The Australian Cyber Security Centre (ACSC) has released an updated cyber security guide for small businesses. The report identifies the key areas in cyber threats, software considerations, and people and procedures.
The report identified 3 main areas of concern in cyber threats: malicious software, scam messages, and ransomware.
- Malicious software, or malware, is a blanket term for any unauthorised software that is designed to cause harm. This includes ransomware, viruses, spyware, and trojans. In doing this, criminals are able to gain access to your data, and can use this for: fraud, identity theft, disrupting business activity, or stealing sensitive information. These criminals can operate from anywhere, and target any individual or any company, specifically small businesses who they believe to be the most vulnerable. To protect yourself and your company against malware attacks, train your staff and promote awareness in the workplace, regularly back up your important data, and enable automatic updates of your operating system and software.
- Scam messages are typically sent in the form of phishing messages. Criminals will use social media, email, calls, or text messages to try and scam individuals and businesses out of their money. Some actions they try to trick you into doing include: revealing bank account details, giving remote access to your devices, or opening an attachment that contains malware. If you receive a suspicious message, never click the links or open the attachments in the message. Check its authority by searching their website online, or calling their official number.
- Ransomware is a type of malware that locks your computer or files until a ransom is paid. Ways you can fall victim to a ransomware attack include: opening links, emails, or files from unknown sources, visiting unknown or suspicious websites, or having poor security on your network or devices. In the event of a ransomware attack, it is vital that you do not pay the ransom because it is not guaranteed that you will get your data back, and it encourages the criminals to attack more people. Prevent ransomware attacks by regularly backing up your important data, enabling multi factor authentication, and organise an audit of your infrastructure. Contact us at Assett Professional Services to discuss a free review of your infrastructure today.
The key areas of software considerations include automatic updates and backups, and multi-factor authentication.
- Enabling automatic updates allows your systems to always have the most up to date security measures in place. An old system may have known weaknesses that cybercriminals can exploit to hack your device. If your hardware or software is too old it may be unable to update. This leaves your business vulnerable to security threats. If this is the case, we recommend upgrading your devices when possible. If you would like to discuss this further, contact us at Assett.
- Automatic backups are another vital thing that you can enable to help your business. By backing up your data to an external storage device or cloud storage, you are ensuring that you have a copy of your information if it is stolen in a cyberattack. Backing up your data is a precautionary measure that minimises downtime if you fall victim to a cyberattack. Always keep one backup device disconnected from your device for its safety, and never connect a backup device to an infected computer.
- Multifactor authentication is having multiple layers of protection that need to be passed before accessing an account or system. These include: passwords, PIN codes, secret questions, authenticator apps, ID cards, fingerprints, etc. Implementing multifactor authentication makes it harder for cybercriminals to access your valuable information and accounts.
The key areas identified in people and procedures are access control, passphrases, and employee training.
- Access control is the management of who can access what within your business. Protect your business by restricting access to databases, networks, files, accounts, and mailboxes. This is done to minimise the risk of employees and external providers accidentally or maliciously endangering your business. Rather than having one account all employees use, each employee should have their own account with a secure password that is not shared between staff. Remember to delete these accounts and revoke access to information after an employee leaves.
- Passphrases are passwords that consist of four or more random words. These are easy to remember, but hard for cybercriminals to guess. Passphrases should be: at least 14 characters in length, unpredictable, and unique. Having a unique passphrase for each account is best practice, so it is recommended to use a secure password manager to stay on top of your account details.
- Finally, the most important step in preventing attacks on your company is providing training for your employees. Cyber security is everyone’s responsibility, so you should teach yourself and your staff how to prevent, recognise, and report cybercrimes. We also recommend implementing a cyber security incident response plan to guide your staff in the event of an incident.
Read the full guide here.
To discuss more cyber security measures that will help keep your business safe, contact us at Assett Professional Services.