Please also watch this YouTube video which is linked to the recent cyber attack on Billabong which made international headlines – https://youtu.be/myOBnyHGQ0k

A recent survey revealed that 77% of organisations experienced cyber-attacks while running up-to-date security solutions.

As a last line of defence, companies MUST leverage backup and data recovery processes with well-defined frequency – below are some handy tips on how to protect your business from cyber threats.

1. BACK UP DATA

Back up your business’s data and website. This can help you recover any information you lose if you experience a cyber incident or you have computer issues. It’s essential that you back up your important data and information regularly.

It’s a good idea to use multiple back-up methods to help ensure the safety of your important files. A good back up system typically includes:

  • daily incremental back-ups to cloud storage
  • end-of-week server back-ups
  • quarterly server back-ups
  • yearly server back-ups

Regularly check and test that you can restore your data from your back up.

Do not leave the devices connected to the computer as they can be infected by a cyber attack.

Alternatively, you can also back up your data through a cloud storage solution. An ideal solution will use encryption when transferring and storing your data, and provides multi-factor authentication for access.

2. SECURE YOUR DEVICES AND NETWORK

INSTALL SECURITY SOFTWARE
Install security software on your business computers and devices to help prevent infection. Make sure the software includes anti-virus, anti-spyware and anti-spam filters. Malware or viruses can infect your computers, laptops and mobile devices.

SET UP A FIREWALL
A firewall is a piece of software or hardware that sits between your computer and the internet, it acts as the gatekeeper for all incoming and outgoing traffic. Setting up a firewall protects your business’ internal networks, but they also need to be regularly patched in order to do their job. Remember to install the firewall on all your portable business devices.

TURN ON YOUR SPAM FILTERS
Use spam filters to reduce the amount of spam and phishing emails that your business receives. Spam emails are usually from a person or company that you don’t know. They usually contain offers too good to be true. Don’t respond, attempt to unsubscribe or call the number in the message. The best thing to do is delete them. Applying a spam filter will help reduce the chance of you or your employees opening a spam or dishonest email by accident.

3. ENCRYPT IMPORTANT INFORMATION

Make sure you turn your network encryption on and encrypt data when stored or sent online. Encryption converts your data into a secret code before you send it over the internet. This reduces the risk of theft, destruction or tampering.

4. ENSURE YOU USE TWO-FACTOR AUTHENTICATION (2FA)

Two-factor authentication (2FA) is a two-step verification security process you need to provide before you can access your account. You use two different authentication factors to verify who you are such as your password and a code sent to your mobile device or your finger print. The two-factor authentication process adds an additional layer of security making it harder for attackers to gain access to your device or online accounts.

5. MANAGE PASSWORDS

Use strong passwords to protect access to your devices that hold important business information. Having a password such as ‘123456’ or worse still, ‘password’ is leaving yourself open to being hacked.

If you use the same password for everything and someone gets hold of it, all your accounts could be at risk. Consider using a password manager that securely stores and creates passwords for you.

6. MONITOR USE OF COMPUTER EQUIPMENT AND SYSTEMS

Keep a record of all the computer equipment and software that your business uses. Make sure they are secure to prevent forbidden access.

Remind your employees to be careful about:

  • where and how they keep their devices
  • using USB sticks or portable hard drives. Unknown viruses and other threats could be accidentally transferred on them from home to your business.

Remove any software or equipment that you no longer need, making sure that there isn’t any sensitive information on them when thrown out. If older and unused software or equipment remain part of your business network, it is unlikely they will be updated and may be a backdoor targeted by criminals to attack your business.

Unauthorised access to systems by past employees is a common security issue for business. Immediately remove access (including AUSkey), from people who don’t work for you anymore or if they change roles and no longer require access.

7. PUT POLICIES IN PLACE TO GUIDE YOUR STAFF

A cyber security policy helps your staff to understand their responsibilities and what is acceptable when they use or share:

  • data
  • computers and devices
  • emails
  • internet sites

It’s also important to have a strong social media policy. This can set out what type of business information your staff can share online, and where. An attacker could tailor a convincing scam around your employee by using the business and personal information they post online.

Make sure your employees are aware of the policies and review them regularly. Consider refresher training to make sure all employees are aware of the policies in your business.

8. TRAIN YOUR STAFF TO BE SAFE ONLINE

Your staff are your business’ most important and last line of defense. It’s important to make sure your staff know about the threats they can face online and the major role they play in keeping your business safe.

Educate them about:

  • their computer rights and responsibilities
  • their network access and use
  • acceptable online practices when using email, work computers and devices
  • maintaining good passwords
  • fraudulent emails
  • reporting suspicious online activity

9. PROTECT YOUR CUSTOMERS

It’s vital that you keep your customers information safe. If you lose their information it will damage your business reputation, and you could face legal consequences.

Make sure your business:

  • invests in and provides a secure online environment for transactions
  • secures any personal customer information that it stores

Find out what your payment gateway provider can do to prevent online payment fraud.

There are privacy laws around what you can do with your customers’ personal information. It’s important to be aware of the (APPs) and have a clear, up-to-date privacy policy. If your business is online, it’s a good idea to provide this on your website.

10. PROTECT YOURSELF

Consider cyber insurance to protect your business. The cost of dealing with a cyber attack can be much more than just repairing databases, strengthening security or replacing laptops. Cyber liability insurance cover can help your business with the costs of recovering from an attack. Like all insurance policies, it is very important your business understands what it is covered for.

Source: https://www.business.gov.au/Risk-management/Cyber-security/How-to-protect-your-business-from-cyber-threats