Cyber security and your business
Cyber security. Few people understand it, yet everyone is vulnerable to it. If you run a business, you need to know about it. And you must have an IT team who are onto it. Here are some things to be aware of:
Like Dustin’s baby demogorgon in Stranger Things, cyber threats are a slippery beast that evolves quickly and can’t be left alone… Which is exactly why the larger, less agile organisations – especially slow-moving government ones – are particularly vulnerable to attacks on people’s data. Even if you have a small business, at InfoTech we always advise being proactive and pre-emptive about this issue. Because attacks really can (and do) happen to anyone at any time.
The first thing is to be aware of the threats your business is facing. What would be the cost of a serious breach in terms of money, time, trust and credibility?
The second thing is to equip yourself with the right level of IT protection. By that we mean rock-solid IT where the people you employ or contract out to know you and thoroughly understand your business and what’s at stake. Many times, breaches happen when essential security functions are outsourced overseas and whoever’s in charge doesn’t know enough about the business to protect it adequately.
Does that make sense? Let’s get back to basics for a second. What even is cyber security?
Basically, cyber security refers to ALL techniques your IT provider uses to fortify your networks, programs and data against unauthorised access and potential attacks. This includes but is not limited to:
- Anti-virus software
- Password protection
- Anti-malware measures
Why prevention is better than cure
At least once a day our technicians stress to clients how it’s so much better to be safe than sorry when it comes to cyber security. In our view, having a base level of protection should be a legal requirement. If a breach occurs, it can be hugely embarrassing/damaging to your business.
This is why your IT team must take a ‘pre-emptive strike’ approach rather than scrambling to fix issues after someone’s credit card details have been leaked. This requires innovative thinking on the part of your IT staff and an investment from you. So much is at stake! Such important data! National security. People’s money. People’s identities. Valuable data you have worked hard to collect.
Part of the problem is that IT cyber security measures is often something that businesses try to save money on by outsourcing to dubious international providers or cutting corners. This is a false economy.
The best anti-cyber security people are often the most skilled and creative. They’re the people who get to know your business intimately in order to protect your assets.
Even if you have in-house IT, you will benefit from the experience of an external partner you know and trust. Look for out-of-the-box trouble-shooting and proactive people who are cautious and keen on preventative measures.
A coordinated effort
Effective cybersecurity means everything must work together in a coordinated fashion for optimised protection, including:
- Application security
- Information security
- Network security
- Disaster recovery
- Operational security
- End-user education
We can’t stress enough how you want people in charge of your security who understand your business and the services you provide. Historically, cybersecurity breaches have occurred due to the IT providers lacking institutional knowledge about how the company functions in the long term. You want someone invested in your business.
Not many people realise that a certain amount of creative thinking is involved in cybersecurity measures to outsmart the hackers – it’s as important as technical skills.
Sadly, Australia doesn’t have a great track record when it comes to cyber security. This year, in the APAC region, Australia has led the way in data breaches.
Here are 5 BIG cyber-security fails that have hit Australia in 2016/17:
- PUBLIC SERVICE In November 2017, nearly 50,000 Australians and 5000 federal public servants had sensitive personal information exposed online in a massive leak caused by a private contractor. This included employees of the Department of Finance, the Australian Electoral Commission and the National Disability Insurance Agency.
- MENULOG The most severe incident in Australia last year involved Menulog, which suffered from a breach of 1.1 million records exposing customer names, addresses, order histories and phone numbers.
- SHADI.COM This online dating portal for Muslim singles had 67,118 customer records dumped online by a hacker in July last year.
- FAIRFAX Also reported breaches of customer accounts for The Sydney Morning Herald and The Age digital editions.
- SARINA RUSSO The recruitment agency reportedly exposed client financial records in May 2016 after they were disposed of in a bin next to the office.