The Office of the Australian Information Commissioner’s latest Notifiable Data Breaches scheme 12-month Insights Report shows that just over a third of all data breaches (35 per cent) are the result of human error.
This points not only to the importance of cybersecurity awareness training for everyone who uses a network-connected device but also the significance of a business culture that keeps cybersecurity top-of-mind and users accountable across all departments – and for SMEs, understanding that adequately resourcing IT and cybersecurity is a key consideration to combat the risk of data breaches.
The consequences of a data breach can be catastrophic for an SME. Loss in public confidence can result in a big financial hit, and the Australian Small Business and Family Enterprise Ombudsmen (ASBFEO) has stated that this frequently results in companies going out of business altogether within a year of a breach occurring.
It is imperative that a business’s leadership team recognises the importance of a co-ordinated, organisation-wide approach to information security. While it is one thing to ensure that staff are well-versed on what to look out for when it comes to cyber threats and what steps to take to protect the integrity of their devices, this vigilance must be driven and exemplified by the most senior people in the business.
Datto recently conducted a global research study with SMEs, and cybersecurity was identified as the primary issue across the next three years. In ANZ, over two-thirds (69 per cent) of the SMEs that Datto surveyed said that getting the right technical support and maintenance is the most important factor when it comes to managing their IT and cybersecurity needs.
These high stakes must be reflected in the investment SMEs make in security awareness training. As siloed sections of the network can create security weak spots, SMEs need to focus on simplifying and integrating their security architecture – which is why we’re seeing a lot more IT departments working more closely with outsourced IT companies, such as managed service providers (MSPs). MSPs can help businesses identify and rectify new network or infrastructure security risks.
Outsourcing IT must be a shared responsibility and a coordinated effort to maintain network security. It is also critical to have a plan in place so that everyone knows what to do in the event of an attack to remediate the damage and minimise any negative impact on the business.
Managing the multitude of security tools available and ensuring that security updates are carried out on time can be challenging for SMEs with limited resources, so for many of them, it makes sense to outsource security management to a specialist. Engaging an MSP is often a very effective component of an IT infrastructure management strategy, as it allows IT departments to focus on more strategic aspects of their business.
Many reported data breaches involve hackers gaining access to user login credentials. This can be easily addressed by ensuring that employees do not use the same login credentials for multiple sites, educating staff on how to detect phishing emails, and using multi-factor authentication to prevent hackers from being able to access user accounts.
SMEs that choose to outsource IT should ensure their service level agreement goes beyond basic prevention and focuses on the management of data, security alerts, and remediation – so their IT teams can be freed up to focus on shifting the mindset and awareness of employees, from directors to junior staff, to help protect their network.
James Bergl, Regional Director – APAC, Datto