It's Stay Safe Online Week (7 - 13 October) and this year, the Australian Cyber Security Centre (ACSC) is continuing the 'Reverse the Threat' theme by empowering Australians to take control of their online identity. They recommend reviewing privacy settings, knowing how to spot phishing scams, creating strong and unique passwords and turning on two-factor authentication.
For most of us, the internet is where we work and connect, when and where we want to. Many business leaders, however underestimate the potential threat of a cyber incident in their organisation, and the harm and loss they can cause. Unfortunately, cybercriminals do not discriminate when identifying their next cyberattack target. More than ever, organisations need to take a multi-tiered approach to their cybersecurity.
Thankfully, there are a number of active methods that businesses can focus on implementing this Stay Smart Online Week, to protect their organisation and their employees from cyberattacks.
Top 5 Tips to Stay Smart Online
1. Cybersecurity training for your team
The vast majority of successful cyberattacks use social engineering to break through your defences. People remain the weakest link in your cybersecurity armour.
Training staff is a great start and should be an ongoing program to ensure your team stay up to date with the latest threats, what to look for and how to manage them. Training is proven to significantly reduce the likelihood of a cyber breach. It demonstrates a high level of diligence on behalf of the organisation and shows that you all care about the data your business is responsible for managing and keeping safe. It also provides your team with the tools to safely use client data and manage the threats that they are being exposed to every day.
Cybersecurity training for all levels of employees is every bit as important as the other means of protection, including software, hardware and security practices in keeping your data safe.
2. Penetration testing
Penetration testing is a formal procedure aimed at identifying cybersecurity vulnerabilities, defects, threats and defective environments. In other words, penetration testing is often seen as a successful but non-damaging attempt to penetrate a specific information system; impersonating activities cyber criminals would engage in to compromise corporate systems.
In general, organisations conduct ‘pen tests’ to aid in strengthening their corporate defence systems which in turn protect business-critical information systems. It is to be noted that while penetration testing can help organisations reinforce their cybersecurity defences, this measure should be performed regularly since malicious entities invent new weak points in constantly emerging systems, programs, and applications.
3. Be aware of Phishing scams
Scam (Phishing) emails are a common way that cybercriminals attempt to steal both personal and company information, and unfortunately, these emails are only becoming more sophisticated. It is important that your team are trained in how to identify Phishing emails and know what to do when they receive one.
Does your team know how to spot a phishing email? As part of the Stay Smart Online campaign, ASCS has released a great resource to test your phishing knowledge.
You can take the Phishing test, here.
4. Password complexity
Password lists sold between black-hat (malicious intent) hackers reveal just how lazy many of us are in setting passwords. Passwords like "Password123" continue to be popular, despite the ease in which they are cracked. Security experts advise all organisations to utilise multi factor authentication (MFA) in login policies.
This requires users to present two valid credentials to gain access to their data. For instance, a code texted to an employee’s smartphone can serve as an added security measure to thwart hackers.
For advice on setting a password that meets up-to-date security standards, review our blog on "Why your password isn't good enough".
5. Policies and Procedures
Cybersecurity policies and procedures are one of the most critical tools to protect organisations. They provide staff with an understanding of how they should handle sensitive and personal information, and they demonstrate a level of diligence, not only internally, but also externally to customers.
Telstra’s most recent report reveals that in 2019 65% of Australian businesses have reported data breaches, a 5% increase from 2018. Today, it's not a question of 'if?' but 'when?'.
These statistics are startling
It is important for organisations to have a robust cybersecurity 'war' plan. Our Cybersecurity and Data Awareness eBook can help business leaders understand what you're going to do when you get breached, how you are going to communicate with staff and customers, and how you're going to get back up and running as quickly as possible. Rolling out regularly updated policies and procedures to your team ensures that your team understand their responsibilities, and can stand united at the battlefront.
We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Managers (BTMs) are specialists in improving your internal cybersecurity. If you need advice, give us a call on 1300 307 907 or contact us via the form below.
Want more information about Cybersecurity?
See some of our recent blogs:
- The greatest cybersecurity threat is your team
- Warning signs you have malware
- Your web browser is betraying you
