Three-quarters of Australian businesses experienced a ransomware attack in 2017 – it’s the highest rate of all countries surveyed. That alarming figure comes from Telstra’s Annual Security report, and meanwhile, a quarter of Australian businesses still don’t have a cybersecurity incident response plan in place.
In the event of a breach, almost half of business operators will point the finger at the IT department. In most cases, the reality is underqualified IT staff are trying to plug the holes and manage cyber security in addition to their regular workload.
There are steps you can take to avoid putting your organisation at risk. Here’s a guide to some of the common cyber security mistakes that you can prevent with a cyber security strategy.
Not updating software
Software updates are a bit like the office chatterbox – they seem to come around at the most inconvenient times. Hands up if you’ve ever clicked ‘cancel’ on an update pop-up because you were busy, or it was too difficult to find a time when you could log off all users. Unlike the office chatterbox, software updates usually come with useful information, such as security patches. The more you delay an update, the longer you leave your systems vulnerable – particularly when it’s an update to security software.
Poor password plans
When was the last time you typed in username: admin, password: admin? Or referred to the post-it-note on the partition to log into a shared account? Most software will demand a strong password, but it won’t stop you from storing that password in an insecure environment. Nor will it remind you to remove user details when staffing changes. Establishing a plan for managing passwords within your organisation is an easy and effective way to immediately enhance your cyber security strategy. Edith Cowan University’s (ECU) Master of Cyber Security is an industry-specific course with a strong focus on authentication and access control. Beyond the importance of password strength, it outlines the potential risks of eavesdropping, surveillance and privacy-infringing techniques being used by cybercriminals.
Overlooking security 101
A basic cyber security strategy should ensure that your system is covered by up-to-date antivirus software, all devices are encrypted, and you have a process for onboarding and offboarding employees. When staff leave it’s essential to remove access from both internal systems and third-party platforms. It’s easier said than done, so you’ll need a process in place with cooperation from team leaders and Human Resources. Take care of the pennies and the pounds will take care of themselves – or at least they’ll be a bit easier to manage.
With the amount of time, effort and money invested in cyber security internationally, it almost seems ironic that the greatest weakness in any security system is humans. Those working outside of IT are often frustrated by the demands of passwords and software updates. They expect IT systems to simply work – and not to give them a hard time. A key element of a cyber security strategy is the education of your organisation. It’s important to highlight the dangers of weak password protocols and phishing emails. Create a conscious cyber security culture by providing regular security updates, particularly around issues that are being reported in the news.
According to Telstra’s Annual Security report, over 30% of Australian businesses are experiencing ransomware attacks every single week. Ransomware relies on organisations not having a backup, so they will pay immediately to regain access to their data. Those with a backup don’t get off scot-free, but they have the opportunity to restore their data to a previous state. Unless of course, the backups aren’t working. Many an organisation has reached for their backups in a moment of desperation, only to find that the backup system had been spinning its wheels. So even if you already have backups in place, just go and check that they’re up-to-date. And be sure to keep them encrypted, in a secure location and off-site.
Assuming you’re not a target
Only big businesses need to worry about cyber security, right? Wrong! The average data kidnapper is seeking $1000 in ransomware attacks on small to medium-sized businesses. Not only are smaller organisations likely to assume that they’re not a target, but they’re less likely to have impermeable cyber security in place or an incident response plan. The average individual has enough personal information in their phone or their laptop to make them attractive to cybercriminals, so it’s a no-brainer that every business should be cyber secure, no matter their size.
Leaving it to technology
Once you’ve set up your perimeter protection and put security monitoring systems in place, it can be tempting to think that you’ve largely got cyber security under control. Unfortunately, malware isn’t the only tool available to criminals who have you in their sights. Many are using white hat techniques with ethical hacking tools and legitimate administrator access to bypass security technology. Cyber security courses like ECU’s Master of Cyber Security go deep into the mind of hackers to be able to create effective defences via ethical hacking. This information can be used to train staff to see unusual activity and then report it when they do.
Thinking one person can do it on their own
There are two issues here. Firstly, relying on one person puts an enormous amount of responsibility into their hands and requires an equal amount of trust. It’s always a good idea to have more than one person working on cyber security so that one can identify potentially inappropriate actions by the other. Secondly, cyber security is more neighbourhood watch than town sheriff. It relies on the eyes, ears and actions of all staff to identify unusual activity, resist phishing attempts and maintain secure access to all software and devices.
Not having cyber security experts on staff
Almost a quarter of Australian businesses report a skills shortage in cyber security. This gap is being filled by IT professionals who are doing their best but working outside of their field of expertise. In some cases, it’s down to a motivated individual who can see the threat that the rest of the organisation is oblivious to.
ECU’s Master of Cyber Security offers a cost-effective way to rapidly upskill while continuing to work in your current role. As an online course, it enables you to arrange your study around your work and personal life, so you can study when you want, where you want. It’s a cost-effective way to rapidly achieve cyber security certification and you can apply your learnings immediately throughout the course.
Find out more about becoming an expert by studying ECU’s 100% Online Master of Cyber Security.