Most organisations today have a digital presence and use software to facilitate business operations. While this offers numerous benefits like the ability to work and access data remotely, handle transactions more efficiently and even cater better to customers' preferences, it also makes organisations more vulnerable to cyber crime. Regardless of the size of your company, cyber crime is a real threat. In addition to financial loss, cyber attacks can have severe repercussions for brands' reputations and productivity.
The Cyber Security Review found that "Cybercrime is costing the Australian economy up to $1 billion annually in direct costs alone" (The Australian Criminal Intelligence Commission, 2019).
Being aware of and planning for the risks to your business can ensure that your organisation is able to protect itself and survive if they occur.
Here are the ways you can protect your business:
1. Invest in security software and keep it updated
First and foremost, every organisation should have security software installed on all business computers and devices to mitigate the risk of cyber attacks. This applies to all technology devices, even if they are not physically in the office. For example, if you have an employee who works from home or out in the field, their laptop or mobile needs security software. What often happens, unfortunately, is companies do this, but then don't keep up with updates, which can contain important upgrades to protect you from recent viruses or scams. Attackers' capabilities evolve quickly, so you always want to have the latest version of your software installed on your devices. Luckily updates can often be made outside business hours and set up to happen automatically, so you will be covered on an ongoing basis.
2. Back up your data
In case of a cyber attack or even general IT issues, your company must back up important data regularly. This will ensure you are able to access your most valuable information even if it is compromised. It's a good idea to back up your data daily and to test to make sure that it is being stored properly so you can access it. At the very least, you want to back up your data on an external drive that you store in a location separate from your main business location. Just make sure to always disconnect the drive from the device being backed up; otherwise it could also be digitally infected. Even better, however, is to back up your data through a cloud storage solution, which allows you to access the information regardless of your location.
3. Encrypt your data
Often companies have multiple offices and employees across the country or world and they have to share information with each other. Whether this is private customer data or important company information, you'll want to encrypt the data before sending online. It's also smart to encrypt the data being stored. Encryption essentially makes your information difficult to interrupt or damage because it is essentially converted into a secret language of sorts.
4. Provide guidance and training to your staff
Regardless of the size of your company, you can only count on IT security systems so much. Human error was responsible for the unauthorised disclosure of data of more than 270,000 people (www.arnnet.com.au, 2019). Systems can't control whether someone clicks on an email, which is why it's equally as important to build awareness among your employees on how they should conduct themselves online and with your network, and what to be cautious of. This guidance and training should include:
- Guidelines for how to acceptably use the technology they are provided by the business, such as laptops, tablets and phones
- Protocol to follow that keeps personal and business data secure
- Best practices for password management, such as changing passwords everything three months and creating a unique password for each account
- Coaching on how to recognise suspicious emails or social media posts as well as set up spam filters to reduce the risk of receiving and clicking on an illegitimate email
5. Implement two-factor authentication (2FA)
While passwords are important, recent reports have shown that obvious and easy-to-guess passwords, like "12345" and "password", continue to be used often, making the security of a password nearly negligible. Two-factor authentication makes it so your employees need to provide one additional proof of identification before they are able to access their account. This could mean they have to use their password as well as a code that is sent to their mobile or a finger print. Adding this extra layer of security makes it harder for someone to hack into your device or online accounts.
6. Test your back up and security systems regularly
While you'd hope that once your security systems and back up procedures are set up that your data would be protected, it only takes a minor glitch to make you vulnerable to a cyber attack. This is why your cyber security practice should include regular monitoring and testing. This will give you peace of mind as your systems are working as they should and allow you to detect and fix any issues early.
By following through with these six steps, you will be protecting your business from detrimental cyber threats. Although the potential damage is scary, Enterprise Risk Management Software like RiskWare can help assess the risks, make sure you are planning accordingly and monitoring your progress.
To learn more about how RiskWare is making the world a little less risky, visit us at RiskWare.com.au.