Welcome to Part 2 of my cyber-security mini-series. In part 1 where I identified two of the myths about and five of the biggest threats to, businesses’ cyber-security. It’s one thing to know about the threats but it’s another to defend yourself appropriately against them. In part 2 will identify just five of the strategies that need to be implemented to ensure your business is as secure as it can be and that you are protected in the event of a breach.
DEFENDING YOUR CYBER-SECURITY
The five potential cyber-security threats discussed here represent the tip of a growing iceberg. Criminals are learning more and more about how to disrupt business systems, and the technology available to assist them is increasing daily, along with the threat to businesses around the world. While geographically isolated, and even more so during the pandemic, Australia is not immune to these threats. Indeed, the epidemic has increased the frequency of attacks in Australia.
No business can afford not to have a strategy and policies to ensure its systems are as secure as possible. The cost of not being fully protected is just too high. Following are strategies and policies every business should have in place in 2021.
EDUCATION AND TRAINING
In 2019, IBM research found that 44% of executives believed that employees who made mistakes that lead to business systems being compromised lacked awareness of the threats. This highlights the importance of ensuring all staff understand how to ensure their behaviour does not open your systems to cyber-security threats. Research suggests that low awareness of best practice risks and ignorance is the biggest threat confronting businesses in 2021.
Every business needs to have a training programme and documented protocols to ensure that all staff know exactly what they need to do and need not to do – to minimize the threat of a cyber-security breach. Every business needs a long-term security programme and protocols.
Some 24% of cyber-security breaches in the past five years resulted from ignorant or negligent employees and contractors?
Most in depth cyber-security systems audits, identify vulnerabilities and or security gaps within – networks, applications and digital devices. This is at least partly because the technology available to and the expertise of hackers and criminals are advancing almost daily. What might have worked for your business in 2020 may not work in 2021 and will almost certainly be inadequate in 2022.
This highlights the need to undertake regular, at least half-yearly, audits of the networks, applications, and digital devices that all businesses have become so dependent on. Without regular audits, businesses have no way of knowing if they are protected.
Advances in criminals’ capabilities mean that even if your systems were relatively safe in 2020, they might not be in 2021.
The world is changing fast, but few things are evolving and advancing more quickly than the threats to businesses’ cyber-security. One Australian security agency alone receives reports on more than 164 cybercrime reports per day. This highlights the importance of all businesses, and indeed all enterprises having in place the technology required to monitor threats and report on potential breaches as soon as they happen. Delays can be very costly, indeed.
One of the highest priorities for business in 2021 should be to ensure they have the technology required to monitor the operation of their network and associated systems closely – enabling real-time reporting of potential breaches. The sooner action is taken, the better.
How much might it cost your business to identify a data breach a week after it occurred? How much could you save to know in real-time?
While technology can be expensive, breaches of that technology can be even more costly. While it is rarely necessary to buy all the ‘bells and whistles’, and there are most certainly strategies for buying well – it is important to ensure that your business uses reasonably current versions of the required hardware and software. Each update tends to incorporate new security features and options to make your network more secure.
It is important to work with your IT consultant to strike the optimum balance in terms of using the latest technology and not breaking the bank. The better IT consultants will have the buying power, expertise, and integrity to minimize your investment while ensuring your systems are protected.
If your technology is from 2016 and the technology the criminals are using is from 2021, the criminal might have the upper hand.
Despite the best-laid plans, sometimes things go wrong – perhaps unaware staff opening the door to a hacker, a backup system failing just before ransomware infiltrates your systems, a brute force attack occurs when you are less prepared than you need to be, or criminals use technology that is superior to yours to breach your security systems. While great staff training, regular assessments, systems monitoring, and the latest technology will go a long way to protecting your business, there may be times when the criminals win out.
To protect against this potential eventuality, it is prudent for all businesses to have cyber-security insurance, as part of the broader business protection. Businesses who approach cyber-security in the manner suggested here may never call on this insurance, but prudent risk management demands that they have it.
You are almost certainly insured for a thief breaking into your office – but are you insured for the greater likelihood of a criminal breaking into your systems.
In part 1 of this 2-part series I addressed two of the myths about and five of the biggest threats to, businesses’ cyber-security (click here to read part 1). There are other myths and many more threats. My intention was to highlight the importance of engaging an IT consultant with the expertise, resources and orientation required to partner with you in minimizing cyber-security threats.
Part 2 addresses just five of the strategies that need to be implemented to ensure your business is as secure as it can be and that you are protected in the event of a breach. Choosing the right IT Consultant is crucial and they can work with you to put in place a cost-effective programme and strategies to ensure your systems are secure.
In closing, as I closed in part 1, it is important to highlight again, that your business will almost certainly be targeted in some way by cyber-criminals at some stage. Protection against breaches of your cyber-security is nothing more or less than prudent risk management.
If you want to know more, please call or email us.
Wolfe Systems IT
1300 381 727