10 tips to protect your firm against cyber attacks
The digital revolution is moving faster than ever, and it’s no surprise the more digitised we become, the higher the risks of cyber-crime related activity for Australian businesses. Here’s 10 practical steps businesses of all sizes should be taking to stay cyber-safe.
Share this article on
The digital revolution is moving faster than ever, and it’s no surprise the more digitised we become, the higher the risks of cyber-crime related activity for Australian businesses.
It’s a common misconception that cyber-attacks only target big business. According to a recent report, 43% of cyber-attacks target small businesses.
Organisations of all sizes are at threat, so what can you do to protect your staff, business and reputation from cyber security threats?
Here’s 10 practical steps you should be taking:
1. Assess your current cyber security risk
The first step in strengthening your cyber security measures is identifying what you are doing well and what is inviting a cyber breach. Review all your internal processes and protocols to identify where your firm is vulnerable. Keep in mind the greatest cyber security threats range from email phishing scams, ransomware, data leaks through to internal threats including stealing and fraud.
2. Make sure your security software is up-to-date
Frequently, we hear about new technological innovations are shaping the world we live in. What we don’t hear about are the advances in malware and ransomware. Ensure your security software is updated regularly to give you the best chance at avoiding ever-evolving cyber-attacks.
3. Implement spam filters
Use a spam filter to prevent dangerous and unwanted emails from appearing in your inbox. Not only will there be less emails to read, there will also be less opportunity for employees to be tricked by a scam. Given most businesses have access to highly confidential data like contracts and business strategies, organisations face an increased risk of being targeted by cyber criminals.
4. Manage passwords securely
Passwords are often a focal point for hackers and phishing scams, so poor management of your firm’s logins leaves you at risk. Set strong passwords, with a random combination of uppercase letters, lowercase letters, numbers and symbols. Change your passwords frequently – at least once every few months. Finally, make sure they are stored safely. Don’t send your login details in email or store them online. There are a number of free or paid apps available that securely store your passwords.
5. Limit administrative capabilities
Administrative access allows users complete access to your firm’s systems and networks. By limiting the number of employees who have access to this power, you reduce the risk of hackers gaining complete control if a breach occurs. Be aware of internal threats too, limiting administrative capabilities also helps reduce the risk of disgruntled or corrupt employees stealing data.
6. Go phishing
Run frequent exercises with staff, where employees must identify which emails are phishing scams. This makes people more vigilant on a daily basis, reducing the likelihood a staff member will unknowingly fall victim to a ‘phishy’ email. Make sure that staff are regularly checking their email ‘rules’ to check that an auto-forward has not been set up following a phishing attempt.
7. Educate your employees and clients
While blame for one in three cyber breaches lies with employees, it is an employer’s responsibility to train staff in cyber security – it’s their reputation on the line, after all. Hold monthly cyber sessions with all staff to educate them on types of cyber security threats, how to avoid them and what company policies are. Make sure to educate clients as well, by including a note in your email signature about what information your firm will never ask for over email.
8. Understand what sensitive data is
When thinking about sensitive data, information such as bank details, passport number and date of birth spring to mind. However, what can be classified as sensitive data extends far beyond the simple stereotypes. Make sure your employees know what information is sensitive, both for your firm and your clients.
9. Protect important information
Use firewalls, antivirus and DDoS software to protect your data from cyber threats. Encrypt sensitive data and backup important legal documents. Be careful of what software you install on your computer and understand what information your programs and apps collect.
10. Have a plan of action
It’s best to approach cyber security using the not if, but when mindset. As part of your firm’s cyber security preparation, formulate a data breach plan outlining what actions are required and what responsibilities each member of your team has.
Australian businesses are lucrative targets for cyber criminals, and all employees need to be proactive and vigilant in response to this threat.
Be smart. Be ready. Be cyber-savvy.
This article was featured in LawyersWeekly