a backup strategy for your critical data. A good strategy includes daily backups, an additional weekly or monthly backup and offsite storage of at least the weekly back-up media. Test that you can recover with back-up data. Creating a back-up of your data is a sensible and easy way to ensure that in the event of a fire, computer theft or virus infection you can recover all of your business information from your computer or website quickly and easily.The financial cost and time that it takes to create and implement a back up strategy is likely to be only a fraction of what you will spend if you need to recover from a data loss without one.Think of a backup strategy as insurance for your dataMake regular backups of critical data and programs on your computer. Store the backup disks in secure offsite storage. Make sure you avoid needing to recover data by having good security practices in the first place. Install and use security software including a firewall and anti-virus and anti-spyware software. Read more about securing you computer. Use a strong password to secure your back-up. This will make it much more difficult, if not impossible, for someone to view it or misuse it.
• #13: Develop a back-up strategyDevelop a disaster recovery plan. Start by assessing your level of risk and identifying what actions you can take to minimise the risk. Assess what data and programs on your computer need to be backed up and how often. You may either back up all the data and certain programs on your hard drive each time you back up or you may do incremental back-ups. Incremental back-ups only include the files that have changed since the last time therefore saving time and space. Select a back-up device that is large enough to store the files and fast enough so it is not too time-consuming. Examples include CDs, DVDs, memory sticks or an external hard drive. Make a note somewhere obvious, such as in an office diary, reminding you to do the back-up. Test the data that has been backed up successfully and that your process is working properly. Store the back-up copies in a safe location away from your computer systems i.e. away from your home or business premises. Remember putting this information on portable media makes it vulnerable to physical removal so secure it.Would this work for your business?
• #14: If you do not have a dedicated IT Manager, assign someone person in your organisation to have responsibility for network security egpassword, backups, AV updates, and minimise the number of users with administrative privileges.Strong Passwords:Generally, a strong password has the following attributes:• a minimum length of eight (8) characters; and• a mix of upper and lower case letters; and• at least one numeral; and• at least one non-alphanumeric character; and• does not include a dictionary word in any language.The two main ways criminals defeat strong passwords is by:• using malicious software on your computer that monitors your computer to find your password, by looking in the place where passwords are stored, monitoring your key strokes or screen activity; and• tricking people into disclosing their important passwords, or other sensitive information of value to a criminal – this is called phishing.
• #15: Develop clear policies for staff using your computer or network. Ensure that staff understand how they are allowed to use email and the internet. A computer security policy is a document that covers the rules and practices that you want your staff to follow when working with e-mail, browsing the Web, and accessing confidential data stored in your system. A security policy can help your organisation reduce security breaches and data loss by helping employees follow through with safe and secure computing practices.In some cases you may find your customers and/or suppliers demand that you have a security policy in place that they can review - especially if you may be formally linking into their IT systemsA security policy may cover:Acceptable use - how staff use email and the internet. Should certain websites be blocked to staff? Should there be a restriction on the size of email attachments? Handling sensitive data - who and how should sensitive data be handled and stored. Securing and handling equipment - is there a system in place to track who is using equipment in the organisation? Using internet safely - what system is in place to ensure anti-virus, anti-spyware, operating systems, Web browsers and other software are kept up to date? Remote access - what is the system to ensure security is maintained while accessing the work from the road or at home?
• #16: Develop a 'culture of security'. Businesses need to have Internet security measures in place and make sure staff are aware of and follow internet security practices. When creating your security policy, identify and work on securing the IT assets that impact your business the most. Implement a process of reporting breaches. If staff are able to report breaches confidentially they may be more willing to report at all. Set clear policies on what websites employees can and can not access.  Staff need to know what is expected of them when using email and the internet at work. Keep your security policy up to date. Review the security policy yearly to ensure it is still relevant. Stay up to date on cyber security issues. Subscribe to the Stay Smart Online Alert service to keep up to date on the latest security and network vulnerabilities. Develop clear rules for staff so that they understand what they need to be aware of and their responsibilities. You should also have clear policies on personal use and what is, or isn't, allowed. Provide induction training for new employees. It is a good time to introduce staff to your security polices and practices. Keep staff up-to-date
• #17: Use software from reputable sources. Keep your software patches up-to-date,ie a fix for a software program, also known as a software updateIt is possible that flaws within software (called vulnerabilities) can allow hackers to remotely access and take control of your computer.These vulnerabilities exist in the operating system (Windows, Linux, Mac OS etc) and the applications that are installed on your computer (browsers, media players, word processing etc).When software providers become aware of vulnerabilities in their products, they often issue an update to the software to fix the problem. These updates are also known as patches. Similar to the way fabric patches are used to repair holes in clothing, software patches repair holes in software.Most of the software that you have installed on your computer can be updated automatically if the computer is connected to the internet.Update your web browser to the latest version. Web browsers are regularly updated to fix security flaws, so it is important to update your web browser to the latest version.
