20211001News

 

What better time to turn your focus to your digital safety than in October during Cybersecurity Awareness Month? While most organisations have the basics in place, it's often a false sense of security if you think an off-the-shelf product will keep your systems, network and people 100% protected.

During the global pandemic there's been a massive shift in where and how people work. So, now is a great time to take stock, assess your current setup, and adjust for a much-changed working world.

Here are five essential ways that you can improve your awareness and feel more confident about your cyber safety:


1. Get familiar with the basics

Cybersecurity is an area where it can seem impossible to keep up with changes. New threats often emerge (too often!), so unless you're a large corporation with dedicated cybersecurity experts, it's best to try and get familiar with the basics so you can keep on top of core threats.

There are plenty of great resources available online to help businesses of any size stay up to date with what's happening in the world of cybersecurity. For example, the Australian Cyber Security Centre (ACSC) is an Australian Government body that offers advice, information and updates so you can stay across how to keep yourself, your business and even your family safe online.

If you don't know the difference between spam, phishing and spear-phishing, you're not alone. The same goes for malware, botnets and ransomware – what are all these things? How do they work? And what happens if your systems are breached by one? Of course, there are basic precautions you can take, but if you're starting from scratch, it's probably worth sitting down with a cybersecurity expert to talk through what’s what and potential exposures.


2.Learn to see the red flags

Once you start to get a bit more familiar with some of the leading cybersecurity concepts and understand the basics, the next critical step is to identify red flags. Although cybercriminals are super savvy, spending their time coming up with new ways to ‘trick’ individuals into taking an action that results in exposure, there are lots of red flags along the way that can help stop a breach from occurring.

It’s vital that your people and teams have a fundamental understanding of what to look for and be confident enough to trust their instincts if something doesn’t seem right. Every company has a story about a team member who clicked a link in an email because it looked utterly legitimate, it came from a client, had the correct email address, made sense, but something just wasn’t quite right – costing money, time, effort and causing frustration.

Some basic tips for what to watch out for when it comes to phishing emails are:

  • Misspellings – a company name, a department name, or a ‘from’ address might have a slight spelling error
  • Urgency – these emails often have “URGENT” in the subject line or the body of the email
  • Link or download – there may be a link or a request to download a file; you can check attachments by hovering over the link to see the URL that’s embedded
  • Strange sentences – any oddly phrased grammar, strange wording or spelling errors are often a big red flag that something isn’t quite right.

3.Encourage good password hygiene

Did you know it’s estimated that 65% of people reuse the same password for multiple accounts even though more than 90% of people know they shouldn’t? During the pandemic, many people have had to transition to working remotely. As a result, our digital lives have vastly expanded in the past two years, and we now have more accounts, and therefore passwords, than ever. This means more opportunities for cyberattacks, slip-ups, breaches and threats to get through.

Does your organisation have an IT governance structure in place? Do you have enforced password changes for your critical systems and networks? Do you regularly remind your people to update or strengthen their passwords (do they even know what a strong password is!)? If you do have policies and procedures in place, have these been updated in the past 12 months?

Setting a framework around your IT governance doesn’t have to be complicated, expensive or time-consuming. Working with an experienced partner can set you up to get all your IT and digital requirements working to meet your current state – while keeping tomorrow in mind. It’s a simple step that many businesses overlook and one that can be the most costly.


4.Treat your data as king

Our digital footprint is all about data. And in the business world, a digital footprint is often all about your customer’s data. But, unfortunately, without adequate data protection and backup systems and processes in place, you’re leaving yourself, your teams, your business and your customers super exposed.

When we talk to clients about cybersecurity, we always talk about data backup and continuity planning for when (not if!) something goes wrong. Why? Because no business wants to be paralysed when the worst occurs – the less downtime you have and less exposure of your data, the less of a catastrophe you’ll face.

Data backup is complex – and once again, out-of-the-box or off-the-shelf solutions aren’t always the most effective (or cost-efficient!). Once you have a storage solution sorted, you’ll also need to consider your governance and processes around data backup.

Having well-structured and planned backup solutions can offer real value to your clients and even be a point of difference from your competitors. Knowing that their information and details are safe with you earns customer trust and improves your brand.


5.Have a people first approach

Thinking about all those things, passwords and data, scams and malicious threats, there's one thing they all have in common, and it's not computers, hard drives, networks or systems. It's people.

At the heart of everything we do at Asta are people – this has been the way we've worked for over 22 years. So, it's no different when it comes to working with organisations to improve cybersecurity awareness.

Most cyber breaches are due to human error – a massive 90% in fact. So, although cybersecurity, monitoring and protection are essential, education, awareness, and training for your team is vital.

Investing in cyber awareness training for your business should be a priority for staff at all levels, from the newest or most junior staff member right up to the CEO and board. Ongoing training will strengthen your cybersecurity and resilience as you stay up-to-date with new threats, run simulations, and help your teams become more confident in identifying when something doesn't seem right.


If you're ready to learn more about how you can better protect your employees and business, we're currently offering a 1-month free demo of our industry-leading cybersecurity awareness training.

Go to www.cyberaware.asta.com.au/pro to register now.

Share it to social media