Growth Customer Experience Productivity Business IQ Trends Success Stories Tech Solutions Subscribe Tech Enquiry
Business IQ

Checking the locks: How to audit your cyber security

David Wilson
Smarter Writer

David is a business and tech specialist whose experience in journalism spans two decades. His stories have run everywhere from the South China Morning Post to Slate and the New York Times. In his spare time, he does charity work and weight training and hangs out with domestic cats.

David Wilson
Smarter Writer

David is a business and tech specialist whose experience in journalism spans two decades. His stories have run everywhere from the South China Morning Post to Slate and the New York Times. In his spare time, he does charity work and weight training and hangs out with domestic cats.

Highlights
  • SME’s can be seen as easy targets for cyber attacks due to their smaller size.
  • Connected IoT technology can lead to an increased risk of attack.
  • By implementing security audits and controlling devices and passwords, SME’s can limit their risk.

Cyber attacks are becoming more prevalent and sophisticated. To stay safe, organisations must undergo regular and rigorous cyber security audits.

Businesses must conduct cyber security audits for one pressing reason: the growing cyber security threat is constantly evolving, assuming ever more menacing forms.

Image shows a man using a laptop holding a Perspex lock. The rate of cyber attacks is on the rise.

Financial, services, technology and energy companies paid the highest price, according to the 2016 Cost of Data Breach Study produced by ANZ.

But don’t think it’s just the big end of town that is under attack. Despite their modest size, SMEs are equally as vulnerable and can be easy targets. According to the 2018 Verizon Data Breach Investigation Report, 58% of cyber attack victims were small-to-medium businesses. That is, organisations with fewer than 250 employees.  This seems counterintuitive because a common myth is that the bigger the business, the bigger the payoff, and this makes large organisations more likely to be targeted. Add to this the fact that only the biggest organisations that suffer cyber breaches make news headlines, and it becomes easy to believe cyber threats impact the big end of town more.

Increasingly, the conduit for this malice is that swelling monster of a network: the Internet of things (IoT). By 2020, more than a quarter of identified enterprise attacks will involve the IoT. One example in recent years is the case of hackers breaching IoT security cameras to access networks and create a huge DDoS attack. The attackers hijacked CCTV cameras made by the surveillance firm Hangzhou Xiongmai Technology, using malware known as Mirai. The attack took down sites - including CNN, Spotify and Twitter - for long periods, showing how hackers can control a growing number of online gadgets connected to the Internet of things and disrupt the online world on a massive scale.  According to the 2019 Telstra Security Report, the number one challenge for security professionals for 2019 remains the ability to detect and effectively respond to incidents in a timely way, both in the cyber and electronic domains. But this is closely followed by managing the impact of new technologies such as software defined networks and IoT.

A study by Qualys, referenced in the Cisco 2018 Annual Cybersecurity Report, found that 83 per cent of IoT devices scanned (e.g. HVACs, door locks, re alarms), had critical vulnerabilities.  

Instead of just fretting about cyber threats, businesses should target their security budgets precisely. Businesses must ensure they allot enough resources, in step with the massive potential financial cost, rather than hope they stay lucky in the face of devious variants, such as ransomware. 

The Asia Pacific region’s most common malware strain – ransomware - holds a device or system hostage by blocking access until a ransom is paid to nix the constraint.

The scourge with the most piratical overtones can come in the shape of attachments. Or it can be dropped onto vulnerable devices by ‘exploit kits’, when the user visits or is steered to a compromised site. Either way, businesses must keep tabs on security vulnerabilities and run updates in line with the yielded results.

Each audit should include an assessment of emerging threats, such as ransomware and ‘shadow IT’ (solutions built and used inside organisations without explicit organisational approval). One way to address this threat is to devise a ‘safe list’ of assessed, permissible apps.

Likewise, managers should be mindful of the potential, haphazard headaches posed by the ‘bring your own device’ (BYOD) trend. In both cases, an effective preventative measure is to create robust passwords. A password that uses symbols, numbers and letters is tougher to crack. Consider implementing 16-character passwords that are formidably difficult to work out.  Changing compliance requirements that may cause upset should also be subjected to scrutiny.

If you just wing it, you may suffer consequences beyond financial loss. A hacker attack may dent brand image and additionally result in legal compliance issues.

Your audit should integrate into an ongoing security strategy, involving a partner who is capable of ensuring your cyber security stays current at all times. Doing the job alone is difficult. Almost certainly, you will need assistance, so do not be afraid to reach out.

*Originally published on December 19th 2017. Updated June 6th 2019.

Get expert help and advice with your devices, systems and software

Get 24/7 tech support with Telstra Platinum® for Business

Find out more

Unfiltered Conversations: Happiness, resilience and work-life balance for mental and physical health
Success Stories
Success Stories
Unfiltered Conversations: Happiness, resilience and work-life balance for mental and physical health

With Natasha Chadwick and Carolyn Creswell Unfiltered Conversations pairs brilliant business women who are disrupting the status quo, for an honest, intimate and authentic conv...

Solution to misplacing assets: Tagging with tech
Tech Solutions
Tech Solutions
Solution to misplacing assets: Tagging with tech

Looking for a way to secure the tools of your trade? From tools on a work site to the electronic devices across your business, new tagging technology offers you simple, quick a...

How-to: Prepare your business for E-commerce sales holidays
Customer Experience
Customer Experience
How-to: Prepare your business for E-commerce sales holidays

Customers love online bargains – no surprises there. But in recent years, digital sales events such as local efforts Click Frenzy in May and the U.S’s Black Friday have had a r...

Flexibility in practice: tips and insights from our Telstra Business Women’s Awards winners
Success Stories
Success Stories
Flexibility in practice: tips and insights from our Telstra Business Women’s Awards winners

Is the traditional work week redundant? For a growing number of small-to-medium businesses, the days of clocking on at 9am and clocking off at 5:01pm are already gone. As are v...