This week is National Cyber Security Week; an initiative of the Australian Government in partnership with industry to raise awareness among all Australians and businesses about the cyber security risks faced and some simple steps we can all take to become more resilient.
Iress provides market-leading financial software for businesses ranging in size from the very large to the very small, but they all have one thing in common. They all manage and are responsible for protecting their clients data. We recognise that whilst the larger customers have dedicated information security teams there are many of our customers who don’t have that luxury.
So we are using National Cyber Security Week to share some resources that can help you in safely and securely looking after your clients information.
The Australian Government has made a number of great resources available for small businesses which you can find at the Reverse the Threat website. We thought we would call out a couple of key points to get you started.
Why is this important?
Your business is online. Every day you rely on the internet for your email and calendar, access to Xplan to produce financial advice for your clients, invoicing and banking. To put it simply, without access to your IT systems and the internet, you probably don’t have a functioning business.
Cyber criminals know this, and they know how easy many IT systems are to damage in order to create situations to steal money or information from your business, to lock you out of your systems and extort your business for financial gain.
We hear about hospitals and councils being attacked with Ransomware frequently in the news. Only last week a number of Victorian hospitals were taken offline. What we don’t hear a lot about, is all the small businesses which are equally impacted by cyber attacks.
The Australian Government maintains statistics on the various attacks reported to them by the public, and it makes for some interesting reading. So far this year, 5500 reports for hacking have been made with a reported loss of just under $3million dollars. The sad reality is that many attacks and losses are never reported, so this number is likely to be less than the true impact.
If you want to make your own business resilient, then you need to prepare your business.
Protect your assets
Protecting your business from cyber attacks starts with understanding the assets in your business. Understanding what is valuable to your business, what information you hold, where it is and who has access to it are all key to being able to plan to protect your business.
Keep your assets up to date. Ensure your systems are being patched regularly by the vendor. Microsoft and Apple regularly provide updates to their products and you should keep on top of patching them. Products have a limit to how long they will be supported by the vendor after which they won’t get updated. Plan for these end of life dates and replace equipment that is no longer supported. ** Windows 7 is still a very popular operating system and it goes into end of life at the end of this year, so start planning for replacing or upgrading any Windows 7 equipment you still have now **
Business Email. Email is the number one way businesses are attacked. A single email can result in the loss of your client’s information and financial damage to your company. The Australian National University was hacked and recently posted the results of their investigation. It all started with an email.
Protecting email and the humans that read it can be difficult but the simple steps of implementing two factor authentication, ensuring you have good quality anti-spam/anti-virus coverage and training your staff in spotting common phishing techniques can make a real difference to your business.
Act safely
Passwords. Using strong passwords which are unique for every site is important to reduce the amount of damage someone attacking you can do. There are a number of password manager products which are a great way to not only manage unique passwords, but also control who in your organisation should have access to them. Most of them will also help you perform an audit to understand how strong your passwords are or if any of them have been reported in any previous breach.
Implementing two factor authentication (2FA) is one of the best things you can do to protect your business from attack. If you are unsure of what 2FA is or how it works, then we recommend you take a look at the cyber security week site
Backups. We should all prepare for when things fail, and ensuring you have a working backup is a key part of that. It’s not enough just to take backups, you also need to test them to ensure they work. After all, if they don’t work when you need them, then there is no point in doing them at all.
Security Awareness. Protecting your business starts with training yourself and your staff. There is a large range of great free content online which you can use to educate yourself and your staff about the risks they face online. The Australian government provides a free alert service you can subscribe to and keep up to date on cyber security, plus a handy implementation guide for creating a security awareness program for your business.
Prepare for the worst
Unfortunately things do go wrong. We can’t stop every attack you might face, but what we can do is plan for these events to ensure you have the best chance of recovery. A good recovery can even be a positive with your customers. They understand things happen but they are very forgiving when your response is positive and effective.
Plan: Understand what might happen and how you should respond ahead of time. Keep a list of resources which you can use when disaster strikes. Make sure you include not only the technical activities that you need to perform to recover but also your communications strategy, know what you are going to tell your customers and how.
Test: Just like backups of data, when it comes to responding to incidents, practice makes perfect. Not only knowing what you need to do but also being confident on how to is the difference when protecting and recovering your business from a cyber attack.
Cyber security is a huge topic and no single post will do it justice, but we hope that this National Cyber Security Week you spend some time to consider some of the resources provided by the Australian Government, and take a look at your business. We encourage you to invest in improving your cyber security, or if this is new to you, start the journey towards becoming a more resilient business.
