The world is now more connected than ever. While this makes doing business easier, it also makes it easier for criminals to wreck havoc via phishing and ransom scams, data hacking and fraud. With teams now working remotely, the threat is multiplied!
Here are our top 10 tips for protecting your business.
Losing data can be disastrous. Save time, money and protect your livelihood by developing a back-up strategy.
The simplest option for most businesses is to migrate emails, contacts, calendars and files to either Microsoft 365 or G Suite. A large part of your critical data will then automatically be backed-up and accessible from any location.
For on-premise systems (that can’t be moved to the cloud), we generally recommend a 3-2-1 backup system. This means having 3 copies of your data:
- One copy on your computer
- A second copy on a local server or network storage device (NAS)
- A third copy backed-up in the cloud or off-site.
Keep in mind though that an ‘off-site’ copy isn’t really a back-up if it isn’t up to date. So, if you are not disciplined enough to take the ‘back-up’ home with you EVERY DAY, connect an automatic cloud back-up service.
Remove access to your systems from people who no longer need it.
Immediately remove access for people who:
- no longer work for your business
- have changed positions and no longer require access.
Unauthorised access to systems by past employees is a common cause of identity security or fraud issues for businesses.
Refer to the article above for an easy way to control data access in your business.
How often have you clicked the ‘Remind me later’ button for installing software updates?
Run weekly anti-virus and malware scans and have up-to-date security software – on every computer.
Instances of malicious software (malware) are increasing. It can be easy to accidentally click on an email or website link which can infect your computer.
Refer to article 2 above for a secure and easy way to do this.
A hacker might be able to steal or guess a password, but they can’t reproduce something an individual user has. For this reason, we recommend enforcing 2-factor authentication for G Suite, Microsoft 365 and other online services.
2-factor authentication (also known as multi-factor authentication (MFA) or 2-step verification (2SV)) combines two independent credentials in order to gain access to an account e.g. a user’s password and a random code sent from an authentication app on their smartphone. If one factor is defeated (e.g. a password is leaked from a successful phishing attempt), the attacker will still need the other factor to gain access.
All reputable cloud services will provide a 2-factor authentication option. Ensure all team members use it!
This is a BIG one. Enforce a policy of not allowing an ’email’ to be used as authorisation for a payment.
We have seen many cases where the business owner’s email address has been ‘spoofed’ and fraudulent emails sent to the accounts department ‘authorising’ the payment of fake invoices.
Ensure large payments are authorised in person or via a phone call.
Additionally, be wary of false billing scams requesting you pay fake invoices for directory listings, advertising, domain name renewals or office supplies that you did not order.
Ensure your mail is secure and consider using a secure PO Box.
Mail theft is a leading cause of information security breaches.
Ensure you change the default password on your WiFi. The default passwords are often listed on manufacturer websites or blogs, so you could be a Google search away from being hacked.
And NEVER use free WiFi at airports, hotels or shopping centres. These networks are public and open – not secure and encrypted. Only connect to cloud services via a secure connection such a tethering to your phone or via a VPN.
Remind your team to be vigilant when opening email.
Always use a spam filter on your email account and do not open unsolicited messages.
Be wary of downloading attachments or opening email links, even if they are from someone you know.
Spam emails can be:
- embedded with malware
- used to trick you into providing information or buying non-legitimate goods.
Do not respond to or click on these emails, as doing so just lets the scammer know they have found a ‘real’ email address.
Sometimes disasters happen. For peace of mind, invest in cyber insurance.
The average cost of a cyber incident in Australia is in excess of $250,000, so it is imperative you protect your business from cyber threats.
Cyber insurance protects your business from the costs associated with data loss, interruptions, restoration, ransom payments and more.
Before you decide on the level cyber insurance you need, weigh up the risks. What would happen in the event of a security breach? How long can your business be out of action? Do you or your clients need 24/7 access to services?
In short, the greater the risks, the greater the need for insurance.
Following the above cyber security tips will go a long way to keeping your business safe from cybercrime. Some of the tips might seem obvious, but it’s the small things that can make a big difference.
If you have and questions or wish to discuss the cyber security strategy for your business, please don’t hesitate to call us on 03 9467 3599.