The cost of cyber crime to businesses in Australia is rising exponentially, costing Australians an estimated $1 billion each year. Cyber crime cost businesses globally more than $3 trillion annually and it is anticipated that by 2021 this will exceed $6 trillion.
As many small to medium size businesses increasingly rely on new Internet technologies to remain competitive within the local and global marketplace, they too are becoming a potential target for cyber criminals. Cyber crime can have a devastating impact on a small business, which often lacks the in-house technical expertise and resources to quickly and fully recover from cyber attacks. Small businesses can also even unknowingly aid in cyber crime by using unsecured computers, which cyber criminals can hijack and use to attack other online businesses or even our nation’s critical infrastructure.
While there are numerous technological steps SME’s can take to better secure their environments, IT infrastructure and controls alone are not effective in combating cyber fraud. Small-business owners must also take steps to create a “culture of security” and push cyber security higher up the company agenda.
Here are my top five technological and cultural adjustments every SME can make to better defend themselves against the ever growing threat of cyber crime:
1. Assess risk and identify weaknesses
Cybersecurity preparedness starts with having a complete understanding of the internal and external vulnerabilities that can affect your business. Owners should also ensure that updated anti-virus programs, anti-spyware programs and firewalls are installed on all computers and that employees are required to change their passwords every 30 to 90 days. One step further would be to employ Multi-Factor Authentication to external facing and critical systems.
2. Back-up critical information
Establish a schedule to perform critical data backups and system upgrades on a regular basis throughout the year. Creating back-ups on a regular basis ensures that critical data is not lost in the event of a cyber attack or natural disaster. Store all backup copies in remote locations away from the office, such as on an external hard drive, encrypt any sensitive data about company or customers and remember to test and restore your backups regularly.
3. Create a contingency plan
Just like a fire drill, business owners need a contingency plan to follow if the business suffers a cyber attack. This plan should include steps on how to continue business operations at an alternate location when necessary and how to handle a Notifiable Data Breach. Be sure to test the plan annually.
4. Educate employees
Research found that 90 per cent of all malware requires human interaction to infect its infrastructure. In order to create a culture of security, owners must demonstrate to employees and customers that cyber fraud is a serious concern. This involves educating employees and training them on proper Internet practices and technology solutions, and running regular phishing simulations. Susceptibility to phishing emails drops almost 20 per cent after a company runs just one failed simulation*.
5. Implement a security agreement
Business owners should require employees to sign a security agreement to demonstrate that they are active participants in helping to maintain a secure online environment. This agreement also should require employees to report any suspicious online activity or known Internet crime to the proper authorities. At a business level, partner with an MSSP to run security operations, centrally and efficiently, for you.
Aaron Bailey, CISO, The Missing Link