No business, regardless of what industry it operates in, is exempt from falling victim to a cyber attack.
With cyber security issues growing at an alarming rate in Australia, it is critical for business leaders to invest in holistic cyber practices to protect their systems and data.
Research by global cyber security giant, Imperva, shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022.
If this figure doesn't ring alarm bells, we hope the next five statistics prompt you to take action to improve the cyber security of your business:
- One in four Australians has fallen victim to identity fraud. (ScamWatch)
- 43% of cyber attacks target small to medium businesses. (ScamWatch)
- 94% of all malware is delivered by email. (CSO Online)
- A ransomware attack on an Australian business occurs every 11 seconds. (Tech Business News)
- The top industries affected by data breaches between July - December 2021 were Health Service providers, Finance, Professional Services, Personal Services and Education. (OAIC)
Thankfully, there are some simple steps your business can quickly implement to drastically improve your security and prepare for cyber attack.
1. Follow Best Practice Strategies - Start with the Essential Eight
The Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate (ASD) have developed several initiatives to help organisations improve their cyber security. The most effective of these initiatives is known as the Essential Eight.
Providing detailed information about baseline security measures and focusing on Microsoft and Internet-based applications, the Essential Eight makes it much harder for cybercriminals to compromise systems.
If you are unsure about how to ensure your cyber security strategy is fit-for-purpose, the ACSC's website is a great place to start.
The Essential Eight mitigation strategies
The list of the Essential Eight mitigation strategies include:
- Application control
- Patch applications
- Configure Microsoft Office macro settings
- User application hardening
- Restrict administrative privileges
- Patch operating systems
- Multi-factor authentication
- Daily backups
Coupled with the strategies provided by the Essential Eight, we recommend that all businesses speak with their technology provider about the following modern protection solutions to improve their cyber security:
- Endpoint Detection and Response
- Next-gen firewall (FortiGate)
- Routine Patching
- Multi-Factor Authentication
- Employee Education and Training Programs
2. Implement Multi-Factor Authentication (MFA)
MFA is a simple and effective way to provide another layer of security to your networks. Traditional usernames and passwords can be stolen, and have become increasingly more vulnerable to cyberattacks. MFA is the use of more than just one form of authentication when using your username and password to log into a system. This ensures that the user logging in is who they state they are, and protects your account if your credentials are compromised.
Multi-factor authentication can use a combination of:
- something the user knows (a passphrase, PIN or an answer to a secret question)
- something the user physically possesses (such as a smartcard, physical token or security key)
- something the user inherently possesses (such as a fingerprint or retina pattern).
3. Ensure your employees complete frequent Cyber Security Training
Cyber security threats, in particular, phishing and ransomware attempts, are targeting Australian organisations and their employees.
With human error attributing to 41% of reported data breaches from July - December 2021, it is important that your employees understand the part they play in protecting your organisation and clients’ data. Cyber Security Awareness Training is one of the most simple and effective ways to improve the cyber security posture of an organisation.
The purpose of Cyber Security Awareness Training is to educate staff about cyber threats and attacks they may be subjected to each day. Training for all levels of users on Cyber Security Awareness raises people’s vigilance on what to look for to spot a cyber security threat, such as a phishing attempt, as well as having the skills to safely take the appropriate action required if they do receive a malicious attempt.
4. Regularly Backup Your Business Data
Backing up your business data regularly is a simple yet important step that you can take to ensure your business is prepared for any threat (such as ransomware or business email compromise) that may strike your organisation.
A backup will allow you to restore your business' database, customer files, emails and sensitive information so that you can continue to operate with minimal disruption, with reliable backup programs taking regular copies of your data, and storing them in multiple secure locations.
In addition to backup solutions, it's important to also note that modern threat detection and response software, such as Managed Endpoint Detection and Response, offers an additional layer of backup recovery, with the ability to roll back any devices that have been infected by malware to their pre-infected state.
Learn more and find the full list of
ACSC Cyber Security Awareness month
resources here.
How can Diamond IT help improve your cyber security?
Diamond IT will work with you to ensure your staff are aware of the types of ever-evolving cyber threats, and equip them with tools and a high level of cyber and data awareness and comprehension.
Our online Cyber Security Staff Awareness Training and Cyber Security Health Check can have an immediate impact on the strength of your security.
Our Business Technology Consultants are specialists in improving your internal cyber security. We offer a range of security solutions to ensure your employees and business remains secure, including:
- Multi-Factor Authentication
- Diamond Management Systems and Patching
- Cyber Security Awareness Training
- Cyber and Data Breach Consulting and Forensic Analysis
- Disaster Recovery (DR) Planning
If you need advice on how you can ensure your cyber security strategy is fit for purpose, our team of cyber security experts are ready to help. Contact our team on 1300 307 907 today.