Cyber-attacks and breaches have been on the rise since a mass migration to remote work in 2020. According to global cyber security leader, Microsoft, there are close to 8 trillion potential cyber events daily. For small-business owners, and anyone that’s not a cyber expert, that feels like a problem that’s too big to start to solve. Instead of looking at the whole problem, SMEs should focus on protecting their most valuable digital assets first.
Recent high-profile security breaches at some of Australia’s largest, public, institutions demonstrate the risks of cyber breaches, even for ASX-listed companies or large-scale organisations that would likely have sizeable security teams. The recent spate of attacks makes two things abundantly clear: no company, whatever their size, is immune to cyber threats today; and cyber security is no longer an issue just for the IT department, nor should it be. Anyone within a business can start to put a cyber security strategy in place, but a coordinated response covering all parts of your business is critical to your success.
There are three questions you and your team can ask that will help you focus on the most important parts of your business to protect and put a process in place so when the need arises, your business has a strategy and isn’t tied up focusing on the wrong things at a critical time.
What is our risk profile and defensive process? Where do our security weaknesses lie?
Cyber threats are a combination of the intent and capability to attack. The impact of an attack or breach is increased by the vulnerability of your organisation. For example, if you have limited security and valuable data. To mitigate cyber risk, you must either reduce the organisation’s level of vulnerability to an attack or limit the impact of a breach. Adopt a defensive process by asking yourself: Who is coming after us, what are they trying to get at, how are they going to do it?
When coupled with deep experience and awareness of the latest threats and attacks occurring across the globe, you can begin to establish the most effective security strategy and therefore, what technology and tools are most relevant.
If a breach occurred, how would our whole organisation mobilise to respond?
The government’s latest Notifiable Data Breaches report found data breaches resulting from human error accounted for 38 per cent of notifications. Employee education and the communication of your Cyber strategy are essential in modern organisations.
Your staff form a front-line defence against many common cyber-attacks. All stakeholders across the business – from finance, legal, operations to customer service – must work alongside IT or a trusted cyber partner to contain and eradicate threats and manage their impact. Does your team know what to look for in phishing emails, or who to notify if they think they are under attack? Organisations should provide mandatory and regular cyber security awareness training ensuring employees remain alert to potential scams, as well as offering a clear path of action if issues or questions arise.
Do we need to upskill internally, or can we trust an external cyber partner?
The business type, size and complexity of the organisation, geography, technology and customer data collected will all influence the level of security required by your organisation. With so many variables, your Cyber strategy – and the necessary resourcing – will be both nuanced and highly personal. It could be as simple as a higher level of security on company emails and two factor authentication, or it could be having sensitive data encrypted and backed up externally.
Comprehensive cyber protection is not just about bringing in the right technology, but also ensuring that business risk is being managed to an acceptable level with confidence in your detection and response capability. Ask yourself “what can we do?” as a business and what might we need help with, and then find that help – just like you would with other services like marketing, legal, or management advisory.
More than ever before, security must be considered one of a modern organisation’s major investment decisions. As businesses move totally online and corporations have more employees working remotely, cyber security and secure cloud services will be imperative to accelerating growth and new ways of working. Organisations should approach Cyber risk in the same way they consider financial risk or research and development: as a core part of strategy and with the necessary training, toolkit and resources.
With the recent spate of cyber breaches this is a good time to look at Cyber Insurance – either to implement for your business or update your current policy. Speak with Austbrokers Terrace to find out more.
Source: Inside Small Business