Before 2020, working from home wasn’t as widely accepted as it is today. Now, it’s become a necessity for many employees, as organisations around Australia adapt to the new normal of hybrid work conditions brought on by the impact of COVID-19. However, it brings one challenge centre stage for small businesses; the increased risk of a cyber-attack or data breach.
According to Veritas research, in a remote-working world accelerated by COVID-19, less than half of Australian organisations believe that their security has kept pace with the complexity of their infrastructure. One of the top concerns of organisations is the increased risk of attack due to internal threats such as leaks, employee error and misconduct.
It’s easy to see why. In 2020, when the majority of employees were working remotely at some point, the average cost of a cyber breach on businesses rose to $2.15 million; a 9.4 per cent increase compared to 2019. SMEs are often at the centre of these attacks, accounting for 43 per cent of all cybercrime attacks.
Heading into 2021, SME leaders must make their systems foolproof, and that starts with employees. SMEs can implement four key measures as workers return to the office in 2021.
Create a BYOD policy before returning to the office
As many workers are likely to adopt a hybrid approach to remote working, work devices such as laptops, tablets and mobile phones could be used at home, in public spaces or in shared workspaces. This introduces a range of risks for the business, from potential data loss from lost or stolen devices to an increased likelihood of transmitting viruses between remote and onsite workplaces.
Most businesses assume that because they haven’t yet experienced a major security issue, they won’t be hit at all – but it’s just a matter of time. Every company, regardless of how small or how large, is vulnerable to major security events. The best thing you can do is prepare.
Have a good backup plan in place
One of the biggest risks from bringing devices in and out of the office is the threat of ransomware, which has skyrocketed in prevalence during lockdown. With an effective data backup solution in place, companies that fall victim to a ransomware attack can resume operations quickly and without interacting with the hackers. Instead, in that critical moment when businesses realise they’ve had their data stolen, a combination of on-premises and cloud backups allows the organisation to simply restore that backup data and resume operations. SMEs should ensure they have a backup plan in place in case of an attack.
Conduct internal cybersecurity awareness training
Executives need to be cybersecurity savvy to lead a cyber-safe culture from the top down. Regular mandatory security awareness training modules are recommended for all staff to bolster their readiness. The session should cover:
- Recognising phishing attacks;
- Safe remote working;
- Creating strong passwords;
- How to respond in the event of a cyber-attack;
- Ensuring data is protected
Partner with a specialist IT integrator
Ransomware protection is complex and rapidly changing. SMEs would benefit from partnering with a specialist IT integrator to help manage the process. In the case of an attack, these technology partners can help with the restoration process, allowing the in-house business team to focus on crisis management with their customers.
Through regular cybersecurity training sessions, small businesses can ensure that all of their employees are on the same page and that they are committed to helping keep the organisation safe. Australian businesses can help prevent costly, time-consuming data breaches and data disruptions from occurring by ensuring they have the right technology, processes and people in place to fight back.
Nigel Youlden, Director – Channel & Alliances, Veritas Technologies LLC