Latest News

Once every seven minutes. That’s how often the Australian Annual Cyber Threat Report states that a cyber crime is reported. 

October is Cyber Security Awareness Month in Australia. As part of our commitment to make Australia a more secure place to connect and do business online, we have partnered with the Australian Cyber Security Centre (ACSC) as a Cyber Champion. 

And that starts with providing clear, simple, actionable tips to fortify your business against cyber threats.

The following might seem like a lot to cover. But chances are that you are already doing a lot of this to some extent. What we’re sharing here are minimum practices that all organisations big or small in Australia must implement to have a minimum level of cyber maturity. 

The idea is not to measure yourself on a ‘pass / fail’ basis. It’s more about embedding a continuous improvement mindset in your organisation when it comes to cyber security. A list like this provides a jumping off point for internal conversations about cyber security. 

Let’s dive in.

1. Update The Software On All Devices Regularly

Regular device updates are like routine check-ups for your business's digital health. Here's why they matter:

• Patch Vulnerabilities: Updates often contain patches for security vulnerabilities. Neglecting updates leaves your systems exposed to potential threats.
• Improved Performance: Updates can enhance device performance and compatibility with newer software and applications.
• Stay Ahead of Threats: Cyber criminals are constantly evolving their tactics. Regular updates help your business stay one step ahead in the cyber security game.

2. Multi Factor Authentication (MFA) Matters

This is a very simple proposition. You need more than one layer of security.

• Multiple forms of verification: MFA requires users to provide two or more forms of verification to be provided before access is granted to a system. This typically includes something you know (password) and something you have (e.g., a mobile app or SMS code).
• MFA Benefits: It significantly reduces the risk of unwanted access, even if one layer of security like a password is compromised. It’s also becoming easier to implement. More and more online services and platforms offer MFA options. 

Practical tip: schedule time for yourself and your team to review existing software, including all those cloud applications, to enable MFA on any that are missing it. 

3. Back It Up 

Loss of data seems like a tomorrow problem. But loss of contracts, invoices or even contact numbers can be devastating for businesses. Getting it back can be costly and time consuming. Backup solutions are your insurance policy against every type of data loss.

• Regular backups: Schedule backups of your critical data to a secure location. There are ways to automate this so it happens without the need for ‘manual’ intervention.
• Ransomware insurance: ransomware attacks work because the attacker can prevent access to your vital information. Having a backup reduces their leverage over you.
• Test restores: Periodically test your backups to ensure they are working correctly and can be restored when needed.

Make a document that lists all of your business-critical data – the kind you and your team use every day and week. Then confirm there is a recurring schedule to backup and test each source of data. 

4. Use Passphrases and Password Managers

Passwords are simple security tools. But they can be made to be more effective. 

• Passphrases: Create strong, easy-to-remember phrases by combining random words that have some meaning for you into phrases. They can be nonsense to anyone but you. For extra points, substitute characters for letters (e.g. ‘$’ for ‘S’ and ‘4’ for ‘H’). It might be your last holiday destination coupled with your sporting team (e.g. $un$hineCoastRoosters42). 
• Password managers: Use a trusted password manager to generate, store, and autofill complex passwords for your accounts. These create password complexity without requiring extra mental power to remember complex passwords and phrases.
• Unique passwords: Don’t be tempted! Don’t duplicate passwords across multiple accounts.
• Size matters: A password less than 11 characters is no longer considered secure, a bot could crack it in minutes. Keep your passwords long and strong. 

5. Upskill Your Team

Your cyber security is only as strong as its weakest link. There are practical ways to bring everyone to the same, high level.

• Training: Provide cyber security training to your staff, teaching them to recognise and report threats.
• Cyber plans and policies: Develop clear plans and policies on keeping your business secure. Your employees need to know their role in protecting you and your clients. Keep an updated incident response plan outlining steps to take in the event of a cyber incident.
• Stay informed: Work with a trusted partner to monitor the latest cybersecurity trends and threats that could affect your industry. This approach lets you focus on running your core business.

Not sure where to start?

If you’d like to talk with a local, Sydney based cyber security expert with deep experience working with Australian businesses and organisations on practical cyber security matters we would love to chat. We can assess where you currently stand, and provide clear, practical options for improving your current security settings to guard against potential threats and disruptions.