Whether your employees are working from home or in the office, your team must be kept cyber safe. In Australia alone, cyber attacks cost businesses $29 billion a year with 1 attack happening every 10 minutes.
Cybercriminals are becoming increasingly sophisticated, even altering email invoices mid-send to redirect funds, holding an individual’s personality for ransom, and posing as COVID-19 safety updates. With 62% of businesses having previously experienced a cybersecurity incident, it poses the question as to why only half of SME businesses spend just $500 on cybersecurity alone.
Well, it’s simple.
Businesses don’t appear to take cybersecurity security seriously. A recent survey conducted by the Australian Cyber Security Centre (ACSC) has found that 9 out of 10 underestimate the impact of cyber-attacks on their business. Unfortunately for us, no matter the size, if your company has money or data it’s a target. Even more so, the eruption of work from home (WFH) leaves even more companies and businesses vulnerable to attacks.
Despite this gloomy situation, all is not lost. Here are our top 8 tips to show how a business can implement appropriate cybersecurity responses to keep your team, clients, and business safe.
Tip 1: Give your employees basic security training with the right resources and tools
Employees are the first and last line of defense against cyber threats. A majority of attacks are caused by poor staff training which leaves them vulnerable. It only takes one click of an unfamiliar link or attachment for a cyber-attack to begin. By providing them with the correct resources and tools, employees can ensure that they protect themselves and your company.
The main rule to follow is to remind employees to never enter personal or company information in response to any pop-up webpage, email, or any form of communication. Another good tip is to provide your team with VPN access. A VPN encrypts all of your user’s internet traffic and adds a layer of security that hides a user’s IP address, encrypts data transfers, and masks the user’s location. The use of a VPN can protect your device regardless of the network settings, meaning an employee can use their home Wi-Fi network or a public network and can still be protected.
Tip 2: Protect your data and install antivirus software
We aren’t willing to hand over our wallet to a stranger and the same rule should be applied with personal information on the internet. Scammers are able to provide fake ID information, legitimate-looking emails, and websites and can take control over your social media accounts to send messages. Therefore, create business policies that require employees to destroy unnecessary data to minimise risk as well as processes for employees to report suspicious emails or ransomware.
By investing in antivirus software, it keeps your team protected as a collective. Even if one computer becomes vulnerable to a cyber-attack, effective antivirus software will protect your database and other employee data. There is a variety of free and paid software available to suit your budget.
Tip 3: Disabling macros
Microsoft Office macros can be used to deliver and execute malicious code on systems. Therefore, it’s important to understand how to disable them to prevent malware delivery and execution. Configure your Microsoft Office macro settings to block macros from the internet and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Tip 4: Restrict admin access and turn on multi-factor authentication
Your admin accounts are the ‘keys to the kingdom’ – they allow unrestricted access to a business’ information and systems. Minimising access makes it more difficult for an attack to spread or hide. Therefore, your business should restrict admin access to operating systems and applications based on user duties. This ensures that staff only have access to the data or networks required for their job. A business should never allow blanket access – this makes it an attractive target. Your team should regularly revalidate the need for certain privileges. Importantly, don’t use privileged accounts for reading email and web browsing.
Strong user authentication makes it harder for criminals to access sensitive information and systems. Therefore, require multi-factor authentication (2FA) for your systems including VPNs and other remote access. If a cybercriminal has a password, they are unable to obtain access to an account as there is a second level of authentication. This should be set up on any device staff use to obtain data and access the server. This includes devices that employees bring from home (BYOD). It is also recommended to periodically update your passwords every six months to practice good password management.
Tip 5: Ensure all systems are patched and up to date
Whatever antivirus software you provide, ensure that it is up to date. When software manufacturers update existing software, they release ‘patches’ that correct previous flaws in the existing version. As antivirus software becomes increasingly more sophisticated, so do cyber-attacks. Therefore, leaving your old system without updating increases the likelihood of more sophisticated and developed attacks on your weakly defended device.
It is not only computers or mobiles that require patching, other devices and technology include modems, smartwatches, routers, PDF readers, Adobe Flash and Java. Make it a habit by turning on automatic updates, scheduling update checks, and using web browsers that receive automatic security updates such as Chrome.
Tip 6: Back it up
In case things go awry, businesses must consistently back up all networks and systems. This should be a common practice in your business; however, you should ensure that this is done at regular intervals. Your backed-up data should be separate from the main server.
In some cyberattack cases, you may need to wipe your entire device or server. If stored correctly, your backups will not be infected, and your business will not be unprepared for the recovering days. It is also recommended to regularly perform tests to ensure that backups are being done correctly and restoration procedures are functional.