October is Cyber Security Awareness Month. As the month draws to a close, businesses here in Victoria and more broadly are embracing a new COVID-normal with restrictions easing. As businesses seek to keep connected with their employees and customer base, they need to remain alert to the possibility of cyber fraud.
In recognition of the importance of secure online connectivity, the Australian Government in August released its Cyber Security Strategy for 2020 and committed a financial investment of $1.67 billion over 10 years to assist businesses, communities and Governments in creating a more secure online world for all Australians, their business and essential services. The strategy outlines 5 pages of action plans and initiatives for governments, businesses and community.
In keeping with the theme for this year’s Cyber Security Awareness Month “Do Your Part. #BeCyberSmart” Louise Brunero from Solubility shares some useful cyber security tips and simple practices that your business can implement today to reduce your cyber risk. We also provide links to some free useful online resources to ensure that your business remains cyber savvy in the new COVID-normal.
Tip 1 Password protect all devices and ensure your passwords are strong.
Take stock this week to review your passwords. A strong password has a mix of upper and lower case letters, number and symbols and is harder to hack. Passwords should not be reused across multiple devices or sites and they should be regularly changed. If you haven’t updated your passwords in the last month, now is the time. Encourage all staff to regularly do the same. If a prompt is needed, set a diary reminder.
Tip 2 Immediately remove access from people who no longer work for you or if they have a change in role and no longer need access.
COVID-19 has caused upheaval and redeployment of staff in many organisations. Unauthorised access to systems by past employees is a common security issue for businesses. As staff roles and responsibilities change, ensure that staff operating in new roles only have access to systems and content as required.
Tip 3 Have a cyber security policy in place and regularly review and update it.
Now is a good time to review your cyber security policy. In response to the COVID-19 pandemic, many businesses have moved their entire workforces to a remote work model and the new COVID normal suggests that remote working for all or many staff will remain in place. All staff should have clear guidance on how to manage business data, their responsibilities and also what is acceptable when they use or share data, devices, emails and public sites such as company websites or Facebook pages. If you update your policy consider a refresher course for all staff especially as longer term remote working arrangements are finalised.
Tip 4 Train your staff to be cyber savvy.
- Staff should use a spam filter on their email account and should be reminded not to open any unsolicited messages.
- Staff should also be wary of downloading attachments or opening links in emails they receive.
- With many employees now working remotely, staff should ensure they are using a secure wireless network and be careful when using public wireless networks.
- Emails providing updated bank account details or requesting urgent payment should always be verified with a phone call, even if the email appears to be from a person or business known to you. Staff should not use the phone number listed in the suspect email, but rather use the contact number from the relevant business’s website to verify the updated account details or payment request.
Tip 5 Back up your important data and information regularly.
Take time this week to test that you can restore your data from your back up. Don’t wait till a cyber attack to ‘test’ your back up system. Use multiple back-up methods and be sure to back up to an external drive, cloud storage solution or portable device. Make it a regular calendar item to check you can restore your data from back up.
Tip 6 Keep updated on the latest scams and security risks.
You can subscribe to the free Australian Government Stay Smart Online Alert Service for up-to-date information. We recommend you designate at least one staff member to subscribe to this service and to regularly update team members of cyber risks.
Tip 7 Know and use your free resources.
There are numerous free cyber security resources available for business. Here are our top suggestions:
- A useful summary document of Security tips for business can be downloaded from the ATO Publication Ordering Service – search for Security Tips and select Media – all publications.
- The Australian Cyber Security Centre (ACSC) recently published a downloadable PDF guide to help small businesses protect themselves from the most common cyber security incidents.
- Join the ASCS’s Stay Smart Online program designed to assist home internet users and small businesses can protect themselves from cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.
- The Australian Government Business website provides an 11 step how-to guide for risk management and cyber security for business.
If you would like assistance developing a Cyber security policy for your business or reviewing an existing Cyber security policy, or have questions about a Cyber security issue please contact the Solubility team today.
We hope you and your team keep cyber savvy as we all embrace the new COVID-normal.
Cover image: Photo by Markus Spiske on Unsplash