By this point we all understand the importance of cyber security, but do you ever feel overwhelmed by what to do to best protect your business? We recently spoke with Stephen Zuluaga – Cyber Security Consultant who outlined eight (8) easy ways you can practically implement to protect your business.
But first, it’s important to understand the fundamentals of cyber security called “CIA triad”, or more simply, “confidentiality, integrity and availability”. The triad is a guide to business that if all three of the standards have been met, your security profile would be stronger and better equipped to handle threat incidents.
So, what’s involved in the “CIA triad”? And has your business implemented this?
- Confidentiality – Ensure you keep data in a way that only those that should see it, see it. Ways to ensure confidentiality include:
- Using strong passwords and passwords best practices
- Data is encrypted using two-factor authentication (2FA)
- Access and control lists are kept up to date and reviewed regularly
- Minimise the number of places where information appears
- Integrity – Make sure your data is trustworthy and free from tampering by ensuring the data is correct and controlled. Ways to uphold integrity include:
- Train your team about compliance and regulatory requirements to minimise human error
- Use backup and recovery software
- Limit access to changing your data (for example, updating your website) to certified, trustworthy individuals
- Availability – Whilst confidentiality and integrity are upheld, make sure the data is easily and seamlessly available and functioning for those who need it. This includes:
- Use the best and most modern software and hardware that is updated/maintained regularly
- Use network or server monitoring systems
- Ensure data recovery and business continuity plans are in place
Now that you have an understanding of the fundamentals of cyber security for your business, implement the 8:
By reading this you’re already upskilling yourself, so good job. It’s important to further your knowledge regularly and gain a deep understanding how your cyber security and IT systems work.
Next, educate your team. The most common cyber-attacks generally involve a business owner or one of their employees being tricked by a scammer. To minimise this risk, foster a cyber-literate organisation. We recommend formal cyber security training, either hosting an external training day, or making cyber security one of your induction modules during onboarding.
Another way to educate yourself and your team about potential threats is through the ACCC Scamwatch website, which updates everyone on current scams that could cost you reputational or financial damage.
Antivirus software is often considered a bare minimum requirement for cyber security. So, which one do you choose? Unfortunately, choosing what’s right for your business is not one size fits all. Rather you need to review different ones and pick one that is most appropriate for your business.
We recommend going onto the AV TEST website, an independent tester of antivirus software for Windows, Mac and Android.
3. Risk Register
As a part of your risk management system, include a cyber security risk register. This should include a list of potential risks, probability, impact and mitigation actions.
To protect your client data from being compromised, it’s essential to frequently back up your data. How frequently you back up should depend on how frequently your data changes and the importance of that data.
You have two main options for backups:
- Cloud-based backups: these are good for automated and regular backups, easy to restore data, the security is taken care of by the cloud provider and can be used by multiple people and devices.
- External storage base backups: these give you control of your data without third-party interference, they do not require internet speed, and don’t have ongoing costs. However, they can take more time and effort to manage.
Make sure your devices and software are automatically updated often. This is because cybercriminals are more likely to hack devices by using known weaknesses in systems or apps. Updates generally will give you more security upgrades.
6. Safe and Strong Passwords
To choose a safe password, use a long, memorable passphrase (made up of four or more unrelated words that you combine). Then incorporate random symbols into the mix. Never repeat a password across different logins.
To ease the process of creating and remembering unique and complex passwords across all your logins, use a password manager. Password managers securely store, encrypt and create unique new passwords.
7. Multi-factor authentication (MFA) or Two-factor authentication (2FA)
MFA/2FA is significantly more powerful to protect and secure your data from criminals. It requires two or more proofs of identity to grant individuals access to the data. Authentication methods could include a random pin, fingerprint, email, SMS or an authenticator app.
8. Lead by example
As a leader in your business, you must encourage cyber secure habits among your team. Lead by example and take as much caution as you would want your team members to. Remember, this is about protecting your business, your clients and yourself.