Cyber attacks are on the rise in Australia, and every business from startups to SMEs must be on high alert. Hackers are getting better and better at manipulating and coercing businesses, and if the data is anything to go by, companies continue to take the bait.
At this point, the question is not if but when a cybercriminal will attack your business. To protect your sensitive data and avoid getting scammed, here are five practical steps that every business can implement to keep themselves safe from online attacks.
Educate yourself on what you’re up against
You can’t beat an enemy that you can’t see. That’s why it pays for staff and leaders to educate themselves on the various ways that cyber attacks can play out. There are a wide range of attacks to be aware of, including malware, phishing, ransomware, Trojan, keystroke logging, an insider threat, drive-by download, typosquatting, spear phishing, or person-in-the-middle attacks.
Spend time thoroughly researching the various forms of cyber attack and prioritise the ones that are likely to be the biggest threat to your business. To protect against phishing, for example, be cautious about all communications you receive, don’t open any attachments contained in a suspicious email, and never enter any personal information on a pop-up screen.
Typosquatting is where the scammer uses a lookalike name to trick someone into thinking they’re in contact with a legitimate email address or website. Google.com might become Goog1e.com or Gooogle.com. The victim can easily miss the spelling mistake, assume the email or website is legitimate, and potentially reveal sensitive payment information.
Get your passwords and multi-factor authentication in check
Passwords and multi-factor authentication are two of the simplest and most effective ways to protect your business from cyber-attacks. Multi-factor authentication, known as MFA for short, adds an extra layer of security by using two or more pieces of evidence to log in to a single location. Some common examples include an SMS message, phone call, or authenticator app to verify a login.
Along with MFA, passwords to all accounts should be changed regularly. The ideal is every 30 days, but every 60 days can suffice. Make sure your staff’s passwords are difficult to guess. They should be at least eight to 10 characters long, have at least one number, one capital letter, and one special character, such as one of the following: ‘!@#$)’.
Every staff member should have their own accounts with their unique user ID and password so that there is no need to share passwords between staff members.
Use storytelling techniques to help staff visualise attacks
A cybercriminal can sometimes feel like something from a hacker thriller rather than a real-life threat that regularly affects businesses daily. To help staff better picture what an attack would look like in a day-to-day setting, it can be helpful to employ storytelling techniques and role-play various scenarios.
Share examples and scenarios based on the roles and responsibilities of individual staff members. If they can visualise themselves at the centre of the attack, staff will better appreciate the huge negative consequences of something going wrong.
If you’re training an accounting team, for example, share examples of what can go wrong if an email account becomes compromised. Run scenarios where staff inadvertently transfer funds to hackers who are impersonating their vendors, partners, or clients.
Combination of enforcement and encouragement
Getting staff members and even leaders to take cyber security seriously can sometimes be a challenge. Traditionally, either enforcement or encouragement is used to get staff to take the threat more seriously.
However, a combination of the two is usually the best option. Enforcement can be used with training and awareness campaigns, which can be made mandatory for all staff members. This can then be followed up with encouragement and guidance to ensure team members are supported and comfortable.
The end goal is to create a cultural change within your organisation, where staff are actively doing everything they can to keep cybercriminals at bay.
Prevention is better than cure
Far too many businesses maintain lax, lazy, or non-existent cyber security processes – until it’s too late. Then, they’re left scrambling to pick up the pieces while simultaneously installing a whole new cyber security system. The better solution is to get ahead while the business is still secure.
In the world of cyber security, prevention is the best cure. By taking the above steps and protecting your business in advance, you’ll be far better placed to ensure that your data remains secure if an attack does take place.
Unfortunately, human beings have an inherent tendency to take the path of least action or least resistance when faced with a choice. While preventative care, including eating healthy, exercising, and avoiding smoking or drinking drastically improves your health, people still fail to do so. It’s the same with cyber security.
Read more: How small businesses can tackle targeted cyber attacks
Read more:Pandemic sees increase in ransomware crime
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.