More and more business data including sensitive information and personal records are stored in the cloud in the modern-day. This makes it more important than ever to protect your business data for a range of reasons.
The latest Australian Cyber Security Centre report showed that there were 67,500 cybercrime reports in the 2020-21 financial year, a 13 per cent increase on the previous year. That equates to a cyber attack once every eight minutes.
Cyber attacks damage businesses in more ways than one. The average cost of a cyber attack on a medium Australian business is $33,000. Worse still, businesses are required to notify their customers when their data has been compromised under notifiable data breach legislation.
When you consider that 70 per cent of customers say they would leave a business if they become aware of a data breach, the cost of not keeping business data (including customer information) secure becomes extremely high.
There are many ways you can keep your business data and systems secure online, including:
Ensure Your Data is Backed Up
The first thing to consider is disaster recovery if your business systems and data are compromised. This will ensure you can restore all of this data if there is a cyberattack, hardware failure, or a natural disaster like fire and flood. Cloud storage is the best method for backup because physical hard drives can be stolen or destroyed. There are many reputable cloud storage companies that over robust data security and around the clock monitoring so you will receive alerts if there are any attempts to steal this data.
Install Robust Security Software On Your Network
Cyber security goes beyond just installing an antivirus program (although this remains essential). You will also need anti-malware and anti-spam filters installed on every connected device on your network.
Only Use Authorised Company Devices
Any device that is connected to your business network becomes a potential vulnerability that cybercriminals can exploit. If you have a BYOD policy, these devices will need to be secured by your IT department before connecting to your network. External drives (including thumb drives) should not be used because they can be physically lost or stolen.
Ensure Users Are Using Strong Passwords
Cybercriminals have advanced methods to crack passwords these days so choosing strong protection is essential. Make it mandatory for users to have unique passwords for every account and login that are at least 14 characters long and include numbers and characters. There are strong password generators available on the internet and password vaults that can be used by users so they don’t forget numerous, complex passwords.
Use Multi-Factor Authentication (MFA)
Passwords are no longer enough, no matter how strong. Users need to verify their identity when they access their accounts and important business systems – especially when they are trying to access them on a new or different device.
MFA means they will need to verify it was them trying to log in through an email or text message. This adds an extra layer of protection that will protect your accounts and systems even if a cybercriminal can get past the password.
Regularly Audit Your Hardware
It is not just remote attacks that you need to be concerned about, traditional theft is still an issue in the modern-day. Current or former employees or criminals who have had access to any of your job sites can steal devices like computers, tablets, phones and storage devices and gain access to sensitive data. Ensure you have a robust system in place allowing you to locate all of your hardware and regularly audit to check it is where it should be.
Put Strong Policies in Place
Online security is the responsibility of everyone in the company so they should have easy access to their obligations and requirements. Policies should be reviewed and updated annually anyway, but this is especially important today.
Technology is advancing at an exponential rate so policies need to reflect these changes and how to remain secure using new technologies for work purposes. This includes policies for remote workers and flexible workers who are also carrying out their duties at home or other locations.
You can also make these policies transparent and available for your customers to view so that you can show them how you are protecting their data.
Educate and Train all Staff
Having the right measures in place is only half of the battle won. Workers need to be educated on their responsibilities – a process that should be carried out regularly, not just when they are first employed.
It is important to create a workplace culture where online security is treated very seriously and that all workers buy into this culture. Because the consequences of security breaches are so high, these policies and procedures have to be non-negotiable.