Cyber Security made headlines in Australia for all the wrong reasons in 2022 due to high-profile data breaches affecting millions of Australians.
At the same time, cybercrime globally is now a trillion-dollar annual industry where hackers continue to exploit weaknesses in critical infrastructure networks from healthcare to telecommunications, affecting organisations large and small, including governments.
Additionally, the move away from centralised offices and networks to increasingly remote and mobile workforces has thrown up a raft of new challenges for security professionals from the C-suite down.
Small business is also under attack. In fact, some 43 per cent of total cyberattacks in Australia were targeted at small and medium-sized businesses in 2022, according to a Global Risk Survey by PricewaterhouseCoopers, so any small business owner that underestimates the risk of cybercrime does so at their own peril. The same report found that a cybercrime targeting a business occurs once every seven minutes in Australia, there was a 13 per cent increase in cybercrimes reported last year, and only 5 per cent of business’ data folders are properly protected.
There was also a dramatic rise in the cost per cybercrime report to over $39,000 for small business, $88,000 for medium business, and over $62,000 for large business in the 2022 financial year, representing an average increase of 14 per cent over the previous year, according to the Australian Cyber Security Centre’s annual report.
The challenges of Cyber Security remain vast in an ever-changing technology environment where more and more devices are inter-connected. Here are a few basic practices businesses of any size can adopt if they haven’t already to mitigate cyber threats.
Create a risk management plan
At the top of your list should be a management plan where your IT people, possibly in conjunction with Cyber Security experts, can identify the risks to your infrastructure and what to do in the advent of an attack where critical data is threatened. This should also involve the use of a virtual private network (VPN) as opposed to public Wi-Fi as an extra layer of data protection.
Train your staff
Cyber criminals are always looking for the weakest link in a security chain so educating your employees in best practices will go a long way towards securing your data across internal and external networks. Top of this list should be password education, where longer passwords comprising letters, numbers and symbols are much harder to crack, while multi-factor authentication where the user is required to provide two sources of proof of ID before logging into a network is also effective.
Update and encrypt your software regularly
Software is a notorious entry point for cybercriminals seeking the easiest way to break into networks and devices. Keeping your software up-to-date greatly restricts access points, and this usually only entails downloading updates and new versions as soon as they are released. You should also discard any software that is no longer supported by the developer as it is especially vulnerable to attacks such as malware.
For software to be genuinely secure, however, it needs to be encrypted when sending sensitive and/or confidential information. Encryption scrambles plain text to deter would-be hackers and is only accessible when sent to the intended recipient who can then access it via a key that allows the data to be unscrambled back into simple plain text.
Back up data
Losing vital data can be disastrous so it’s vital to have an effective back-up strategy in place. This shouldn’t be complicated and usually entails backing up data either offsite in the cloud through a reputable cloud storage provider, or on external hard drives, and it may be worth considering a combination of the two for total peace of mind. A regular back-up routine should not be time consuming and most back-up procedures are now fully automated.
To discuss your digital skills requirements or to explore opportunities for digital skilled consultants within FinXL, call your local FinXL office today.