Recent trends in cyber security
In Australia, 60 per cent of respondents to the Telstra Security Report 2018 experienced a business interruption due to a security breach over the past year.
The two most common types of security incidents in Australia are Business Email Compromise (BEC) and, more specifically, phishing attacks. Another form of email-based cyber-attack on the rise in Australia is ransomware. According to Symantec, ransomware is becoming ever more sophisticated, where cybercriminals conduct reconnaissance first before making attempts at your data. While automated attempts like those clunky spam emails, traditionally easier to notice, have also become more refined.
The dollar figure cost of these attacks is substantial, and statistics tell us that the number of attacks, and the associated losses, are rising. What does this mean for small-to-medium businesses? Startlingly, estimates suggest that two out five SMBs have been targeted in the past year. When you combine this fact with reports that 60 per cent of small businesses hit with a significant cyber breach go out of business within six months, cyber security cannot be ignored.
While attackers might be looking to steal money or information, an important point to be aware of is that your business, if breached, might be an access point to your customers, suppliers, and partners’ data. Here is where the amendments to the Privacy Act gain their importance. The changes to the act in February 2018 include regulations that affect small-to-medium businesses that hold personal information, with strict new requirements and ramifications.
It isn’t all doom and gloom, though – make positive plans to protect your business today. Prevention and security are both technical and cultural challenges. The best protection to maintain your passion and livelihood is an integrated approach that combines technology, education and specialist advice.
Preventing attacks and creating a secure culture
There is no magic bullet when it comes to guarding against cyber threats. Instead, a multifaceted approach – from firewalls to antivirus, and consulting specialists – is essential. Equally crucial to technological protection and fostering robust policies and procedures, is making security a part of your business’s culture – the right staff training can make your team the strongest part of your security plan.
Cyber security quiz
If your business was subject to a ransomware attack, would you pay the demand?
- Yes, I need my business back online ASAP.
- No, I can safely restore my data to a new device from the cloud.
- Yes, but I’d then look into ways to protect my business from future attacks.
- I don’t think it would happen. My business is too small for attacks.
While paying the demand might get your data back, it’s only a temporary solution and once a business is hacked, they usually experience ongoing issues. As the saying goes: prevention is better than cure. If your system has been infected, you’ll need a complete rebuild of the operating system and restoration of information from a secure backup.
To protect your business, do you have antivirus software installed?
- Yes, my computer came with it pre-installed.
- Yes, I purchased antivirus software when I purchased my computer.
- No, I don’t need it – I have a Mac.
- No, I use in-built protection.
Increased adoption of the cloud and mobile connectivity has raised new challenges for SMBs. Broadly, endpoint protection like McAfee Endpoint Protection Essential for SMB is the standard for small-to-medium businesses, and its variants generally include cloud management, antivirus, anti-spyware, endpoint firewall, and web control.
Do you have antivirus installed on your mobile devices like your tablet and phone?
- I don’t need anything for my phone.
- My main computer has protection – that’s adequate.
- Yes, I have additional endpoint protection.
- In a way. I have a data management program so I can erase my data remotely if needed.
This approach when combined with a mobile device management tool – a product which restricts the features of the smartphone or tablet to stop, for example, the installation of an app that might be infected – is a robust duo. If you make the decision to adopt neither of these options, dedicated antivirus on your devices should be the bare minimum.
Are you aware of your requirements to report data breaches under the Federal Government’s Privacy Act 2018?
Office of the Australian Information Commissioner paints a picture that all SMBs need to see. A year into one of the key functions of the Act, the country’s notifiable data breach scheme, the office has received 812 reports where consumer data has been lost, stolen or shared with the wrong people. Almost half, 47 per cent, have involved financial details. The most common causes of breaches are malicious attacks, human error, and system faults. All organisations covered by the act must log a report when a data breach might cause harm.The latest report from the
- This only applies to businesses bigger than mine.
- No. What legislation?
- I’m aware of it but I’m unsure of my specific obligations.
- Yes, and I have systems in place that safeguard my data.
Are your employees’ devices protected?
- Yes, they are supplied equipment with integrated protection.
- I don’t know, they use their own personal devices at work.
- They don’t work on the main server, so I don’t think they need it.
- Yes, they all have endpoint protection on the devices they use to interact with the business.
You can take it one step further with additional security. Features like containerisation (putting a wall between an employee’s work and personal usage), remote wipe (to erase sensitive data if the device is compromised or a device is lost), anti-spam products (for text or call spam), and sim monitoring products (which can alert you to smartphone or device in the wrong hands), might be the extra help you need.
Do you have email and internet browser security add-ons installed?
- Yes. I use whitelists, prefilters, and password agents.
- I don’t think so. But I do keep my passwords safe and regularly change them.
- No. But I’m aware of the fact that browser settings can help block 3rd party cookies.
- No. I think my passwords are enough.
What is your practice when it comes to scanning for malware and viruses?
Matthew Wilson, CEO of Australian cybersecurity specialist Penten, says: "Installing security updates is the number one control that needs to be in place for organisations, as it will neutralise many of the threats that you face. Malware only works because there’s a vulnerability in the software, and often it’s a published vulnerability which has already been fixed in the latest update. Attackers are simply relying on the fact that many businesses fail to install these updates."Scanning is only effective if your equipment’s software is up to date, including the operating system.
- I make sure that both scans are scheduled daily.
- I have scans scheduled for roughly once per week.
- My antivirus and malware are set to manual. I run scans when I remember to.
- I don’t run scans, as far as I know. I figure the software will do the job.
To request more information on Platinum for Business from Telstra, talk to an expert. Book a call now.