Cyber hacking events in Australia in 2022 reminded us just how important it is to have stringent cybersecurity measures that are updated on an ongoing basis. Major businesses holding sensitive customer data were hacked, and information was released on the dark web. Businesses impacted in the separate attacks, including Optus and Medibank, went into damage control to do their best for their customers (numbered in the millions). But once customer data is out there, it’s impossible to pull it back. The extent to which customers will be impacted in the future is unknown, yet the risks relating to ongoing fraudulent use of data remain painfully real.
These attacks show us that no matter the size of your operation—whether you are a small business or a large organisation—cyberattackers will do their best to find a way in. Their tactics are ever-changing, and their abilities to access data are becoming increasingly sophisticated. So, it’s a good time to remind ourselves how important it is to have strong data security, and to reflect on how your business could do better.
Below is a list of cyber security tips your business would be wise to follow, to ensure you are all doing your best to prevent cyber attacks. These measures will also help you be prepared in the instance that an attack occurs.
Tip # 1 – Get a cybersecurity risk assessment
Before we launch into all the other measures you can take as a business to prevent cyberattacks, it’s important to gauge how your business is doing in regards to cybersecurity right now. The best way to do this? Hire external cybersecurity professionals to perform a cyber security assessment of your business. This way, any gaps in your security operations can be quickly identified. Understanding those gaps will help you develop a strategy to defend against cyber attacks before they occur.
Sometimes businesses are so complex that it’s challenging for an internal IT security team to get a clear picture of everything that’s going on in regards to cyber risk. So a vulnerability assessment from an external cybersecurity specialist is a great idea. They will also be on top of what the latest trends in cyberattacks are, and will be able to identify risks and solutions.
Tip # 2 – Get penetration testing
Following on from Tip #1, it’s worthwhile getting penetration testing of your business’s IT security, to identify if your cybersecurity measures are actually working. This involves using a security expert to attempt to hack your software and computer systems. It may involve scanning ports, and examining patch applications or defects in security protocols that were identified as part of the initial security assessment. If the testers find a way in, these gaps can be ameliorated as part of a cybersecurity overhaul.
Tip #3 – Use a white-hat hacker
As an adjunct to penetration testing, you may use a white-hat Hacker, or an ‘ethical’ hacker, employed to hack into systems in the same way a malicious hacker might. White-hat hackers are often able to find out extra weak points that aren’t discovered in penetration testing alone.
Why? Hacks often occur as part of a longer-term con where people are manipulated over time, and thus are difficult to identify in one-off penetration testing. A white-hat hacker will take more time, and use other avenues to access an organisation’s information to find out where the weak points are.
Tip #4 – Ensure software is up to date
If you don’t refresh your organisation’s software when updates are offered, you are putting your organisation’s cybersecurity at risk. Cyber attackers look for ways to infiltrate weak points, and software developers continually update software to prevent attackers from being able to access important data. So it’s imperative to ensure your software is updated, otherwise the software company can’t guarantee the software will be secure for you. This includes not only general updates of software, but also any specific security upgrades they recommend.
Tip #5 – Update your hardware
In addition to the previous point, it’s important to update your hardware so it’s capable of supporting software security updates. If your hardware is outdated, it may have trouble responding to a cyber attack at all, or may be too slow to do so.
Though updating hardware can be expensive, it’s a worthy expense considering the potential costs of a cyberattack.
Tip #6 – Back up data
Data loss is not only a waste of time, but it can cost your business greatly if it results in business operations being interrupted. Therefore it’s important to back up any data important to your operations, so that you can restore it in the event of a data loss during a cyberattack.
Data may be backed up in the cloud, or locally, depending on your security needs. If you aren’t certain of the best way to back your data up so that you are protected, an external group can assist with Data Storage and Data Backup, helping you plan and deploy your on-premise storage network or cloud solution. An external provider will usually work with a variety of vendors, and match your business with the most suitable option. They will also be able to assist with Disaster Recovery, or help you create a Disaster Recovery strategy before incidents occur.
Tip #7 – Ensure your employees are cyber security aware
Unfortunately, internal staff are the weakest link when it comes to cyber attacks, which is why it’s so important that staff are trained in cyber security awareness. Staff need to be confident when it comes to spotting and avoiding cyber threats. They also need to use appropriate security practices consistently, without getting lax. A simple mistake from an employee can lead to a major security breach, so it’s imperative to ensure staff fully understand the risks and their responsibilities.
The optimal way to train staff so they become a key component in your security strategy is to provide cyber security awareness training. Training may include things like phishing simulations that mimic industry-specific scams, online quizzes, videos and so on. If you can get staff onboard with security prevention and keep them informed and up-to-date with the latest cybersecurity risks (testing their knowledge at least monthly), you go a long way towards preventing unexpected security breaches.
