Every business in Australia should be thinking about Cyber Security in 2019.
If you own a phone, a computer or anything that connects to the internet, keep reading.
This guide will teach you what cyber security is, why it’s important, and how you can protect your business with a Cyber Security Policy.
Cyber attacks can cripple your business. Over 40% of attacks target small business. Don’t think cyber security doesn’t affect you.
In short: if you run a business and you want some simple steps to bulletproof your business, you’ll love this guide.
Let’s get started.
What is Cyber Security?
Cyber Security is defined by Cisco as the practice of protecting systems, networks, and programs from digital attacks.
These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes.
Ever heard of spam, phishing emails or credit card fraud?
Yep, all of those things can cripple your business if you’re unlucky enough to fall victim.
Cyber Security is everything we do to try and PREVENT criminals from getting in.
There are three key pillars of cyber security:
- People – every employee needs to play their part
- Processes – clearly defined rules and procedures to protect the business
- Technology – things like anti-virus and password protection
Why is Cyber Security Important?
Technology is everywhere in our lives today. We live in a connected world.
Unfortunately, the internet age has also opened up opportunities for criminals to target individuals and businesses in more sophisticated ways.
Cyber security will help safeguard your assets and keep out the bad guys.
As a first step, we recommend that all businesses implement a Cyber Security Policy.
What is a Cyber Security Policy?
A Cyber Security Policy sets out guidelines to protect the security of technology and information assets in your business.
It includes rules and processes your employees and approved users should follow to protect your business.
Some of the issues the policy should cover are:
- the type of business information that can be shared and where
- acceptable use of devices and online materials
- handling and storage of sensitive material.
Does your business need a Cyber Security Policy?
Yes, we recommend a Cyber Security Policy for ALL businesses as best practice.
Cyber crime is on the rise in Australia, and small businesses are not immune. According to a 2016 report by cybersecurity firm Symantec, 43% of cyber-attacks are targeted against small businesses.
We’ve all heard of hacking and phishing scams – many cyber attacks are actually successful because of simple human error or social engineering (e.g. opening an email attachment).
If your business uses the internet – for email, banking, running a website or other activities – you need to know how to keep your information and assets safe.
Businesses that don’t have a cyber security policy could be leaving themselves open to attacks and legal issues.
The graphic below shows the staggering cost of cyber crime in Australia and the effects of a cyber attack on business:
What does a Cyber Security Policy include?
★ Handling of sensitive data – storing, using and destroying sensitive data when no longer required
★ Password policy -password requirements, how to store passwords correctly, how often you need to update them, sharing passwords etc
★ Anti-Virus Software -rules and standards for anti-virus software on your devices
★ Email standards – sharing your work email address, opening attachments, blocking junk, spam or scam emails, deleting and reporting suspicious emails
★ Bank account and payment details – rules for sending and sharing payment details and safeguards to confirm account details with suppliers and customers manually.
★ Two-factor authentication
★ Removable Hardware – rules for using removable hardware such as USB sticks to store and share information
★ Office Wireless Network and Public WiFi – settings and protocols when connected to WiFi
★ Backup – how data is backed up and stored
★ Disaster Recovery Plan – key details for vendors and support in case disaster recovery is required
★ Data Breach Plan – a checklist of things to do in the event of a data breach
★ Training and awareness – onboarding and mandatory cyber security training
★ Cyber Insurance – do you have it? If so, what are the details of the policy?
★ Cyber Risk Assessment – at the end of every financial year, the cyber security officer will review this policy, assess the business’ exposure to cyber risk and update the policies and practices to address any change.
How do you enforce it?
We recommend that you distribute your Cyber Security Policy to all employees and require them to sign off on it.
Employees are often perceived as a “soft” target to be compromised, so it is important to provide regular reminders and training.
Finally, don’t forget to check your insurance policy to see if it covers cyber crime.
The Australian government has a website called Stay Smart Online, which has some great cyber security tips.
A chain is only as strong as its weakest link, so it’s important to remain vigilant.
Find Out More
- Check out some tips on preparing a cyber security incident response management plan to help you prepare for and respond to an incident fast and effectively.
- Read about keeping your business safe from cyber threats to help you keep your technology and business information secure.
- Head to the Australian Cyber Security Centre (ACRS) to find out more about cybercrime or report a cyber attack.
- Subscribe to the Stay Smart Online Alert Service to receive up-to-date information on cyber security issues and solutions.
- Report a scam to Scamwatch online.