Over the course of the pandemic the Australian Cyber Security Centre (ACSC) has reported a major uptick in cyber scams associated with COVID-19 – in particular, phishing seems to be on the rise. In fact, just six months into the pandemic, ACSC said the Australian Government’s Scamwatch had received over 3000 coronavirus-related scam reports with losses exceeding $1.3 million.
This is supported by a global survey issued during the pandemic in which one in five people living in Australia and New Zealand reported receiving phishing emails specifically related to COVID-19. The most recent Webroot BrightCloud Threat Report also showed a 34.4 per cent year-on-year increase in overall phishing activity in 2020 when compared with the previous year. This underscores that cybercriminals aren’t slowing down when it comes to one of their favorite attack vectors – and the primary vector – for larger, more sophisticated ransomware campaigns.
Unfortunately, it’s fairly likely your small business will be the target of a phishing scam – but the likelihood around whether phishing-related attacks can succeed in bringing down your business is within your control. Proper employee education and endpoint protection are great starting points and useful layers of defense, but small businesses must devote attention and consistent commitment to backup and data protection technologies and planning. However, the reality is that many small-business owners don’t seek out a backup solution until after they’ve experienced a cyber attack or data loss event when it’s far too late.
Often, small businesses will put their data on OneDrive – or a similar cloud service – and assume their data is backed up. But Microsoft and other providers are tasked with providing you access to the application or access to the service, not with protecting the data you put on that application. Similar to how if your data lives on an endpoint – a laptop or other device – you are responsible for protecting it.
As a business owner, you need to have a backup solution that will protect your valuable data – whether in the cloud or on-prem – against malicious attacks as well as the accidental deletions. Ideally you need a backup that will let you roll back to a clean copy if your data is encrypted, enabling you to get the business back on its feet and avoiding significant continuity and loss-of-reputation issues.
Tips for a solid backup plan
First, know your data. Data protection is all about risk mitigation. You need to ask yourself if the data is part of a critical application, and how that data and application ties into your business operations or your revenue. Does the data need to be archived? Does the data live in a legacy system? Is it subject to regulatory frameworks – which could expose your business to penalties if data is breached?
Different groups within your business – say marketing versus finance – will have different data and will therefore need different data protections policies. Having the ability to create different policies for the kind of data or the kind of user that you’re backing up is just as important as having the ability to create policies that are uniform if you need them to be. Know your data and make your policy determinations accordingly.
Now that you know your data, next prioritise your backup need. What is the data your business cannot function without? How long will it take to restore that data? What might it cost to fully retore? When does less critical data get restored? Your backup plan needs to account for all data and storage you have, from cloud to local, including archived data.
Finally, consistently review your backup strategy, asking questions such as whether you have added new applications or data sources, and when was the point where you last tested your backup and recovery plans.
By ensuring you know your data, prioritise your backup need and conduct ongoing reviews, your small business will be better equipped to withstand an attack and get back on its feet, saving you time and money. Cybercrime is continuously evolving and becoming more sophisticated, so ensuring you have full protection in place can be the difference between continuing to operate and losing your business.