Our six basic steps to help you and your organisation mitigate the risk of becoming a victim of cybercrime are:
- Update your devices and educate staff about software updates
- Activate multi-factor authentication
- Backup your devices
- Set secure passphrases
- Watch out for scams
- Engage a cyber security expert
Cyber security is a term most Australians have become intimately familiar with in recent times, and it is no longer confined to the realms of IT staff. It is fair to say that our lives have become digitised to the point where it has become nearly impossible, or at the very least exceptionally difficult, to exist exclusively in an analogue world.
Interestingly, the lines of responsibility around protecting personal data are both blurring and solidifying at the same time. Our personal data is no longer a static object. It is shared between organisations, institutions and suppliers. It is stored in the cloud, in customer databases, payroll systems, and our ‘digital personas’ have become commodities. As technology has evolved at pace, regulators have followed.
Securing client data and building thorough cyber risk strategies is imperative for organisations of all sizes and sectors. The responsibility of safeguarding the data that is entrusted to you by individuals is now a key element of your service delivery process and promises.
Cyber security and resilience strategy needs to be a standing action item on board meeting and operational agendas. It should also be front of mind when developing and reviewing an organisation’s risk mitigation strategy - something every organisation should have, no matter how large or small.
More than ever, the security of our client, customer and personal data, devices and (private) accounts is the responsibility of every stakeholder within an organisation. Whether you are a board director, employee or private individual.
WHERE DO CYBER ATTACKS USUALLY START?
Big problems often start small, as is the case in most cyber-attacks.
One of the more recent attacks discussed in the media was a result of an attacker locating the administrator’s password. The attacker was then able to enter the Privileged Access Management system using the administrator’s login and access other credentials within the environment and was subsequently able to obtain data.
A second example resulted from the attacker getting access to a piece of software through an unauthenticated account on the public internet. The program contained confidential information the attacker was able to access.
CYBER SECURITY IS SOMETHING WE ARE ALL RESPONSIBLE FOR
In this digital age, everyone expects information and data at our fingertips and often interchange personal and work devices and/or accounts. The following six basic steps are adapted from information available on the Australian Cyber Security Centre and can help you and your organisation mitigate the risk of becoming a victim of cybercrime.
- Update your devices and educate staff about software updates
Keep your devices up to date with the latest software version available. This reduces the risk as older software is more susceptible to cyber attacks because it does not have the security upgrades to fix weakness. Also, ensure staff are educated about the importance of software updates on their private devices.
- Activate multi-factor authentication
Multi-factor authentication uses multiple security factors or checks to gain access to your infrastructure. For example, a password, in combination with a one-time-code sent to your phone. It provides an additional layer of verification and reassurance that you are authorised to gain access and your details haven’t been stolen. Multi-factor-authentication should be an organisational requirement and minimum standard to be able to access work accounts.
- Backup your devices
It’s not a matter of how, but when will you experience a cyber-attack. Therefore, you need to regularly backup your devices (both work and personal) including your mobile phone, laptop, desktop and tablet and carefully consider both your personal and work information and data.
- Set secure passphrases
For accounts where multi-factor authentication is not available, set up passphrases. A passphrase is a sentence like string of words used for authentication. These are longer than a traditional password and make it easier for you to remember and more difficult to crack! Passwords should not be re-used across multiple services. There are many password generators available which can help generate random and complex passwords to help improve your security.
- Watch out for scams
Any system is only as strong as its weakest link. No matter how outstanding your security protocols are, it stands or falls with human error. Would your staff recognise a scam if it dropped in their inboxes and have you given your staff the tools to recognise a potential scam or phishing email?
If your organisation doesn’t currently offer cyber security training to staff, should it? If you do provide training, is it done in such a way that promotes active engagement, rather than presenting a nuisance? Effective cyber security awareness training is vital in helping staff understand where the dangers are and how to navigate potential threats.
If you have received an unusual message, you need to confirm if it is legitimate. You can do this by going back to something you can trust from that source, such as visiting the official website. Alternatively, you can log in to your account through the usual link, or phone their advertised phone number . Don’t use the links or contact details in message you have been sent or given over the phone.
- Engage a cyber security expert.
Cyber security is a big subject and developing a solid cyber resilience strategy is essential for any business or organisation. It can be beneficial to bring in a cyber security expert and governance and risk manager who are trained professionals and can help you and your organisation get started and ensure you have a solid foundation.
TALK TO YOUR TRUSTED ADVISOR
For more information, we recommend speaking to your trusted Moore Australia advisor. We can provide governance and risk and cyber resilience expertise to suit your organisation. Together we can discuss your cyber security risk profile and identify additional steps that might be available to provide further protection to both your personal and business devices and accounts.