According to the Council of Small Business Australia (COSBOA) Chairman, Paul Nielsen*, one in five small businesses experienced a cyber crime extortion attack in the last year and experts expect this to increase.
Successful cyber attacks, accessing confidential company or customer data, can have major implications for businesses. The crippling effects can include brand reputation damage, loss of consumer confidence, operational disruption, loss of revenue and business opportunities, or legal action, fines or penalties.
Before taking steps to protect yourself, it helps to understand the different tactics cyber criminals use:
Phishing
Dupes users into supplying sensitive information, often by responding to an email from what appears to be a trusted source – e.g. a bank or a major retailer.
Social engineering
These scams centre on human interaction (often by phone) rather than technology, and encourage users to provide personal details, allowing the attacker to infiltrate computer systems, access bank accounts.
Malware
Legitimate websites are compromised with visitors falling victim to malicious codes through downloading infected software.
Distributed Denial of Service
These attacks launch vast amounts of traffic at a website or infrastructure so systems overload and won’t work anymore.
Ransomware
In the news recently, cyber criminals gain control of your systems and then demand a ransom before they will let you back in or online. In many cases, payment is no guarantee that you can get back to normal operations.
While malicious or criminal attacks were the root cause of almost half (46 per cent) of data breaches in the past year**, it is also important to note that internal errors by negligent employees or contractors were responsible for over a quarter (27 per cent) of data breaches. As well as ensuring your devices are up-to-date with security patches and updates, businesses should also identify, manage and monitor privileged accounts (i.e. those with access to networks, sensitive data or administrative accounts) for unusual behaviour and mistakes.
There are several steps businesses should take to secure and protect their data:***
1. Understand your data and its value
What important data do you have, where does it reside and what is its value to your business, as well as to someone who may want to steal it?
2. Know who can access your data
From inside your organisation and external stakeholders (including users, IT admin, service providers)
3. Know where your data is
Not as easy as it might sound in today’s world of cloud services and mobile users
4. Ensure your data is well-protected
Know who is protecting your data and what operational security processes they use. Look at data-centric solutions where individual files are protected and useless to anyone but the intended recipient
5. Educate your staff and stakeholders
Ensure policies are in place, staff are aware of common cybercrime tactics and everyone understands their personal responsibility for safeguarding data
If you’re unsure about the importance or urgency of addressing your cyber security needs, ask yourself the following. What would you do if you couldn’t access data critical to your business? And what would you do if your data was made public or fell into the wrong hands?
As you can see, it is crucial not to wait until disaster strikes and it is too late. Take proactive steps now and make informed and conscious decisions on your cyber security strategy.
* Paul Nielsen speaking at a COSBOA forum in Canberra in May 2017
** IBM/Ponemon Institute: 2016 Cost of Data Breach Study -– Australia
*** Adapted from Telstra’s 5 Knows of Data Security
Hugh Stodart, Head of Product and Engineering, Covata
