3 minute read
CYBER SECURITY FUNDAMENTALS TO PROTECT YOUR BUSINESS
Cyber incidents cost Australian businesses
$42 billion in 2021. The recent spate of high profile cyber attacks have provided a huge wake-up call for Australia, with businesses of all size being urged to do more to strengthen their defences against a possible attack.
The reality is, regardless of your business size, a cyber security attack can be devastating. To provide members with some guidance on what they need to think about to protect their business, ASIAL invited the Australian Information Security Association (AISA) to provide a highlevel overview of some cyber security fundamentals to help businesses protect themselves from the most common cyber security incidents.
Continues over page >
The following is a summary of the presentation delivered by AISA to members across the country which sets out 8 practical steps to protecting your business.
1
Taking a step back
What does that mean?
• Sit down and go through all of the systems that your company uses. Cloud platforms, software, emails.
• Gather details of each of these platforms –Who owns the licence, who has access, what information is in these systems.
• What assets your company owns – Phones, tablets, computers, servers (including Cloud).
• Do you have a plan if something happens? Who to call, what you will need?
2
Backups and what you need?
• Now that you know what platforms you have from step one, figure out the data you need to protect.
• Cloud services need to be backed up as well (This is not done for you in most instances).
• Ensure you keep more than one backup and it is off your network to protect you from ransomware or similar attacks.
• Determine how often you need to backup. How much data are you prepared to loose in the event of an issue?
• TEST the backups. Very Important, can you recover back to what you need.
5 6
Passwords
• Do not share passwords for accounts.
• Have unique passwords for each platform. Do not Re-Use passwords.
• Consider using a password manager.
• Register your email accounts to be notified if your account is involved in a breach.
Getting the Basics Right
Forget the flashy solutions, focus on getting these basics right first. It will make all the difference in keeping your organisation safe.
Ensure devices are regularly updated.
• At minimum monthly.
• Why? More than 80% of breaches are due to vulnerabilities that have patches or fixes released for the platforms/software but they had not been installed/applied.
• Updates
Rinse and Repeat
• Unfortunately like a lot of things in life, Cybersecurity is not just a do once activity.
• We are human and do human things, and over time mistakes get made.
• Aim to have continuous processes and periodic checkups.
3
Antivirus protection
• Now that you know what assets you have, ensure you have an antivirus solution on all devices.
• This includes Mobile devices (Phones, tablets).
• What should you get? Don’t use a free Antivirus, invest in a quality platform. It could be the difference between being a victim of a breach or not.
4
Multifactor Authentication
• Multi-factor Authentication (MFA) means having additional security verification additional to a password.
• This is a must. Passwords can be guessed or breached.
• MFA should be turned on for every platform where available.
• If a platform you use can not use MFA, this is a risk to your business.
7 8
Awareness Training
• Your staff are your biggest assets against cyber threats.
• If you don’t invest in your staff and help them be more informed and better able to act they could become your biggest risk.
• Any training in this area with staff is better than none but don’t make it a once-a-year event and then ignore it.
Reduce your digital footprint
• Have websites cleaned up and backend content or apps that are not used removed.
• Unnecessary apps or webpages will leave you open to unnecessary risks.
• Disable accounts on applications or sites that are no longer required.
• Ensure that all old staff accounts on servers/ systems have passwords reset and locked down to prevent potential use.
About AISA: As a nationally recognised peak body for cyber security professionals, the Australian Information Security Association (AISA) champions the development of a robust information security sector by building the capacity of professionals, advancing the cyber security and safety of the Australian public as well as businesses and governments.
