By the time you’ve finished reading this article, one business will have been the victim of a cyberattack. That’s the findings from the Australian Cyber Security Centre’s (ACSC) latest report which received over 67,500 cybercrime reports in the last financial year, an increase of nearly 13 per cent from the previous financial year. That equates to one cyber attack every eight minutes.
And if you think it’s just the big players these cybercriminals are targeting, you’d be surprised to hear just how widespread this problem is. No sector of the Australian economy was immune to these attacks, and small and medium-sized businesses are just as vulnerable, sometimes more exposed due to low levels of understanding, less resourcing, or underestimation of risk.
Top three most common cyber security threats for SMEs
- Ransomware involves encrypting company data so that it cannot be used or accessed, and then forcing the company to pay a ransom to unlock the data. According to ACSC, ransomware attacks have increased by nearly 15 per cent compared with the previous year.
- Malware is a malicious code that hackers use to access an organisations’ network, then steal or destroy data. Malware usually comes from malicious website downloads, spam emails or from connecting to other infected machines or devices.
- Scam emails or phishing attacks are designed to trick individuals out of their money and information. These emails often look like they were sent from individuals or organisations you know or should trust.
Prevention and proactivity are key when it comes to cybersecurity
Failure to prepare for a cyberattack is costing small and medium-sized companies big. From financial losses and downtime, to reputational damage and even legal action as a result of a data breach, there are a number of ways that cybercrime can impact your organisation.
Having incident response, business continuity and disaster recovery plans in place is an important strategy to prepare for a cyber security incident. Just as important is testing these plans to ensure they’re robust enough to stand up to an attack.
Five simple ways to prevent cyber threats
1. Build a multi-layered approach to security
There’s no one-size-fits-all approach to security. A good security strategy should be built with a multi-layered approach using different solutions. This can become challenging and complex to navigate internally, especially because the products available are constantly changing.
If your business operates through the Microsoft 365 platform, you’ll already have a baseline level of security. Our recommendation is to solidify that baseline leveraging existing software and slowly build up your business maturity level by upgrading to a higher licensing level, configuring settings like MFA and conditional access or with targeted initiatives that are not included in Microsoft 365, such as extra backups.
2. Update your devices and systems
Turn on automatic updates for your operating systems and applications. If automatic updates are unavailable, regularly check for updates from vendors and install them as soon as possible.
3. Use Multi-Factor Authentication
Multi-Factor Authentication (MFA) requires the user to provide two or more verification factors to gain access (e.g. a one-time password sent to your phone). Make sure you have MFA enabled by default on any corporate networks, devices or systems.
4. Train staff in good cyber security habits
Are your end-users the weakest link in your cyber defences? 41% of IT professionals report phishing attacks at least daily. You can have the best technology in place, however, if your staff are not well trained, that investment goes to waste.
Your staff and policies play a crucial role in the success or failure of your IT protection efforts. Build a workforce of trained, phishing-aware employees that provide your business with a human firewall against cyber threats. A good place to start is by doing a staff security awareness training and simulation. This has been a popular service for Bremmar clients.
5. Back up your cloud against accidental loss or deletion of files
With more and more businesses depending on Microsoft 365 and G-Suite for business operations, the risk of potential data loss is impossible to ignore. Although Microsoft and Google store data in their servers, they don’t take responsibility for human error such as accidental loss or deletion of files. With people working from home and increasingly relying on collaboration tools like Teams and SharePoint, protecting data in the cloud is more important than ever.
Your business information is one of the most, if not the most, important assets of your company. It’s essential you’re constantly monitoring your IT environment to protect it from any emerging threats. Bremmar’s team of specialists can advise on the best security solutions for your business, implement them and monitor performance so you can rest assured that all safety measures are in place to maintain the integrity of your network and data.
Do you have cybersecurity insurance measures in place?
Our business insurance team is here to help you protect your business and personal data. While we hope that your cybersecurity won’t be breached, we can help you insure against the costs that arise in such a situation. By creating a cyber insurance policy, you’re adding another layer of security to your business. Get in touch with us today to get started.