Over the 2020–21 financial year, over 67,500 cybercrime incidents were reported to the Australia Centre for Cyber Security (ACSC). This is an increase of nearly 13% from the previous financial year, and equates to one cyber attack every 8 minutes compared to one every 10 minutes last financial year. Cyber-attacks are an extremely lucrative form of criminal activity, which is fueling a dramatic increase in the number of attacks on Australian businesses of all sizes.
Prevention is the best form of defence. Below we cover 10 risk management tips to protect your business and limit the collateral damage of a cyber-attack.
1. Assess the risk environment
When formulating your cyber security strategy, it’s essential to start with an IT risk assessment. Assessing the risk involves collating a list of all potential threats that could impact your business e.g. malware, scams, human error. You will also need to evaluate how well your IT networks withstand real-world threats with a penetration test.
2. Network security
There are several basic security steps to help reduce the risk of your IT network being compromised, and business operations disrupted.
Software updates
Make sure your operating systems and security software update automatically. This will help ensure important security upgrades for recent viruses and attacks are protecting your systems. Updates often fix major security failings.
Security Software
Prevent security compromises by installing security software on business IT networks and all connected devices. Make sure the software includes anti-virus, anti-spyware and anti-spam filters.
Firewalls
Set up a firewall to shield internal networks from invasion in a cyber-attack. A firewall acts as a gatekeeper between your IT infrastructure and the internet. It must be installed on all portable company devices to be effective.
Spam-filters
Ensure you have a strong spam filter to minimise the number of ‘phishing’ emails your business receives. Phishing emails come from unknown sources and often contain links or files that when clicked, give the sender unauthorised access into your IT network. A spam-filter can reduce the number of malicious emails that come through, along with the risk of you or an employee opening them.
Passwords
a) Set a company protocol for strong passwords
b) Use Two-factor authentication (2FA)
c) Admin account privileges
Monitor use of computer equipment and systems
Keep an inventory of all devices, IT equipment and software your business uses, and who is using them. Ensure they are all secure with appropriate upgrades, password settings, 2FA etc. If equipment is no longer required, it’s important to wipe any sensitive information before disposing.
3. Backup your data
Make sure your website, business records and essential data are backed up in case they become compromised in a cyber-attack. This can help place your business recover quickly and with minimal impact to operations following an attack. Make sure backups are performed regularly and using multiple backup methods should one or more of your data storage systems be compromised.
4. Encrypt important information
Make sure your ‘network encryption’ settings are switched on. This helps ensure important data is encrypted into a secret code when stored or sent online, minimising the risk of data theft, destruction and tampering.
5. Set a company Cyber Security Policy
Part of cyber risk management is creating a company culture that promotes good cyber security practices. A structured Cyber Security Policy can go a long way to ingrain this as company culture, and protect your organisation from online threat actors.
6. Incident Response Plan / Crisis Management
Unfortunately no IT system is 100% impenetrable. No matter how well-protected your systems are, it is vital to have a well thought out Cyber-Attack Response Plan.
7. Protect your customers
It is essential to protect your customer’s personal information. This is for their wellbeing, as well as for your company reputation and compliance with Australian legal obligations.
8. Education and awareness: Train your staff
Several reports by the Office of the Australian Information Commissioner have revealed that human error and phishing attacks are one of the leading causes of data breaches. Based on this, it is essential to educate and train your staff.
9. Protect yourself with Cyber Insurance
Cyber-attacks can cause serious financial losses to businesses who are impacted. This is where Cyber Insurance comes in. Cyber Insurance is designed to help protect your business from the financial impact of a computer hacking or a data breach. This risk exposure is not covered by a traditional business insurance policy. Cyber Insurance assists in coordinating a cyber-attack incident response and recovery, engaging specialists to help your business return to normal as soon as possible. Cover generally includes protection for:
First party losses
Business interruption losses, for the business and external suppliers
Cyber-extortion
Electronic data replacement
Third party losses
Security and privacy liability
Legal defence costs
Regulatory breach liability
Electronic media liability
Additional expenses
Crisis management expenses
Notification and monitoring expenses
10. Monitor threats and stay informed on the latest cyber risks
The cyber security environment is continually evolving. In order to stay on top of new cyber threats and ensure your business is poised with strategies to protect itself, make you are monitoring the trends.
Comentarios