Businesses without good “digital hygiene” – systems and protocols that ensure cyber security – leave themselves exposed to disrupted operations, stolen data, and huge costs to their bottom line and their reputation.
Here are the smart tactics Australian business can employ to protect itself.
Having a response plan ready in case of a cyber-attack.
Failing to plan is planning to fail – and the first step to making any business resilient to cybercrime is to develop a response plan. Businesses need to assess risk and identify the actions they would take in response to a security breach, and how they will communicate with customers.
Making a response plan need not be expensive or difficult. It’s as simple as a process for immediate first steps that everyone in the business understands.
As you make this plan, it is important to understand the various regulations.
For example, Australia has notifiable data breach legislation for when a data breach is likely to result in serious harm to an individual whose personal information is involved. Reading this legislation will help you understand your obligations for reporting both to regulators, law enforcement and customers.
Digital Hygiene – Training your staff and keeping them constantly aware of cyber-security
A chain is only as strong as its weakest link. Human error – or simply misjudgment – is often this weak link in cyber security.
Nexon recommends to all clients that their staff undertake regular and ongoing cyber-attack awareness training every month. Ideally, this training should not be consolidated into a single day. Instead, it should be integrated into daily systems, reminders and processes and it should be as practical and as immediately applicable as possible.
A very useful thing every business can do is send its staff sample ‘phishing’ emails. These emails will raise awareness of the ways in which people can be approached online – and the warning signs for which they need to be on the lookout.
Protecting ALL devices
The fact that many more employees are now (post-pandemic in particular) working from home is an additional cause for concern in terms of cyber security.
We know that now data can be accessed from anywhere at any time via the cloud – and businesses operate more efficiently as a result. But what businesses often fail to perceive is the need to fully secure the PCs, laptops and mobile devices staff use to access this data. The corporate network used to be protected as an entity with known borders – but not anymore.
Securing devices can be as simple as making sure multi-factor authentication is enabled for users outside of the corporate network and ensuring all devices are equipped with anti-virus software, encryption, and a VPN.
Make sure you trust your IT provider
This is an easy one – but often overlooked. Many, if not most, businesses depend on their IT service provider for everything from setting up emails and maintaining their website to network security and troubleshooting. But the cyber security landscape is evolving so fast, a business needs to make sure its IT provider is up to date with regulatory changes.
You should ask your IT provider about the options available to you to protect data, and quiz them about the scope of their security experience.
You should also understand the regular suite of tools on offer (backups, endpoint protection, cloud security, network security and detection and response).
Invest in Cyber Insurance Coverage
Hacks do happen – and more often than you might think. When they do, cyber insurance can save the day. Cyber insurance can provide even smaller businesses with free access to otherwise expensive industry professionals and a roadmap to full recovery.
The key is that cyber insurance is suitable and adequate for the business it serves. Business owners need to take responsibility for quantifying the risks they face to determine if their cover is sufficient.
Nexon recommends businesses take legal advice or the advice of a cyber security specialist to help assess the amount of coverage required.
Be Vigilant, Not Vulnerable
Attitude counts for a lot in terms of cyber security. Businesses of all sizes need to remain vigilant rather than complacent or having their ‘head in the sand’. Cybercrime harms both business operation and reputation if data is lost.
Thoroughly identifying the risks, you face is the first step – and putting in place a plan to react to security breaches is the second. You need to maintain visibility and control of both your operational environment and your data – and you need to invest in the tools that can bring you peace of mind.
Here at Nexon, we are well positioned to help businesses of all sizes understand how to protect themselves. You can read more about how we manage cyber security today here.