Tips to keeping your business cybersafe

Businesses face significant financial loss when a cyber-attack occurs. In 2020, a sharp increase was reported in cyberattacks that target businesses using stolen logins and passwords.

The pandemic saw an increase in the cybercrime ratio multiple times due to the manifold possibilities around remote working and uncertainty along with a lack of experience in protecting businesses while following a work-from-home model.

In Australia alone, cybercrime costs amount to $29 billion every year. 53% of this cost is incurred on detection and recovery. The average cost incurred by a business on a single breach is $276,323.

Cybercriminals often rely on human error, employees failing to install software patches or clicking on malicious links, to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure.

Cyber-attacks are particularly becoming a threat for small and medium-sized businesses, considering they are easier targets. According to a 2019 Cost of Cybercrime Study by Accenture, small businesses faced 43 percent of cyber-attacks, but only 14 percent were prepared for defense.

A cyber-attack not only interrupts routine functions of the organization, but it can also bring permanent harm to IT infrastructure and assets – making them irrecoverable in the absence of required resources or budget. Because of a lack of resources and finances, small and medium businesses often ignore the need to invest in adequate backups and cyber security programs and become easy targets for cybercriminals.

According to a State of Cybersecurity Report by Ponemon Institute, small and medium businesses all over the globe showed alarming statistics:

• Attack Frequency – 71% of SMBs surveyed had faced a cyber-attack in their lifetime and 66% of them had suffered an attack in the last 12 months.
• Weak Security Measures – 45% believed that their security measures are not strong enough to mitigate cyber attacks
• Difficult to Detect – 69% of SMBs suffered attacks that evaded their intrusion detection systems and 82% reported evasion of their anti-virus programs.
• Employee Passwords – 68% of worldwide SMBs reported that their employee passwords were lost or stolen during the past year.

The attacks faced by small businesses most commonly included:

• 57% phishing and social engineering attacks
• 33% compromised or stolen devices
• 30% of credential theft

Business leaders need to understand the consequences of each of these attacks to minimize the potential and ideally prevent future threats altogether.

SIMPLE TIPS TO STAY SECURE

• Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts.

• Don’t make passwords easy to guess. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches.

• Stay up to date. Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it and set your security software to run regular scans.

• Social media is part of the fraud toolset. By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and finance departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payments, or share PII on social media platforms.

• It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages after reporting or forwarding all phishing attempts to a supervisor, so that any necessary organizational updates, alerts, or changes can be put into place.

IF YOU WORK FROM HOME

• Only use approved tools. Only use organization-approved software and tools for business, including company-provided or approved video conferencing and collaboration tools to initiate and schedule meetings.

• Secure your meeting. Tailor security precautions to be appropriate for the intended audience. Plan for what to do if a public meeting is disrupted. Take precautions to ensure your meeting is only attended by intended individuals.

• Secure your information. Tailor your security precautions appropriate to the sensitivity of your data. Only share data necessary to accomplish the goals of your meeting.

• Secure yourself.  Take precautions to avoid unintentionally revealing information. Ensure home networks are secured.

Cybercriminals are an imminent threat to governments, businesses, and consumers alike. Make sure your business is cybersafe. Also, consider having Cyber Insurance to cover the significant costs that are usually involved in fixing cybercrime.

If you are a victim of cybercrime having Cyber insurance can help you with the costs associated with rectifying this. Download this free guide and talk to our team about your options.