Smart Cybersecurity Essentials for Business
What are the dangers of not having an effective cybersecurity strategy? The 2019 Cybersecurity and Australian Small Business Survey produced by the Government’s lead agency, The Australian Cyber Security Centre, identified that 80% of respondents understood cybersecurity was important to their business however implementation of any form of protection was moderate at best. The survey also identified the following barriers to enacting good cybersecurity practices: the complexity of the issue, simply knowing where to start and what is required plus, the lack of dedicated staff capable of achieving the end goals. Finding time to plan and respond combined with underestimating the impact and duration of recovery are also strong reasons cybersecurity gets put into the ‘to hard basket’.
The survey found where small to medium businesses did outsource their cybersecurity they had a greater level of confidence and peace of mind surrounding their overall vulnerability. The main concern for all SMB’s is returning to normal operations after an attack. 46% of respondents believed they could do this in a few days.
By comparison, staysmartonline.gov.au have identified the average time to resolve an attack is 23 days and the average cost of a cybercrime attack to a business is $276,323. 53% of this total is spent on detection and recovery. The breakdown of impact is 40% business disruption, 29% information loss, 25% revenue loss, 29% productivity loss and 4% equipment damage.
What are the principles of a Cybersecurity strategy?
There are many facets to implementing a comprehensive cybersecurity strategy, but all the actions required can be defined down to 4 principals – Anticipate, Prevention, Detect, and Respond.
- Anticipate – We need to logically start the process, conducting an initial security assessment enables you to identify what you are doing well plus areas of concern, it gives us a benchmark to work from.
- Prevention – Undertaking staff cybersecurity awareness training. How to safely send and share data, phishing simulation exercises people and procedures are one of the most important lines of defence for your business.
- Detect – Ensure all your systems are monitored, 24/7 and any alerts trigged are investigated, immediately.
- Respond – Depending on the severity of attack, we have the processes in place to counter, quarantine and remediate accordingly.
What are the essential things for all businesses to have in place?
The answer depends on the nature of your business and its complexity across the number of users, sites, devices, amount of data being captures, the need for remote access, etc, etc. The key, overriding principle is to ensure implementation of products and processes is appropriate to your business needs. Another good reason to start with an initial assessment, by a provider of your choice.
The essential elements for consideration:
Staff training, this is about creating a ‘security culture’ across your organisation. It needs to be ongoing and reviewed regularly. The training should include a phishing simulation, so you can be sure everyone is aware and alert.
Deploy anti-virus software across all devices. Good software is designed to detect, block, and remove viruses and malware. If people are using their own devices, then ensure when connecting to the businesses network that the device is scanned first, and they have anti-virus software deployed.
Some anti-virus software solutions have a broader capability in that they protect against ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, adware, spyware as well as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial-of-service (DDoS) attacks.
Implementing a Firewall on your network is essential. The firewall is designed to monitor incoming and outgoing network traffic based on a set of configurable rules, thereby separating your secure internal network from the Internet, which is not considered secure. Firewalls are typically deployed as an appliance on your network and in many cases offer additional functionality, such as virtual private network (VPN) for remote workers
An important consideration is patch management. This is where the software applications being used are regularly updated to remove security vulnerabilities that have been identified. It becomes essential that all devices are using the latest versions, if not then the risk of attack is increased. Importantly, the process of patch management needs to occur at a time that does not interrupt the employee’s productivity.
Studies constantly report that weak passwords are at the heart of the rise in cyber theft. A Verizon data breach Investigation report found 81% of data breaches are caused by compromised, weak and reused passwords. To mitigate this risk, businesses should adopt password management solutions for all employees.
Backup and Recovery is the number 1 essential for smart cybersecurity practices. This means having frequent backups of all critical business data. Most business will undertake a daily backup, but your needs may require greater frequency. Backing up data incrementally, throughout the day, can minimises the amount lost.
With the prevalent use of Cloud applications such as Microsoft 360 any back up structure should include data stored in the cloud. Especially email applications such as Outlook, Gmail, etc. Industry best practice is to back up according to the 3-2-1 rule: at least three copies, in two different formats, with one copy stored offline or in the cloud.
Develop straightforward cybersecurity policies. Draft and distribute a clear set of rules and instructions for employees. And finally, control user access to your network. Constantly remove privileges and deploy 2 factor authentication.
This sounds confusing and very technical?
Cybersecurity doesn’t have to be difficult but it is constantly evolving and therefore highly specilaised.
If you need help and support, contact your local Computer Troubleshooter. They are constantly up-dating and implementing cybersecurity for businesses’ in your area. They will design a unique solution that avoids the cost of disruption, productivity and revenue loss.
The key benefits of engaging Computer Troubleshooters:
Predicable IT expenditure that lowers your cost overall due to the minimisation of disruption risk and
speed of recovery. No more capital expenditure and the expense of employing highly
skilled and costly staff. Instead, a monthly fee that is known for the term of your agreement.
Reduced stress, anxiety and complexity by engaging your local Computer Troubleshooter inhouse resources stay focused on priority tasks and you have confidence your business has cybersecurity solved.
Automated monitoring, detection and remediation we use advanced tools to ensure any breach is
quickly resolved. We’re 24/7. We’re experts, it’s what we do!
Opportunity to scale and access new technologies and security products without incurring capital
expenditure. Its in our interests to deploy the latest technologies to ensure you’re safe.
How to start?
We recommended you undertake the Australian Government’s initial broad assessment. (click below)
After completing, download the report and confer with your local Computer Troubleshooter .
To find your nearest expert Troubleshooter call 1300 28 28 78 or
Cyber security Melbourne, Cyber Security Sydney, Cyber Security Brisbane., Cyber Security
Adelaide, Cyber Security Perth
Australia’s Largest IT Franchise Network