Technology has transformed how people do business today. It helps us work faster and more collaboratively, and it helps us work from anywhere. Yet this transformation is not without risk. In fact, the risk of cyberattack is growing.
Unfortunately, as more businesses take their work and transactions online, cybercriminals get more sophisticated at what they do. Stories of phishing, social engineering, ransomware, malware and more are hitting the headlines with growing frequency and the attacks are proving costly. For example, business email compromise (BEC) scams alone cost Australians $79 million in the 12 months to July 2021.
Given that cybercrime is not going away, every business large and small should be prepared for an attack. Regardless of how secure your systems are, it’s a question of when, not if, you’ll be hit. And then, how quickly you can respond.
A simple, actionable way to boost your cybersecurity is to create a PACT to fight cybercrime. Here are some easy to remember steps to protect your business, people and information.
Pause before sharing information
Ask your employees to always think before sharing or accessing information, especially information that may be sensitive.
A key way to protect sensitive information is to use passwords. They help keep hackers out of your systems – but only if they are strong enough. Cybercriminals can easily crack passwords of seven or eight characters, even if they are a messy mix of numbers, upper and lower case letters, and special characters.
The Australian Cyber Security Centre now recommends you use passphrases instead. Passphrases are long, complex, unpredictable and unique strings of characters that are a lot harder to crack.
- Replace short passwords with longer, complex passphrases
- Use a different passphrase for every account
- Use a password manager to help you remember and save your passphrases
- Avoid using words or names in your passphrases that can be easily found on your social media or personal profiles (for example, pet names, middle names, street names, date of birth).
Activate two layers of security
Multi-factor authentication (MFA) is widely regarded as a must-have security measure, and for good reason – it makes it much harder for cybercriminals to hack their way into your systems. The additional layer of security takes the pressure off poor password management too.
With MFA in place, you can only gain access to devices or business systems with two or more proofs of identity. Typically, it uses a combination of something you know (like a PIN or secret question), something you have (like a card or token) and something you are (like a fingerprint).
- Think about all the devices and applications you use in your business, and set aside the time to set up MFA
- Check out the Australian Cyber Security Centre’s guidelines for setting up Two-Factor Authentication on common platforms like Microsoft, LinkedIn and Gmail – if the platforms you use aren’t on their list, a simple Google search should provide guidance around how to turn it on.
Call out suspicious messages
Human error is a key cause of cyberattack, so it pays to educate your staff. For example, an employee might click on a phishing link, download malicious software, share customer information with an unauthorised caller, or use a weak password for entry into your business applications.
Cybercriminals prey on human vulnerabilities like these. That’s why it’s so important to keep your employees in the loop about all of your security strategies, policies and processes.
- Encourage staff to detect and report malicious emails, suspicious phone calls or anomalous activity on your network
- Provide time and support for staff to set up MFA, passphrases and other security measures.
Turn on automatic software updates
Security breaches almost always occur on out-of-date devices and software. If you don’t run the latest versions of operating systems, software and applications, you could expose yourself to more risk.
Automatically updating your operating systems and software to the latest versions – which come with better security – will help protect your business from malware and ransomware.
And don’t forget to back up! With ransomware and malware attacks on the rise, it’s more important than ever to also regularly and automatically back up your data.
- At a minimum, turn on automatic updates for all software from operating systems to antivirus software
- Keep an eye out for when older devices and software reach end of support – at this point, the manufacturer or developer no longer supports updates, and your exposure to threats increases significantly
- Choose physical and digital backup systems that work for you
- Physically remove your storage device after each backup to protect it against cyberattack, and store it somewhere safe.
Stay on top of the latest updates
When it comes to cybersecurity, you can’t afford to sit still. As well as tackling the tips above, you should also consider completing the Australian Cyber Security Centre’s Cyber Security Assessment Tool – which will give you actionable recommendations to improve your security posture.
In the meantime, rest easier knowing that ANZ is here to help you reduce the risk of threats:
For more practical tools, content and articles that can help you move your business forward, one step at a time, visit the ANZ Business Hub.