Tip #8 – Don’t open suspicious emails
Your staff should know not to open suspicious emails, as they may form part of a phishing scam. These emails may contain links or attachments that can infect company devices. Alternatively, emails may be from someone impersonating someone else, trying to draw information from your company, or from individual employees.
Knowing what is and isn’t suspicious is often obvious, but not always. The best form of defence is to have strong security filters in place on company email, and to educate staff to never click on any link or attachment within doing the proper checks first. This may need to be drummed in, which is why cyber security awareness training is integral.
In addition, it’s important to have a system in place in your workplace where security breach attempts can be reported. This way, staff as a whole can be educated on the types of cyber attack attempts being made on your business.
Tip #9 – Don’t use public networks
When staff from your organisation use a public network, they risk sharing information with anyone else connected to that network. They should avoid public networks, or connect to an approved VPN when doing so.
Tip #10 – Put effort into passwords
It’s all too easy to use the same password across different accounts. Some passwords have complex requirements (capital letters, numbers, symbols etc.) and it’s hard to remember each one, so you may be inclined to use the same one on repeat.
It’s important to never reuse the same password across different accounts, as if a hacker is able to breach an account with one password, they will try it across other accounts. Therefore, take the time to come up with passwords that are long and strong, and that don’t include any personal information that’s easy to find online, like your date of birth, and child’s or pet’s name.
If you have trouble recalling passwords, consider using a password manager to store passwords for you.
Also, never share a password with anyone.
Tip #11 – Take advantage of Multi-Factor Authentication
If a platform offers multi-factor authentication (MFA), it’s worth using, as it helps to ensure it is actually you attempting to use your accounts. Without it, there is more risk someone may impersonate you and log in.
MFA provides a secondary step when entering passwords, so that rather than being asked just for one password, you need to provide a secondary piece of information to access an account. This is important, especially as passwords can often be stolen via data breaches or phishing scams.
MFA is becoming more common across platforms, so take advantage of it.
Tip #12 – Disable your bluetooth
Bluetooth is yet another way cyber attackers can infiltrate your devices. That’s why it’s important to deactivate your bluetooth when you aren’t using it.
Tip #13 – Keep an eye on HTTPS
Always check that any website you are using is using HTTPS, which shows that the site is using an SSL (Secure Sockets Layer). If it isn’t, you’re at risk of transferring information to an insecure site server. So, always check the URL and ensure you see “https” rather than just “http” (the “s” stands for “secure”). You should also look for the padlock symbol, as this shows that the connection between your browser and the website server is secure. (Remember that the actual website may not be secure.)
Obviously this goes both ways, so ensure your business’s website is HTTPS enabled so that it is more secure. An SSL certificate is also necessary, as it enables an encrypted connection when web browsers contact your secured website.
Tip #14 – Use anti-malware
Using anti-malware is an important way for your business to secure its technical assets from cyber attacks.
Malware (malicious software) can do a lot of harm to your business’s technical assets and your important data. Malware uses many avenues to infect your systems, and once it’s established on your tech, it can take data and erase it completely, or encrypt it so you can’t access it. (You may then be asked to pay a ransom to access your data again.)
That’s why anti-malware should not be disregarded.
Tip #15 – Use a secure file-sharing tool
It’s vital everyone in your organisation understands how to share documents in a way that doesn’t place confidential data at risk. Using a secure file-sharing tool is a good way to achieve this.
A file-sharing solution is a way that communications like emails and attachments can be shared securely, without the risk of them being intercepted by outsiders (or unauthorised insiders). A top-of-the-range file-sharing tool should encrypt documents and files, so that they can’t be read by the unauthorised.
There are many file-sharing solutions available. It’s important that your business agrees on which one to use, rather than staff using different solutions, wihtout being certain which is the trusted option.
If you need help choosing the best file-sharing solution for your business, Technetics can help recommend some.
Tip #16 – Beware external devices
Oftentimes, staff will have their own external devices they want to use in conjunction with workplace computers. This is risky, as the external device may be infected with malware.
Any external device should be scanned for malware before use. It is also recommended that businesses have strict restrictions on the use of external devices by staff. This isn’t to say they can’t be used, but they should be scanned and approved by an IT team before being connected to the network.
Tip #17 – Restrict adware
To protect privacy, it’s best to remove any adware from your work computers. Adware’s purpose is to collect information from a user to create more targeted ads. Obviously, no business wants their information to be collected, so it’s best to remove adware entirely. If you can’t, at the least ensure you use an adware cleaner.
And there’s more…
There are many more measures you can take to prevent a cyber attack. Whilst there’s no way to be entirely secure, you can do your best to keep your defences up and limit potential attacks, in addition to preparing for an attack if it comes.
If your business needs assistance with cybersecurity, Technetics provides a range of cybersecurity solutions that will help ensure you are protected as well as possible.
Contact us for more information on our cybersecurity and data protection solutions.