It was a concerning moment when Prime Minister Scott Morrison revealed that Australian governments and businesses were ‘under cyber attack’ on 19 June. What the Prime Minister dubbed ‘a wake-up call for businesses’ is certainly a timely reminder. It’s easy to neglect cyber security when caught up in the day-to-day of running a business.
But if someone else got their hands on your domain or IP, just imagine the complications and financial burden of a cure-led mentality. From the loss of sensitive information to interruptions and disabled services, to the loss of your domain…the list goes on and on.
Not only do you have to deal with the technical ramifications if a breach occurs, but you also have a legal obligation to disclose to your valued customers. What would you tell them? When a significant cyber attack does occur on small businesses, as many as 60% go out of business within 6 months of that breach. Need any more reason to establish a cyber security strategy?
When the COVID-19 pandemic struck, so too did the hackers and cyber criminals that knew they had more exposed businesses to prey on. In the rapid transition to remote working, many of us are now accessing servers and databases from new places and devices. This has greatly increased the number of ‘endpoints’ from which our businesses can be penetrated.
The Australian Cyber Security Centre confirmed that attackers have been using remote code execution, a common cyber attack where the perpetrator inserts software codes into a system like a database or server. The attackers do this in an attempt to steal information, which can also lead to the disabling or damage of these systems and sensitive company data.
The pre-COVID world was just as problematic too. As many as 78% of small businesses were targeted by cyber criminals in 2019. You may think that the smaller the business, the lower the risk of a cyber attack. But the opposite is true. That’s because small businesses often don’t have the same defences as larger companies, and it’s easy to leave cyber security as an afterthought.
So, yes, we’re being attacked…but it’s nothing new. The truth is, if you’ve left your business vulnerable to cyber attacks you should probably count your lucky stars that you’ve escaped unscathed so far…or have you?
Despite this, it’s not all doom and gloom. There are a number of ways your business can fortify the protection of your most valuable assets. Here are some tools and tips you may consider as part of your new (or improved) cyber security strategy.
1. Two-factor authentication
For significantly more powerful security, many software packages that house your data and require login credentials are offering multi or two-factor authentication. The added layers of two-factor authentication make it more difficult for criminals to attack your business.
Software packages and applications that use two-factor authentication make use of a physical token, random pin, fingerprint, authenticator app, email or SMS to verify that the person accessing the system is supposed to be there. All businesses should take advantage of two-factor authentication where possible. So even if your credentials are compromised, two-factor authentication should protect you.
For more on multi and two-factor authentication, read here.
While we’re on the topic of credentials, password managers such as LastPass or 1Password enable you to securely store all your logins and passwords in one place.
It can be tricky to keep track of passwords across your business, especially when multiple employees require them and if they’re updated regularly. But keeping track of your passwords in an Excel file or sharing them with teammates over text messages will leave your business vulnerable. Instead, password managers mean you’ll only ever need to remember one password. The rest are stored safely and conveniently behind a strong encryption algorithm.
2. Update your software (all the time!)
Frequently updating your operating system and applications is one of the best and easiest ways to protect your business against hackers.
If like many you’ve slipped into the habit of snoozing those update reminders, it’s time to make a change. When software receives an update, it’s often more than just a slick new look or added feature. Software updates often include urgent software fixes or patches that address security vulnerabilities.
What should you do? If your software providers offer automatic updates, consider switching them on. In addition to your operating system, you may also be able to enable applications to automatically update. There's also a big case for updating your website and website plugins. For example, WordPress (which so many small businesses are built on) should be updated frequently to best protect your website.
Enhanced features and effectiveness of your apps and programs, and better online security. Win-win!
You can read up about automatic updates for iMac, Macbook, iPhone and iPad here and Microsoft Windows 10 here.
3. Automatic backups
Like automatic updates, automatic backups are another effective way to protect your business that is relatively ‘set and forget’. Automatic backups can be set up on a hard disk or to the Cloud.
If your IP is lost, stolen or damaged, automatic backups mean it’ll be easier to get back up and running. Peace of mind is a wonderful thing.
If you’re not sure which type of backup is best for your business, read more about backup for your business here.
4. Upskill your team
Believe it or not, the Achilles heel of your cyber security strategy is more often than not your own people. As much as 90% of breaches are due to human error. So the questions become: do your staff know how to identify an attack? And do your staff know what actions to take if they are infected with ransomware? Across many organisations, the answer is frequently ‘no’.
Education is key. Whether it’s due to negligence or a lack of awareness, you need to ensure you have cyber awareness training and/or simulations as part of your security strategy. New staff should be made aware of practices and protocols at your organisation, and you should never assume an individual knows how to detect scams. Ongoing or refresher training is also highly recommended, as attackers are always altering their strategies.
If you’re interested in exploring cyber awareness training, check out Cyber Aware or Cythera.
Don’t leave cyber security until it’s too late. A cyber security strategy could not only save you a substantial amount of money in the long run, but it could prevent a great deal of pain and suffering and save your business altogether.
For a better understanding of how to get started on your cyber security strategy and to get better protections in-place, speak with a member of the BlueRock Digital team.