Cyber-security poses a massive challenge to businesses large and small. That’s why building cyber resilience into your online business strategy is a must.
The push towards digital transformation, particularly cloud adoption, has provided businesses with benefits such as scale, cost and flexibility. But it can also cause confusion for a business.
A top-down cybersecurity approach
Embracing new technologies is a critical step for all organisations in this data-driven world, which is why, according to Australia’s Cyber Security Strategy, cybersecurity is essential not only for IT and security teams, but executives, small business owners and other business leaders.
Michael Bishop, Regional Counsel Asia-Pacific at data protection and information management company Commvault, agrees with this top-down approach.
Bishop says a top-down approach in assessing potential risks is important.
“For a smaller organisation, it doesn’t have to be a 100-point strategy, like you would have for an ASX-listed company,” he says. “But you have to take the steps at the right level, embrace it at an organisational level, so all the senior stakeholders in the business engage in a cyber-resilient strategy, and understand what risks are presented to your business.”
Understanding your data assets is the first step, according to Bishop.
He urges businesses to ask themselves these questions. Is sensitive information encrypted? Is important information backed up regularly? Are backups saved to an alternate physical location and hardware?
Manage internal and external risks
The next step is understanding the risks that expose you or your network. In larger companies, it’s common practice to enlist third parties to perform vulnerability testing and penetration assessments. But there are plenty of basic resources that can help mitigate cybersecurity risk, such as the Australian Signals Directorate’s “Essential Eight”.
Once you know where the vulnerabilities are, it’s a matter of fixing these issues where possible and then constantly review and retest to ensure they don’t occur again. Such basic maintenance is essential. As Bishop points out, when WannaCry occurred, many of the affected businesses hadn’t updated their system patches.
If you’re considering outsourcing to a third party, whether for operations, IT services, data or backups, make sure you first assess any potential risks.
“You’ve got to carry out your due diligence,” Bishop says. “When you’re choosing your public cloud providers, and looking at their services, do you know if they’ve got sufficient technical and organisation measures to protect your data and IT services? Where is your data going to be held? Have you conducted risk assessments?
The final piece in the cybersecurity puzzle is ensuring all staff and stakeholders receive training and are educated against the risks. From knowing how to protect sensitive data to understanding the legal requirements in the event of a data breach, good training and communication are at the heart of cyber resilience.
Property Exchange Australia (PEXA) provides a secure online platform for lawyers, conveyancers and financial institutions to lodge and settle property online. Cybersecurity is a top priority for PEXA with the following tips recently provided to its network members:
- Never provide your personal, credit card or online account details from a link in an email;
- Look for the secure symbol. Secure websites are identified by the use of ‘https:’ rather than ‘http:’ at the start of the internet address;
- Take a very close look at the sender’s email address in any messages you receive. It might not match the name of the company that it claims to be from;
- Watch out for any links that appear to be legitimate but can take you to a website URL that doesn’t match the address of the legitimate company’s website; and
- This government site has excellent information and advice: https://www.staysmartonline.gov.au