• #18: Use spam filters to reduce the amount of spam that your business receives.Know how to manage the spam that gets through and ensure your staff know how to recognise scam and hoax emails and to avoid clicking on links or opening attachments from suspicious emails. Email viruses, worms and Trojans are capable of harming your business computer system and with it your ability to conduct your business.Email is one of the easiest and fastest means of business communication. As with any form of communication that is cheap and easy it is open to abuse. Spam-the electronic equivalent of 'junk mail'-now makes up the majority of email traffic. Spam includes electronic mail as well as mobile phone messaging such as SMS and MMS.Because businesses often advertise their email addresses they are likely to receive greater volumes of spam than home users. This not only has an impact on productivity, but spam can also carry viruses, worms and Trojans through malicious code in attachments and commands embedded in seemingly normal messages.If you use email to conduct your business you need to know how to reduce the spam you receive and to securely manage what does reach your inbox. You also need to be aware of your legal obligations to ensure any electronic messages you send to consumers do not breach Spam Act or the Australian E-marketing code of practiceDo not to open email attachments or click on hyperlinks in emails from unknown or questionable sources. It is not enough that the email originated from an address you recognise. Don't ever reply to spam. This is likely to compound the problem by confirming your email address to the spammers. Report spam to the Australian Communications and Media Authority (ACMA) at www.spam.acma.gov.au or phone 1300 855 180. Spam SMS can be reported to 0429 999 888Watch out for spam / viruses via inboxes/direct messages in social media spaces too.
• #19: Being able to access the office while on the road can provide increased productivity and flexibility. However, it is important to ensure your equipment and connection is secure so that your network is not vulnerable or your sensitive business information exposed.Remote access can create a number of security risks for your otherwise secure network. When you open up your network to connections from an external source you increase the risk that this connection can be used by a third party to access your network or that business information can be intercepted. You need to ensure that you secure access so that only legitimate users can access your network and that you encrypt data to prevent theft. Securing remote access requires a degree of technical knowledge. If remote access is an important part of your business, and you transmit sensitive business information, it may be worthwhile to invest in specialist advice from a computer expert.Seek expert advice. Securing your remote access requires a degree of technical knowledge so seek expert advice from a computer professional if needed. Install up-to-date security software (firewall, antivirus and anti-spyware) on remote devices. Ensure that your network is also secure and security software is also up-to-date. Make sure that staff using laptops do not set their computer to log-in automatically. Make sure that they don't store their password on their laptop. Delete staff remote access privileges once they are not needed. For example, don't let someone who has left the company retain access to your network.
• #20: Selling online can be great for your business as it expands your potential customer base to all those connected to the internet. But it also can expose your business to fraudsters, cyber vandals and criminals.Fraudulent purchases can result in lost revenue and reputation and dealing with credit card chargebacks can be time consuming and make it difficult to assess your current financial position. Having an online shop can expose your systems to unauthorised access and theft of customer information such as credit card details. Vandals and criminals can also attempt to disrupt your business through denial of services attacks, typically to extort money.To take full advantage of the digital economy you need to put in place some simple security measures so your business and your customers are protected.Keep a look out for suspect online orders. Taking steps to verify a buyer is genuine when you receive an order will save you the potential hassle of a credit card charge back later, and may prevent fraud. Secure your e-commerce website. Use the latest version of your e-commerce software and make sure your server is secure (see secure your computers and servers). Use strong passwords and change them regularly. Particularly in securing customer financial data. Don't store private customer data and credit card details on a public e-commerce server.  Store these details offline Regularly monitor and test your e-commerce systems. Conduct penetration tests of your systems and audit your security practices to ensure best practice.
• #21: Keep yourself informed about the latest cyber security risks. Subscribe to email notification services that keep you informed about the latest cyber security risks and solutions. See our Alert Service.
• #22: What did you find out about your business?http://www.staysmartonline.gov.au/business/home_based_businesses/questionnaire
• #23: What will you investigate further and why?
• #24: Ask participants to complete the online workshop evaluation