The pandemic has proven a rich opportunity for cybercriminals, particularly as people worked from home on less secure networks. Cybercrime surged across the board, crippling Australian services from hospitals to government agencies.
The World Economic Forum Global Risks Report 2020, ranks cyberattacks first among global human-caused risks, and one analysis predicts that by 2021 cybercrime will cost the world $11.4 million each minute.
Although at times the rising tide of cybercrime can seem overwhelming, Gartner analysis estimates that 90 per cent of ransomware attacks could have been prevented simply by following basic security fundamentals. Here’s how your business can help protect itself in 2021.
1. Protect remote staff
Employees working from home will be a key target for cybercriminals in 2021. Most people have very limited security at home, and every device – from routers to tablets and smart TVs – is a point of vulnerability. Businesses should put in basic controls around remote working, using multi-factor authentication, encrypted VPNs, Password Managers and securing video calls with passwords.
2. Educate employees
All cybersecurity threats are set to see a rise, from Malware and Ransomware to Spyware, Adware and Scareware. Educate staff on threats and implement cyber hygiene by implementing a reputable cybersecurity software suite.
3. Bake security into your IT
Many SMEs will continue to push forward with “low cost” digital transformations – providing yet more opportunity for cybercriminals. Ensure that security is baked into any new digital plans and that someone is responsible for cybersecurity risks and empowered to act.
4. Prepare for ransomware
The global cost of ransomware is estimated at $20 billion in 2020, with an average attacking costing $4 million. One in three companies pays up – but of these, 17 per cent never get their data back. Ensure appropriate backup and recovery capabilities are in place and practise critical data and systems recovery.
5. Harden existing security
Certain legacy security services, such as VPNs, will be vulnerable targets for cyber breaches. Review all existing security-related agreements and clauses of any contracted services ensuring they are responsible for ensuring security and compliance of their services such as NIST and ISO27001.
6. Understand your legal obligations
Ensure you understand the obligations and expectations of minimum security standards for compliance, such as PCI, APRA and ASIC. Security compliance failures can result in heavy penalties. And just as with smoke detectors and fire insurance, a lack of compliance will likely invalidate any cyber insurance.
7. Get educated
There is a wide range of online resourcing providing free cybersecurity information and advice to SMEs. The Australian government has designed the Small Business Cyber Security Guide specifically for small businesses. International sites also offer relevant information, such as CISA’s (US Cybersecurity and Infrastructure Security Agency) Resources for Small and Midsize businesses, and the NCSA’s (US National Cyber Security Alliance) Small Business Cybersecurity Corner.
It’s also a good idea to do an actual course in cybersecurity. There are many of these online, ranging from entry-level courses like The Absolute Beginners Guide to Cyber Security to advanced instruction such as Risk Management for Cybersecurity and IT Managers. TAFE also offers certificates in cybersecurity.
Another idea is to join a cybersecurity virtual meetup, particularly one targeted to your industry or kind of business. There are many of these on Meetup as well as groups on LinkedIn.
Currently, SMEs tend to be lacking in three key areas: cybersecurity education, cybersecurity awareness, and cybersecurity risk assessment and prioritisation. This makes them extremely vulnerable. But by following the above steps and actively educating managers and staff, they can improve their chances of avoiding a devastating cyberattack.
Mick Esber, Chief Technology Officer, Wontok