Cybersecurity is a burning hot topic in the industry today. It is the practice of ensuring that your business is protected from malicious actors and criminal attempts of possible cyber breaches.
In a live webinar, Ben Love touches on this very important topic to list down and provide an in-depth discussion about the some of the most effective ways to keep your business cybersecure. Here’s a little recap of the quick yet valuable webinar on the Top 5 Cybersecurity Practice for your Business.
In previous years, cybersecurity has traditionally been acknowledged to be important yet frustrating. That is because putting an effort on cybersecurity costs money and it doesn’t necessarily deliver immediate visible return. Also, you can work in a hypersecure area but would then have to go through the inconvenience of having difficulty accessing systems and data.
As business owners, we need to think about where on this continuum we are going to position organisations. One thing we should know is how to mitigate the risks before they happen and what actions to take when an attack occurs.
Here are the top 5 best cybersecurity practices covered in this year’s cybersecurity webinar:
1. Multi-factor Authentication (MFA)
Multi Factor Authentication is a second layer of security, enabling a one time password in real time, and it is arguably THE single most effective way of protecting your user accounts.
Where can I enable MFA?
- Internet Banking – via a portable dongle that provides a one time password in real time for every transaction
- Microsoft Office 365 – asks for an authentication code for every log in
- Xero Cloud Accounting
- Social Media Accounts
Do a quick audit on the accounts and apps that are used in your business, list them all down and look them up online whether they have an option to enable MFA –most of the time the answer would be yes. Enable all MFA on all the accounts.
2. Intelligent Firewalls
An intelligent firewall is more than just an ordinary router. It does a better job at protecting your network as it has more capabilities like:
- Blocking unauthorized network activities
- Filtering and scanning for malicious activities or threats
- Enforcing internal policies to prevent access to potentially dangerous sites
4 Key Features of Intelligent Firewalls
- Intelligent Traffic Filtering
- Unified Threat Management
- Identity Awareness
- Network Control
Find out whether you have an intelligent firewall in place. If not, talk to your IT provider about which firewall would best suit your business needs and budget.
3. Cyber Insurance
A Cyber Insurance Policy is an insurance policy specifically created to aid you in the event of a cyber breach. The coverage and costs may vary from broker to broker but the purpose of it stays the same – to help keep your business running if and when a cyber attack occurs.
According to Todd Ferguson of All Safe Insurance Brokers, the most common categories cyberattacks fall under are:
- Social Engineering
- A type of cyber fraud where cyber criminals trick one party within the company into paying money to a ‘trusted source’ whereby the money is being paid to unauthorized cyber criminals
- Cyber Theft
- No trickery needed. Cyber attacker directly install and infiltrate computer systems with malware to be able to hack and obtain confidential information.
To mitigate risks, you should consider all possible ways your organization may be vulnerable to these kinds of attacks.
- Minimise the possibility of human error.
- Advise your staff not to engage with dodgy emails even if they are from ‘reliable sources.’
- Pick up the phone as soon as you notice something off, such as receiving an invoice from a business you use saying they've changed their bank account details - call to confirm this is correct.
It's a terrifying fact, but many cyber crimes are being committed by hackers lurking within their victim’s system for roughly nine months before launching a ‘sting.’
What is the cost of a cyber attack? An hour of interrupted operations caused by a cyber attack can cost your business a loss of ~$46,800! Not to mention the actual costs of solving the actual problem, salary losses, etc.
Investigate whether you have an insurance policy that specifically covers cyberattacks. If you don't, contact your insurance broker to implement a cyberinsurance policy.
4. Cyber Security Awareness
As mentioned, it is quite common for the human element to be the cause of vulnerability to your systems. Sometimes, mishandled data and the lack of knowledge in recognizing threats can lead to a window of opportunity for cyber criminals to initiate attacks.
What you can do is educate your staff.
- Inform everyone in your organization about your efforts to keep your business cyber secure
- Help your staff recognize and understand threats when they see them
- Train your staff on how to respond if these threats occur so they know what to do.
- Discuss cybersecurity in your regular team meetings.
Talk to your staff about cybersecurity and gauge how much they know about risks, threats and what to do if a cyberattack occurs. Investigate ways of making your team more aware, whether this be in the form of internal or external training options.
5. Cyber Security Audit
A cyber security audit is a routine check on your cybersecurity processes to ensure that cyber risks are being mitigated and risk reduction is being planned effectively. You can mark your calendar to do a quarterly check, as often as needed or as recommended by your IT partner.
Who should be involved in cyber security audits?
- IT Department
- Service Delivery
- Basically the whole company!
Cybersecurity impacts every department and it's only as strong as the weakest link.
Start by doing an audit of all user accounts that are currently active in your system. Are all of them still required, or do some belong to staff that no longer work in your organisation? Unused user accounts are an easy way for hackers to access your network, so ensure they are shut down as soon as they are no longer required. Make a reminder in your calendar to do an audit every quarter.
Now that you are aware of the best ways you can keep your business cyber secure, it’s time to assess your current cybersecurity scheme. Ask yourself:
“Where am I placed with my current cybersecurity plan?”
Your assignment is to be able to answer these questions and be confident about your organisation’s cyber security:
- How am I currently mitigating cybersecurity risks?
- What can I do NOW to improve cybersecurity?
- How much effort can I allocate to instigating a more effective cybersecurity plan?
If you need any assistance with keeping your business cybersafe, don't hesitate to contact us.