In recent years we have seen an increase in the number and sophistication of cyber threats and attacks in Australia.
Over the 2021-22 financial year the Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports, a 13% increase from the previous financial year.
The ACSC also reported that medium-sized businesses with between 20 and 199 employees are the most at risk of attacks, with the average cost of an attack for a business of this size being $88,407.
While the risk of a cyber attack remains high, there any many things businesses can do to reduce the risk of an attack and reduce its severity, should it happen.
1.Make a plan
It’s important to have a clear mitigation strategy that’s regularly reviewed and updated. ACSC recommends adopting eight essential mitigation strategies to help prevent cyberattacks. They have a number of useful resources on their website for directing a business’s actions around cyber security.
2. Secure internet connections
Make sure that at all the points the business connects to the public internet, such as file sharing software and webmail are secure and not vulnerable to hackers. It pays to work with an experienced IT professional on this.
3. Safeguard all devices
Ensure that all devices your team uses to connect back to the business such as laptops and smart phones are also secured to ensure they are not an access point for criminals to enter a business.
4. Ensure your antivirus software is up to date
All businesses should employ a suite of leading anti-virus anti-spam (AVAS) software to fully protect them from viruses and spam. It is important to ensure any updates and patches are automatically installed so you’re protected from new threats.
5. Automate back ups
Like software updates, data should be automatically and regularly backed up via offsite servers not connected to the business. That way, if criminals do manage to enter a business system, they cannot access back-ups and delete them. This means in the event of a cyberattack, the business can be back up and running very quickly, using the most recent back-up. Back-ups are also an important tool to help recover lost data in the event of a fire or failure of a server. These systems should also be regularly tested to ensure they are working correctly.
6. Implement multi-factor authentication
If a system has the right protocols in place, it should be nearly impossible for criminals to gain access. These protocols can include measures such as multi-factor authentication and mandatory regular password updates.
7. Audit third parties
Criminals can also gain access to your system through external parties or suppliers that have remote access to your systems. Regularly audit their cyber security safeguards to detect and fix any potential vulnerabilities.
8. Train staff
Human error is a common cause of cyber breaches and attacks. Businesses should run regular cyber security training for their staff and educate them on emerging threats like new phishing email trends.
9. Respond immediately to threats
Ensure to put protocols in place so you can lockdown the business system as soon as a cyber-attack is detected and minimise the damage and risk.
10. Have a cyber insurance policy
Cyber insurance policies can help businesses recover from an attack by paying for the costs associated with any data and financial losses resulting from a cyber-attack.
To identify any cyber risks in your business and to learn more about cyber insurance policies, contact our team of experience brokers today.