The hacks will keep coming in 2023, but here’s what every small business can do to protect itself and its clients.
Five low-cost tips for better cyber protection
With 24 data breaches in the first half of 2022 then a second half dominated by high-profile, high-impact breaches at Optus and Medibank, it feels like cyber security issues have finally hit home in Australia.
In these challenging economic times, deciding what action to take and how much to invest is yet another concern for business. So what does this rise in data breaches really mean for small to medium businesses and what steps should they take to reduce the risk for staff, systems and data in 2023?
Until recently, cyber security breaches felt very distant despite a dramatic increase in the frequency of attacks. These incidents, often overseas and against much larger brands and organisations, are difficult to understand and relate to.
Now with the rise in breaches here hitting large organisations and impacting millions of Australians, these types of incidents are increasingly familiar and their impact increasingly local.
After an estimated 19.5 million people were impacted by the Medibank and Optus data breaches, the government has taken the bold step of changing its privacy laws to penalise organisations that fail to take sufficient precautions to protect customer information. These penalties are some of the highest in the world and have scaled values for sole traders and large corporates.
So what can we do to make the challenge of cyber security more manageable in 2023? Can we protect our organisations from cyber attacks even during economic turmoil?
The first thing to remember is that cyber security is an ongoing process and we can never be 100 per cent secure. To protect our organisations, we have to balance the investment in three areas:
- Preventing bad things from happening with steps to reduce risk.
This includes actions such as building security awareness in your team, updating your software regularly, reducing access to sensitive information and choosing good passwords.
- Identifying suspicious activity so that we know when something is wrong and when we need to act.
This includes actions like knowing where you receive information about your systems and their health, watching for signs of strange behaviour from people or technologies and asking for help with things seem off
- Response planning so that when something happens, we react quickly and minimise the overall impact.
This includes actions like understanding where your systems keep their logs and how you can access them, building and testing an incident response plan and knowing who you could call for extra help.
Here are five tips that will help small to medium businesses stay safer in 2023 (without spending a fortune):
- Remember security risk is about trust and connection - when one is harmed, we are all at risk.
Our businesses buy and sell to each other and to consumers, and these transactions require us to share information and form connections. Because of this connection and trust when one of us is compromised, all of us are at risk. If an attacker can compromise a law firm, for example, they can then email its customers and that massively increases the chance that the message will be trusted and action taken.
- Security involves small behaviours, repeated consistently by your entire team.
Over 80 per cent of attacks take advantage of accounts that use a poor quality password. Making sure you and your team use a password manager or turn on two-factor authentication (where you are sent a short code as well as using a username and password) can rule out a staggering number of common attacks.
- You only need to protect the data you store.
One of the reasons why recent data breaches have been so damaging has been the volume of personal data that each company has been storing and how long they have had it. While some data is regulated and must be kept for long periods, many data types lack these restrictions. If you don’t need to keep data, don’t store it long term. Safely disposing of data is much easier than managing it for years.
- Turn on your automatic updates and turn off from time to time.
Has your web browser been warning you to update for a few weeks? Have you been putting it off, hoping you will have more time to restart later when things are quieter? Of all the lies we tell ourselves in small to medium businesses, the most dangerous is “next week it will be quieter”. There will never be a good time to restart your browser or your laptop but it needs to happen for the fixes and security updates to be installed. So take a break, have a cup of coffee and let your software update/computer restart – you’ll be safer because of it.
- Plan for the crime you hope never happens.
We often find it hard to protect our organisations because we don’t really know how they will be attacked. Spend some time thinking about how your company could be harmed and give yourself some idea of what you might need to defend against. Start simple: imagine you are physically locked out, how would you gain access? You’ll be surprised how creative you (and attackers) can be (note: To be clear, I am asking you to plan a crime, not commit it!).
Whatever age and stage of your business, no matter how many people are in your team or how established you are, we all need to find a way to reduce cyber security risks. These simple actions, spread across your team, can help protect your data, systems and people without significant investment and despite the challenging year ahead.
Laura Bell Main is an author and founder of SafeStack.
Comments powered by CComment