2022 wasn’t a good year for Cybersecurity:
How can you protect your business in 2023?
Last year saw a massive increase in cybersecurity incidents, ranging from ransomware to massive data breaches affecting some of the nation’s largest enterprises.
Cyber security has been an important aspect of using technology in your business for decades now, with increasing levels of business activity taking place online or on systems that go online.
For most businesses, cyber security isn’t a profit centre but a cost, and in many cases it can be tempting to think that all will be well and you don’t really need to spend any time or money on securing your computer systems.
That can be a massive mistake, one that could cost you your entire business in some cases. You might think that it’s only the big corporates that make the headlines that are at risk, but studies suggest that small to medium businesses are prime targets.
The losses are substantial, with the Australian Cyber Security Centre reporting average losses for small businesses at over $39,000 in 2021-2022, a rise of 14 per cent over the previous year.
Small and medium businesses are also rather ripe for the picking compared to large enterprises. While the data or financial pool for a large enterprise is bigger, so too are its resources to combat this exact kind of issue. Meanwhile for small business operators especially resources are tight and the problems can seem complex and overwhelming.
So what can you do to keep your business online, secure and profitable?
Predicting new cyber tech trends is an industry in itself with a mix of research and predictive guesswork, but the reality is that for many small and medium businesses the threat situation in 2023 is likely to be broadly similar to that of 2022.
Here’s what you should consider when assessing your cyber security risks this year:
Bad Passwords are still bad security in 2023
Want to know the easiest way into your computer systems? It’s via the very passwords that you use to keep them secure, if you or your staff have lazy password habits. If you’re using dictionary words or very short password lengths, you’re using passwords that can be cracked virtually instantly by a determined attacker.
Even the classic combinations of upper and lower case letters and numbers aren’t very effective if they’re too short. Research suggests that a seven character password that mixes up lower and upper case letters, numbers and symbols could be cracked in around six minutes of determined attacks.
Double that password length to 14 mixed characters and the same systems would take around 200 million years. The challenge here is that remembering a password like “p2v@tQxCpqBjvU” isn’t all that easy.
Mandating a password management app for your staff and rolling it out across all relevant systems can solve this problem. Many of these apps allow for business-wide rollout and control, scalable according to the needs of your business.
Train your staff about social engineering and attachments
The next critical step to hardening your cyber security comes from you and your staff.
It’s a technique as old as the hills, but often the weakest link in your security will be a staffer fooled by a fake SMS, email “from the IT department” or phone call from a fake staff member needing system access.
That secure password won’t be much use to your business if staff hand it over in a panic due to a heavy-on-the-scares approach. Being aware of this tactic and ready to respond appropriately can save you considerable headaches.
It’s not just fake approaches via phone, SMS or social media that you and your staff need to be on your toes about either. Again, while it’s not a new vector, attachments to emails can be prime ground for spreading malware and ransomware into your systems.
Here you need a multi-stage approach to keep yourself safe, because for many businesses there will be attachments – whether they’re invoices, plans, legal documents or receipts – that you do need to examine and check.
However, training your staff on checking details like the emails they’ve come from matching known clients, as well as having up-to-date antivirus software on hand can and will save you from considerable headaches.
Ensure critical software is updated
In lockstep with having good antivirus software protecting your systems, you also need to protect the systems themselves. This revolves around ensuring that every system that connects to your business network is up to date with security updates from device vendors.
That’s covering everything from the operating system on your laptop to the smart security cameras you have on the front door, too.
Again, as a small business it may seem wiser to keep an older system around even if you can’t get updates for it any more, because it “still works”.
It might operate – but those lacking security updates could mean that you’re leaving a critical door open into your entire network for criminals to sneak into.
Got remote or travelling workers? Use VPN to keep your business private
The past few years has seen an explosion in remote working for quite obvious reasons. For some small businesses, remote working was already the norm, especially if you needed to conduct business off-site.
Keeping your business assets secure and private when you’re not within your own network is tricky, but it’s not impossible. Ensuring that staff are using virtual private network (VPN) software to encrypt their online activities is a key step here, especially when they’re using Wi-Fi or other public networks for their actual connections.
One factor to be wary of here are cheap or “free” VPNs, many of which are gateways to malware rather than actual security software. Do your research and choose a reliable brand VPN rather than a dodgy freebie.
Backup everything. Twice.
So, you’ve locked down your remote workers, trained everyone on not opening dodgy attachments and updated all the software and hardware you can.
Don’t rest on your laurels. The reality of the cyber security space is that it’s an ever-moving feast, and you may just miss that one critical issue, or even be completely unaware of it because a software vendor doesn’t release a patch before a vulnerability is in the wild.
This is why it’s vital to ensure that you back up the essential business documents that make up your company on a very regular basis.
Encrypt online backups and make regular local backups, so that if you do fall victim to a cybercrime – especially ransomware, which tries to lock down those same documents until you pay a cryptocurrency fee – you can more easily and rapidly recover if the worst does happen.
Develop a cybersecurity plan
Every year we’re encouraged as Australians to have bushfire safety plans, even if we don’t live that close to critical areas. That’s because bushfires are part and parcel of living in Australia. Living in the online world, sadly, cyber attacks are the equivalent of a bushfire, in that they can strike rapidly and leave disaster in their wake.
You might never fall victim to an attack, but that doesn’t mean you shouldn’t plan for the worst. Here there are some excellent online resources that you can use to help guide you to working out what you do and don’t need to do.
The Federal Government’s Australian Cyber Security Centre has some excellent resources that you can use to assess your business risk as well, including self-guided exercises, which can massively aid in getting a security plan in place, as well as making you aware of what many common attacks can look like – and how you should react.
