Future proofing your business cyber safety By William Buck on 22/06/18 Digital transformation within your business, presents opportunities to streamline activities and create efficiency. However, understanding threats and managing risks are particularly important for small to medium sized businesses who may lack the resources or expertise to effectively implement internet security; yet are more likely to be potential targets for security threats. The Australian Government believes the risk to the Australian economy from computer intrusion and the spread of malicious code to be high, predominantly because of the increase in size, sophistication and types of attacks. In particular, concerns have been raised about the impact on small businesses due to a lack of awareness and operational procedures in place. A recent report looking into small to medium-sized business and the emergence of cybercrime in Australia found that owners do not consider cyber-crime to be their top priority, yet more than half of security events target small to medium sized businesses and cyber-crime is costing Australian businesses $1billion each year. Exposure to these risks have real implications for business owners; cost to business include both financial loss due to scams, and also reputational damage due to privacy breaches; creating overall profit loss. Therefore, the main considerations for businesses in their efforts to protect their business, should be strategies to guard their cash flow and their data. Having steps in place to protect your business will ensure that the extent to which your business is affected, as well as the costs incurred will be dramatically decreased. Here we take you through a simple, yet practical guide to begin future-proofing your business, so your business can reap the benefits of the booming digital economy. Conduct a risk audit The ASX100 Cyber Health Check Report 2017, found that companies who analyse risk better manage cyber threats. Smaller businesses can undertake similar audits to help define the areas they may be at most risk. You may be surprised at the amount of data that needs protecting and the number of vulnerabilities your business has; because whether you realise it, or not, all of your data is valuable. Your business may unknowingly be exposing itself to cyber-security risks. Many small businesses cite their lack of presence online means they are protected from cyber-attacks. Yet, emails are a predominate source of phishing and malware and are used as a predominate form of communication for business owners. Furthermore, social media presence can be a contributing factor to security breaches. Investing in IT audits may be a cost that could make all the difference. Analysing your presence will give you more visibility and understanding of risk; more understanding of your information and assets data and will result in more education throughout the organisation on cyber security as well as greater confidence in your controls. Create a cyber ‘aware’ culture Managers need to be able to observe, respond and manage all cyber threats and be aware of latest scams. This means, anticipating attacks and putting plans in place. Introducing protocols on Internet use, including social media use are becoming the norm for businesses and should extend to all areas of your business. By going further and adding steps into the training process, you will prevent mistakes along the service line and make staff more cyber aware. For example, simple procedures such as verifying email addresses to authenticate invoices before conducting transactions will avoid payment to fraudulent people. By showing strong leadership, managers can create a culture where IT control is normalised. Strong leadership avoids complacency of internet controls, including sharing of passwords and sensitive information and using weak passwords. Update your systems regularly Updates ensure that you are continually protected, because providers ‘patch’ vulnerabilities in your system. This means that by updating your software as soon as updates become available, you are less likely to be targeted by attackers. If there is an option to automatically update, utilise this function. Don’t forget to back-up Maintaining fire walls is not as daunting as it sounds. So, what does it mean? Just like there are general duties you need to perform to keep your business running, you should also consider IT ‘housekeeping’ as an essential part of your schedule. This gives you the ability to monitor threats more easily. By adding a recurrent note in your diary to focus some time on IT housekeeping, will ensure you maintain good controls. Housekeeping involves: Backing up your system (and in more than one place) to prevent loss of data and the ability to recover data which is lost. This limits the ramifications your business will face if they are exposed to ransomware. Ransomware is the newest cyber threat which allows the offender to steal your data and literally hold you to ransom. If you do not pay, your files will be deleted. Managing your accounts by changing passwords, removing old accounts and adding new ones. Managing what you store on your computer is important and is another overlooked part of housekeeping. Having loads of unwanted data on your computer means that it not as easy to keep track of reputable sources of data, meaning an old file you use to have in your system, is actually a file from an intruder. Monitor your online presence With social media becoming a useful tool for businesses to promote their goods and services, it can also expose them to unwanted hackers. Social media sites offer hackers a wealth of information through the interactions people have with your business. Hackers can use data mining programs to find common threads and use these to try to crack passwords to personal accounts. A great way to avoid this happening to you, is to create a password that uses uppercase letters, lowercase letters and numbers. Also, lock down the security of your social sites and limit the number of people who have access to your business accounts. Be Mandatory Data Breach Ready The fact is, it is not ‘if’ you business will have a breach, but ‘when’. With Mandatory Data Breach legislation in place and with increased global complexity, it is important to be aware of legislation regarding data. It’s time to be prepared. Click here to read a recent article which delves into this legislation including how to set up your organisations systems and processes effectively to handle and respond to a data breach effectively. Know your global obligations: GDPR (XYZ?) Lastly, with increased global complexity, it’s important you are aware of GDPR. What is GDPR? – it’s the new General Data Protection Regulations that have come out of the European Union (EU)… You may be thinking, but we’re Aussies and Kiwis, what does it have to do with us? The GDPR applies to all organisations that hold and process data belonging to an EU citizen (even if that citizen no longer lives in the EU) – that’s a broad scope! In next month’s edition, I will explain this concept further. Technology is certainly changing the way we do business. As laws try and keep up and as we navigate this new frontier, it’s important to remember mistakes will be made, yet it is the actions you take to future-proof and comply that will determine how your business and digital assets recover.