By the time you’ve finished reading this article, one business will have been the victim of a cyberattack. That’s the findings from the Australian Cyber Security Centre’s (ACSC) latest report which received over 67,500 cybercrime reports in the last financial year, an increase of nearly 13 per cent from the previous financial year. That equates to one cyber attack every eight minutes.
And if you think it’s just the big players these cybercriminals are targeting, you’d be surprised to hear just how widespread this problem is. No sector of the Australian economy was immune to these attacks, and small and medium-sized businesses are just as vulnerable, sometimes more exposed due to low levels of understanding, less resourcing, or underestimation of risk. According to the Microsoft Digital Defence Report, released in 2021, NFPs are the second most targeted industry for attacks, just after Government.
Top 3 most common cyber security threats for SMEs
- Ransomware involves encrypting company data so that it cannot be used or accessed, and then forcing the company to pay a ransom to unlock the data. According to ACSC, ransomware attacks have increased by nearly 15 per cent compared with the previous year.
- Malware is a malicious code that hackers use to access an organisations’ network, then steal or destroy data. Malware usually comes from malicious website downloads, spam emails or from connecting to other infected machines or devices.
- Scam emails or phishing attacks (pronounced “fishing”) are designed to trick individuals out of their money and information. These emails often look like they were sent from individuals or organisations you know or should trust.
Prevention and proactivity are key when it comes to cybersecurity
Failure to prepare for a cyberattack is costing small and medium-sized organisations big. From financial losses and downtime to reputational damage and even legal action as a result of a data breach, there are a number of ways that cybercrime can impact your organisation.
Having incident response, business continuity and disaster recovery plans in place is an important strategy to prepare for a cyber security incident. Just as important is testing these plans to ensure they’re robust enough to stand up to an attack.
5 simple ways to prevent cyber threats
Build a multi-layered approach to security
There’s no one-size-fits-all approach to security. A good security strategy should be built with a multi-layered approach using different solutions. This can become challenging and complex to navigate internally, especially because products available are constantly changing.
If your business operates through the Microsoft 365 platform, you’ll already have a baseline level of security. Our recommendation is to solidify that baseline by leveraging existing software, configuring settings like MFA and conditional access, and then slowly build up your business maturity level with targeted initiatives that are not included in Microsoft 365, such as extra backups.
If you think you’re not leveraging Microsoft 365 or would like to discuss your Security Strategy, Microsoft Tech for Social impact is offering a free Security Assessment for NFPs. Register your interest here until the end of April.
Update your devices and systems
Turn on automatic updates for your operating systems and applications. If automatic updates are unavailable, regularly check for updates from vendors and install them as soon as possible.
Use Multi-Factor Authentication
Multi-Factor Authentication (MFA) requires the user to provide two or more verification factors to gain access (e.g. a one-time password sent to your phone). Make sure you have MFA enabled by default on any corporate networks, devices or systems.
Train staff in good cyber security habits
Are your end-users the weakest link in your cyber defences? 41% of IT professionals report phishing attacks at least daily. You can have the best technology in place, however, if your staff are not well trained, that investment goes to waste.
Your staff and policies play a crucial role in the success or failure of your IT protection efforts. Build a workforce of trained, phishing-aware employees that provide your business with a human firewall against cyber threats. A good place to start is by doing staff security awareness training and simulations. This has been a popular service for Bremmar clients and you can find more information here.
Back up your cloud against accidental loss or deletion of files
With more and more businesses depending on Microsoft 365 and G-Suite for business operations, the risk of potential data loss is impossible to ignore. Although Microsoft and Google store data on their servers, they don’t take responsibility for human errors such as accidental loss or deletion of files. With people working from home and increasingly relying on collaboration tools like Teams and SharePoint, protecting data in the cloud is more important than ever.
Where to go from here?
Bremmar, in collaboration with Microsoft Tech for Social Impact (TSI), is currently offering a free security assessment and roadmap for Not-for-Profits to help you quantify how Microsoft 365 can help your organisation save costs and improve digital security.
This offer uses a tool that is usually valued at $1400 dollars, and it provides a snapshot of your current security, reviews your environment for vulnerabilities, and finds gaps to address those vulnerabilities. The findings are presented in a workshop with Bremmar where, together, we’ll help you define your 3 security priority initiatives.