9 security tips for every small business

From CCTV to cyber insurance, here are the risk-mitigation measures every small business should be taking in 2022.

Your business is your livelihood, so it's no surprise you want to keep it safe. But what's the best way to do that?

You probably already know there's no fail-safe solution that will keep you entirely risk-free. But there are plenty of precautions that can lower your overall exposure.

We asked a range of business owners and experts to share their tips and true stories on keeping businesses better protected from scammers, hackers, thieves – and more.

1. Have a plan

Before you get started on creating a physical – or digital – fortress for your business, it's worth taking a step back to figure out exactly what you want to accomplish.

"If you don't know exactly what you want to do, you'll end up with a patchwork set of security," said Glen Bhimani, CEO of BPS Security. "Know exactly what points of your facility you want to reinforce and who you want to keep out."

Bhimani also recommends paying attention to the basics, such as ensuring windows have strong locks and entry points have both locks and alarm systems.

"I'd encourage keeping a siren-based alarm on the building," he told Finder. "Most criminals are aiming to go undetected, and are likely to flee if they enter the building and immediately hear alarms going off."

2. Embrace technology

Technology has changed dramatically over the past few years and business owners can leverage a whole range of affordable tools to bolster their security.

"Today, most electronic devices can be connected to the Internet via Wi-Fi, and security gadgets that once ran independently of one another can now be integrated into a single system through the same Internet source," said Alison Kingdon, customer solutions director for ADT Security.

With technology becoming more integrated and interactive, security systems can be managed and monitored remotely – in real time – via laptops, smartphones and even smart watches.

"Whether you're at work or on holidays, cameras can be set up via app to be triggered by motion and can send a short video clip straight to your smartphone," said Kingdon.

3. Invest in your Internet

While investing in decent security technology is an important step, business owners should also make sure their Internet connection is strong enough to support it to its full potential.

"All security cameras need a strong Internet connection that is reliable and has fast speeds," said Brad Hales of security tech firm Uniden Australia.

"Business owners should review their Internet plan speeds and ensure they have enough bandwidth for streaming capability to ensure there is minimal lag time.

"In addition, an upload speed can heavily influence the speed in which it can transfer data from a security system to a smartphone or computer."

If you haven't switched to business nbn yet, it might be worth looking into. The network relies on optical fibre and other technologies to deliver wholesale high-capacity Internet to homes and businesses.

There are also packages designed specifically for businesses including dedicated fibre, priority customer support and business-grade upload and download speeds. Ask your internet provider about business nbn.

4. Train your team

No matter what measures you have in place, one poorly trained or disengaged employee can undermine everything.

"It's important to train your team on the importance of digital security and the impact that breaches can have on them as an individual as well as the wider business," said Gary Warner, a manager with Joloda Hydraroll.

"This training is initially done during onboarding, and then refreshed and reviewed on an annual basis as a minimum. Where significant changes are made then reviews will be done sooner."

5. Use password managers

Weak or compromised passwords are one of the most common sources of a security breach within organisations. Password managers are an affordable tool that can reduce the risk.

In fact, Freya Ward, global business director at technology specialist Headley Media, recommends business owners make password managers compulsory within their organisation.

"Most will flag up if passwords are being used more than once across different systems, encouraging people to use unique passwords," she told Finder.

"They also allow you to share passwords securely with just those who need them, revoking access when it is no longer required or an employee leaves the organisation."

6. Establish secure file sharing

In a similar vein, Ward recommends businesses invest in a centralised system that allows employees to securely access, edit and share files.

"There are plenty of affordable options available, and it is worth choosing one that can allow different levels of access at an individual level, ensuring that only those who need to can see sensitive data," she said.

For example, a document created in Google Docs or Sheets can be customised to allow access or edit rights to certain individuals, teams or employees within an organisation. It can also be customised to allow public access, if the need arises.

7. Use double-approvals

No business owner wants to believe their staff will steal from them, but sadly, it happens. Implementing a double-approval process in certain areas can prevent this.

Frank Farrelly is the owner of Darlinghurst Dental where new payee details – whether that's a new supplier, supplier change or payment update – must always be approved by 2 people.

"We are lucky that we have never had a security breach; however, I am aware of a number of other dentists and practices that have been victims of theft by staff," he told Finder.

"Criminal staff create fake invoices and make recurring payments to themselves, but list it in accounting software as valid. Or for prospective invoicing by outside parties, they send an invoice which seems valid and gets approved for payment."

However, when a payment can't be made without 2 people, potential criminals are deterred and suspicious charges are far more likely to be picked up.

8. Back up everything

A common cyber threat comes from ransomware groups that encrypt an organisation's data, making it impossible to operate. The hackers then demand a ransom in exchange for a decryption key that lets the business regain access to their data.

However, regular backups can negate this risk. In fact, the Australian Cyber Security Centre recommends organisations back up their critical data at least daily to ensure operations can be restarted quickly in the wake of a ransomware attack.

"The more often you make copies, the less data you lose when recovering," said Dale Heath, engineering manager at Rubrik A/NZ. "Having safe, secure copies of your information ruins the entire ransomware business model because it allows a business to restart its operations from a 'save point' prior to the infection."

9. Create a response plan

Even with the best security systems in place, breaches can still happen. Don't let yourself be lulled into a false sense of security – make sure you have a response plan in place.

"It must be clear beforehand who will make decisions in an emergency so that the defence can be coordinated quickly," said Rick Vanover, senior director of product strategy at tech firm Veeam.

"A list of emergency contacts facilitates communication. This should include the names of those responsible for security, incident response and identity management. The contacts must be available on several channels, because in an emergency, for example, communication via company servers will not work."

Discover more about business nbn® today