How can you stay safe from cyber attacks? Here are 2 simple checklists from experts
- Written by Jing Jia, Senior Lecturer, Business School, University of Newcastle
“Cyber security” may sound like a far-off worry for big corporations or telcos[1], but that’s far from the case. Cyber security simply means the practice of safeguarding your sensitive data[2] from unauthorised access, theft and damage.
If you have any online accounts at all, you should know how best to protect them. That’s also true if you have a small or medium business.
Nearly half of all cyber attacks target small businesses with 1,000 or fewer employees[3], resulting in an average cost[4] of A$46,600 for small businesses and $62,800 for medium-sized businesses in Australia.
Even if you don’t own a business, your personal savings are vulnerable, too. Last year, individuals affected by cyber crime reported an average loss of $30,700[5], up 17% from the previous year.
So what can you do to protect yourself? We interviewed 18 financial, legal and cyber security professionals in Australia and developed practical checklists for individuals and small-to-medium businesses. Here’s what they recommend.
Cyber security checklist for small and medium businesses Much of the advice for individuals also applies to business owners. But there are other things you should keep in mind when it’s not just your personal data that’s at stake. 1. Evaluate how long to keep information Determine how long to retain information and data and assess if it’s valuable for the organisation. For example, an accounting firm may retain client tax records for five years, but delete older records no longer relevant to current business. 2. Remove unnecessary information and data Remove information that no longer serves a purpose to reduce the risk of exposure during a breach. For example, retail businesses should periodically delete outdated customer email lists. 3. Keep software and systems up to date Keep all systems, applications and devices updated. Software may contain vulnerabilities that cyber criminals can exploit, and updates are a way to patch these up and keep your systems secure. 4. Keep an eye on who can access what Limit access to information based on roles within the organisation. For example, at an accounting firm, only the relevant employees should have access to the financial records of its clients, and they should be protected with multi-factor authentication. 5. Have reliable data backup procedures Regularly back up essential data to a secure location. Having reliable backups allows for recovery in the event of data loss or ransomware attacks. 6. Conduct regular security audits Regularly audit systems and networks to identify vulnerabilities. For example, an accounting firm that stores sensitive client data like financial records should conduct quarterly security audits to ensure the data stays safe and nobody has gained illicit access. 7. Train employees on cyber security best practices Employees play a significant role in cyber security. Regular training can help them recognise phishing emails, suspicious links and other tactics used by cyber criminals. 8. Create an incident response plan Develop a response plan for cyber security incidents that outlines the steps to take in case of a cyber incident or breach. If something happens, having a plan in place will help you react quickly and efficiently. 9. Consider investing in cyber security insurance Cyber insurance can help mitigate the financial fallout from a breach, covering aspects like data restoration, legal fees and public relations efforts. Cyber attacks are constantly evolving, so everyone must stay vigilant about their cyber security – whether it’s simply protecting the logins to your social media accounts, or ensuring the safety of your entire business. References^ big corporations or telcos (theconversation.com)^ safeguarding your sensitive data (theconversation.com)^ with 1,000 or fewer employees (www.embroker.com)^ in an average cost (www.cyber.gov.au)^ reported an average loss of $30,700 (www.cyber.gov.au)^ multi-factor authentication (theconversation.com)^ text messages (theconversation.com)^ social engineering attacks (theconversation.com)^ news articles (theconversation.com)^ Scamwatch (www.scamwatch.gov.au)
