THE BEGINNING . . .
Be vigilant, be diligent and be proactive this holiday period.
Don’t drop your guard for a second. The festive season is known to cause blind spots in business IT Security. Human error a root cause. It might be as simple as the excitement of the pending break, the demand to get all your work done, or it could just be the day after the work Christmas party, either way, it can impair the decision-making process.
More work functions, client catch ups and drinks with colleagues, the easier it for things to start breaking down. A more active work/social calendar than the winter months provide. One day you are at work, things are going smoothly and then it happens. In a moment without thought, your decision-making process is a degree away from where it needs to be.
The microphone drops, the needle scratches and your business falls silent.
THE MIDDLE . . .
According to the Notifiable Data Breaches Quarterly Statistics Report, 1 April to 30 June 2019 (oaic.gov.au), 34% of all data breaches recorded for the quarter, were human error. Such as sending personal information to the wrong recipient via email, unauthorised disclosure through the unintended release or publication of personal information, as well as the loss of paperwork or data storage device.1
Even though you know better, your business blindly marches forward, without a clear plan in place or without a basic level of training/education for the people that are your first responders, that are your first and sometimes the only line of defense, the human firewall, your shoestring holiday staff.
Ask yourself and be honest, do you have a plan in place? Does your holiday staff know what to do? The book Cybersecurity, by Harvard Business Review, has a chapter titled: The Best Cybersecurity Investment You Can Make Is Better Training. Your first and last line of defense is prepared by leaders and employees. Educate and train, then hit repeat.
According to IBM Security, data breaches are growing, with the cost to Australian businesses increasing by more than 14% over the past 12 months.2 In a study sponsored by IBM Security and conducted by the Ponemon Institute it showed the average cost of a data breach to an Australian business reached more than $3 million in 2018-19.
THE END . . .
If you are like most businesses and you don’t really know where to start, start by building strong cyber hygiene and culture. Cybersecurity Hygiene is a set of practices for managing the most common and unwelcoming cybersecurity risks faced by businesses today.
1. Assess capabilities and vulnerabilities.
Generate a clear perspective of your risks and vulnerabilities with a clear vision of how to move forward.
Cyber Risk Assurance
Simplified cyber risk mitigation and assessment
2. Establish an incident response plan.
OAIC: The Office of the Australian Information Commissioner
Data Breach Preparation and Response Plan
3. Back up your data, update your operating systems and passwords and update anti-virus software.
How to protect your business from cyber threats
4. Conduct cybersecurity education and awareness activities, for all employees.
ACSC: The Australian Cyber Security Centre
Improving Staff Awareness
5. Create strong cyberculture.
No longer sitting on the business fringe, now firmly entrenched in the status quo.
- Are your employees up to speed with phishing scams, internet safety, ransomware and password security?
- Have you set standards for social media and internet access?
- Has it been clearly explained how to handle sensitive information?
- Are you planning on doing a password refresh before Xmas?
- Do you have a wi-fi policy?
- Is your company culture companywide, from the top-down culture?
6. Restrict Access & Privileges.
This is one of the most effective strategies to ensure the security of the system.
ACSC: The Australian Cyber Security Centre
Restrict Administrative Privileges
The online world teaches us every day not to trust it. And unlike the mouse in the lab experiment, that learns not to get zapped each time it drinks the sugar water, we get stung every time we are complacent, every time we think it will never happen to us, or worse yet, we don’t think of it at all.
So again, I say, be vigilant, be diligent and be proactive this holiday period.