October marks Cyber Security Awareness Month, an initiative by the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC), dedicated to reminding and equipping everyone with crucial cyber security knowledge. The theme for this year is "Be Cyber Wise, Don't Compromise."
Cyber Security Awareness Month - "Be Cyber Wise, Don't Compromise"
To mark this important month, we share the 5 tips offered by the ASD's ACSC, designed to help small businesses improve their security. In addition, we have provided 1 more vital tip, with all 5 being simple to enforce as great base points to ensure you are covered.
1. Update Your Devices Regularly
"Turn on automatic updates for your devices and software. This ensures you have the latest security in place."
Outdated software is a common vulnerability that cybercriminals exploit. Ensure that all operating systems, applications, and security software are kept up to date across all types of devices with access to your organisations data and infrastructure.
Patch management (or 'patching') is a term used which describes the process of distributing updates to software, which corrects vulnerabilities and improves user experience, performance and security. Patches are written by software vendors to repair bugs and improve stability.
In conjunction with a strong Cyber Security strategy, patching is a crucial tool to keep your systems secure. Without updates, your system will quickly become vulnerable to security threats.
Automating your patch management (or engaging a trusted third party to manage your IT function) will not only reduce the number of hours involved in manual updates, but ensure that all software, regardless of whether it is located in your office or remotely, remains updated and secure.
The ASD's ACSC advises "If your device cannot update – for example, if it is too old – you may need to upgrade to a new device. This means it will not receive security updates, software updates or technical support. This is called “end of support” and is the expiry date of the software. If you find this happening to your device and you can't update, it’s time for a new device".
2. Turn on Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is an effective way to provide another layer of security to your networks. Traditional usernames and passwords can be stolen and have become increasingly more vulnerable to cyberattacks.
MFA requires users to provide multiple forms of verification before granting access, to ensure that the user logging in is who they state they are, protecting your credentials if they are compromised. This can include something you know (like a password), something you have (such as a mobile device), and even something you possess (like a fingerprint).
Enabling MFA across your business accounts significantly reduces the risk of unauthorised access and reduces the potential of data breaches.
For more information, read our blog on Enabling 5 Reasons to Implement MFA today.
3. Back Up Your Important Files
Data loss can be catastrophic for any business, causing lost time, lost revenue and a decrease in brand reputation with your customers.
Regularly backing up your critical data to secure offsite locations is vital and should be a scheduled on going occurrence. Cloud-based backup solutions are cost-effective and offer scalability as your business grows. In the case of a cyberattack or data breach, having backup copies ensures business continuity.
"It’s important that you regularly try to restore your backups to check that they are working properly. Testing whether you can restore your data will give you peace of mind that, if you lose any data, your backup will work".
Regularly testing backup options will help organisations to confirm the integrity and accessibility when needed. These steps and process can be coordinated into a Disaster Recovery Plan, a Business Continuity Plans and be used to create employee policies and procedures for upskilling and ongoing management when these potential situations occur.
4. Use passphrases and password managers
"Passphrases are passwords that use 4 or more random words. Don’t compromise your accounts by re-using passwords or passphrases. Consider using a password manager to help generate or store secure and unique passphrases".
Even though 90% of Australians know that using the same password on multiple accounts is a security risk, 69% continue to use the same password anyway. While 36% report no difference between work and personal passwords.
In previous blogs, we have discussed the fundamentals of how to create a secure password. Let's touch on them again:
1. The longer the better: At a minimum, you should have 8 characters in your password or passphrase, however, we recommend 12 or more.
2. Complexity: Adding numbers and characters greatly increases the strength of a password, as does a combination of lower and upper case letters.
3. Avoid repetition: Try to avoid creating a complex password, then incrementing it by one character each time you’re asked to change it. And remember - it is essential not to use the same password across multiple devices and systems. This is where the use of a password manager program can come in handy.
4. Avoid obvious words/phrases: It concerns us that we still have to say it, but don't create passwords using obvious phrases like “Password1", "QWERTY", "asdfjkl", "abc123". Dictionary brute force cyber attacks start with these obvious phrases.
5. Don’t write it down: Don’t record your password anywhere, especially not on a post-it note on your desk!
5. Upskilling & Testing Staff
With 65% of attacks to an organisation being a result of staff not being able to identify a cyber threat and not knowing how to manage them appropriately, it is important that they understand the part they play in protecting your organisation and clients’ data.
As the first line of defence against cyber threats, we recommend investing in Cyber Security Upskilling and Awareness programs for your staff.
It is important to ensure they can recognise phishing attempts, understand safe browsing habits, and are aware of security best practices in your industry and within your organisation.
Conduct regular simulated phishing exercises and Cyber Security drills to evaluate their readiness and improve their response to potential threats.
Understanding Your Business Baseline
To determine the necessary next steps for your business, it's essential to assess your current Cyber Security status.
We invite you to take advantage of our Online Cyber Security Assessment, which comes at no cost. This quick evaluation provides a snapshot of your organisation's Cyber Health.
Simply follow the link above and dedicate less than 5 minutes to answer a few questions. Our team will then review your responses and provide you with a comprehensive report outlining recommendations to enhance your business's Cyber Security posture.
Armed with this information, you can pinpoint strategies to elevate your business, fortify its security stance, and identify cost-effective, pertinent measures to safeguard your digital assets in an ever-evolving threat landscape.
Remember, Cyber Security is an ongoing endeavour, and maintaining vigilance is paramount to shielding your business and its valuable assets.
Cyber Awareness Month Webinar - "Cyber Resilience Strategies to Secure your Organisation"
In the dynamic landscape of the modern hybrid workplace and the evolving pressures by the ASIC on company directors, building robust cyber resilience is non-negotiable and requires a comprehensive, organisation wide approach.
Watch our webinar now, as critical aspects of Cyber Accountability, Compliance and Security Strategies tailored for Business Leaders are discussed.