In part one of this series of articles, we explained how cyber attacks on Australian businesses are increasing each year, detailing some of the cyber threats that are out there and the kind of cybersecurity measures that can be implemented to mitigate them. Because it is crucial that all Australian small and medium businesses understand what they can do to protect themselves, their customers, and their suppliers from cyber threats, we have written this article to cover some of the fundamental steps you can take to proactively safeguard your business.
How can I safeguard my business from cybercrime?
Whilst the list below is far from exhaustive, it does cover the most straightforward of security measures you can take to protect the data, resources, and finances of your small business:
- Keep your operating systems and software up to date
- Just as a burglar tries to find the most effective way into your home, cybercriminals look for the easiest and most effective way into your computer and/or network. Software that isn’t updated is much like locking the door to your house but leaving your windows wide open. Software security is perpetually updated in response to new threats so keep your IT / mobile infrastructure up to date to make it as hard as possible for cybercriminals to find a way in.
Cybersecurity Tip – Enable automatic updates on all your devices to make sure you’re always using the most secure up-to-date version. Setting up automatic updates will save you time and worry
- Enable Multi-factor authentication (MFA) for all your accounts
- MFA or 2-factor authentication (2FA) is a security measure that requires two or more proofs of identity to grant access to your accounts. MFA is one of the most effective ways to protect against unauthorised access to your accounts.
Cybersecurity Tip – Enable MFA or 2FA where applicable. Yes, cybercriminals may still be able to steal or guess one proof of identity, but correctly accessing a second, and remotely accessing another of your devices to complete the security protocol is much harder and much less likely to occur
- Use passphrases where MFA is not possible
- Whilst MFA is the most effective way to password-protect your accounts from unauthorised access, it may not always be possible to set it up. In this instance, consider developing a unique, strong passphrase rather than a simple password.
Cybersecurity tip – Develop passphrases using four or more random words as your password. Where possible use a secure password manager (eg: Keychain in MAC OS or Passwords in Google Chrome) to help store your passwords and passphrases
- Backup your key data
- A backup is a digital copy of your information that is saved to an external storage device or to the cloud. Backing up your data regularly is one of the most effective and failsafe approaches you can take to ensure your information is always available to you in the event your data is ever lost, stolen, or damaged as a result of a ransomware attack locking you out of your computer or network.
Cybersecurity Tip – set up an automatic backup system to routinely save your data and ensure you routinely test your access to it so as to ensure it can be restored if required. If you are able, it is also highly advisable to keep at least one backup disconnected from the internet, preferably at an offsite location in case of natural disasters or theft
- Conduct routine employee training
- Machines make things possible, but people make them happen. Your employees are one of the first and last lines of cyber defense and with a regular refresher course in cyber awareness, your staff can be kept up to date on the ever-evolving threats that are present. Think of it like a software update for you and your staff.
Cybersecurity tip – enlist an IT Service Provider to provide regular cyber awareness training. Proactive workplaces will go one better by creating a positive cybersecurity culture that empowers staff to come forward if they suspect something amiss
- Implement an access control protocol
- Access control helps manage who can access what within your business computer systems. Developing a protocol based on the principle of ‘least privilege’ is generally considered the safest approach as it provides users with only the permissions they need to perform their work.
Cybersecurity tip – Develop an access control protocol and inform your staff so that they understand and are able to do their work. If you are unfamiliar with how to implement this within your software, enlist an IT Service Provider to help
- Think personal cybersecurity
- Have you considered your own online footprint? What you do in your personal cyberspace, leaves a trail that can come back to affect your business. For this reason, taking the appropriate measures to protect your privacy and data on your own devices and platforms can be as important for your business as it is to you personally.
Cybersecurity tip – Thankfully, all the steps mentioned here are also directly applicable to you personal mobile and home computer network so acting on these is a first and significant step
- Watch out for scams
- The price of effective cybersecurity is eternal vigilance. To this end, being ever mindful that scams and the artists that push them are perpetually around us, and, having an up-to-date knowledge of what scams are out there and what they look like goes a very long way in minimising the likelihood of you becoming a victim.
- Always make sure you know who you are dealing with or talking to
- If something seems too good to be true, it probably is
- Check if the company is registered through the ABN lookup website
- Read reviews of the business and check for signs that it could be a scam
- Always use a credit card so that you can ask your bank for a chargeback or to cancel your card immediately
What if I become the victim of a cyber attack?
This is likely to be a very stressful and anxious event. The panic that may set in is the very thing cybercriminals feed on in presenting you with a quick-fix option (usually the payment of a ransom) to make the problem go away. If it is at all possible, resist this urge and follow Australian Cyber Security Commission’s (ACSC) recommended steps below:
- Report your cybersecurity incident and cybercrime or call 1300 292 371
- Visit the ACSC Have You Been Hacked page to view additional help options
- Visit ACSC’s Email fraud page if you have been the target of email fraud
- Visit ACSC’s Ransomware Response page if you are the victim of an attack
- If there is an immediate threat to life or risk of harm please call 000
- Contact Your IT Advisory Service immediately to plan out your next steps
With cyberattacks on Australian businesses increasing each year, it’s imperative to make sure you and your I.T systems are as secure as possible to minimise future risks.
To find out more about what you can do to keep your business is cyber safe, download a free copy of the Essential Cybersecurity Toolkit for SMB’s eBook by visiting SG Advisory’s IT Services Page.
SG Advisory IT offers a suite of IT management services and technical supports designed to maximise and maintain your business’s cybersecurity. We work collaboratively with you to understand the needs of your business, match you with the security measures you need to protect your technology, data, resources, and finances, and provide you and your employees with ongoing support and training as required.
Contact SG Advisory IT today and let’s ensure you and your business are protected.