Several recent high-profile cyber attacks have put cybersecurity front and centre for businesses in all sectors. Australians are using digital services in record numbers; the COVID-19 pandemic drove a significant uptick in people accessing services, sharing information and making payments online.
With businesses becoming more digitally focused and consumers embracing digital services, cybercriminals have been quick to capitalise on this opportunity. Cyber threats are becoming increasingly common, and cybercriminals are getting more creative.
The Australian Cyber Security Centre (ACSC), a government agency that monitors cyber threats across the globe 24/7, receives reports of a new cyber attack roughly every 10 minutes. And a recent report from the Office of the Australian Information Commissioner (OAIC) found that healthcare providers reported the most data breaches (22% of total breaches), followed by the finance (15%) and education (8%) sectors.
So, what can your organisation do to boost your cybersecurity?
1. Educate your employees about common cyber threats
Some of the most common cyber attacks are:
- Phishing: Phishing emails or SMS appear to come from well-known sources and aim to trick recipients into clicking a link or opening an attachment that asks them for confidential personal or payment information.
- Malware: Malware is malicious software including viruses, spyware, trojans and worms, used to steal confidential information or install programs without your knowledge.
- Ransomware: Ransomware makes your computer or files unusable unless you pay a fee to unlock them. The ACSC advises against paying any ransom that’s demanded after a cyber attack as there’s no guarantee that your device will be unlocked, and paying may make you more vulnerable to future attacks.
2. Implement a company-wide cybersecurity policy
A robust cybersecurity policy ensures all employees understand their responsibilities and know how to deal with a cyber attack. Your cybersecurity policy should detail acceptable use of data, devices, email and internet, and be regularly updated, shared with staff and visibly enforced.
3. Secure your devices and network
- Set software updates to automatic
- Install security software that includes anti-virus, anti-spyware and anti-spam filters
- Set up a firewall to protect your network and all devices (including portable ones)
- Turn on your spam filters
- Set devices to lock when idle
4. Set appropriate access levels
Your employees can create some of your most significant cybersecurity risks. For this reason, you should ensure that each staff member only has access to the systems and programs they need to perform their roles. Sensitive data should always be protected from accidental and malicious access and sharing.
5. Implement a demanding password policy and Multi-factor authentication
Your organisation’s passwords protect access to the devices and networks that hold critical business information. Strong passwords are simple for humans to remember but difficult for machines to crack. A strong password should be at least 14 characters long and include capital letters, lowercase letters, numbers and special characters. Turning on multi-factor authentication is one of the single best security practices available today, it should be enabled wherever possible.
6. Keep your technology and infrastructure up to date
Outdated hardware and infrastructure can cause easily exploited vulnerabilities that software updates can’t solve. Where possible, you should update your devices and network infrastructure every few years to stay up to date with the latest security advances.
Cyber-attacks are a real and serious threat for all businesses. To protect your organisation, you should have a comprehensive cybersecurity strategy with multiple layers of protection spread across people, policies and processes, and technology. Importantly, cybersecurity isn’t a set-and-forget function – your policies and processes should be part of your employee onboarding process and reviewed and updated regularly.
If you’re not sure where to start in assessing your existing cybersecurity approach, The Australian Government business website has a cybersecurity assessment tool that lets you identify your strengths and areas for improvement.