We can be pretty relaxed down here in little old New Zealand when it comes to cybercrime. It seems like it is only something that happens to big organisations in countries overseas, because who would bother with a small fry like us?
However, the bad news is that plenty of Kiwi businesses fall victim to cyber attacks – these hackers aren’t particularly fussy when it comes to who they target . But there’s good news too, in that there are many ways to reduce the risk of becoming a cybercrime statistic.
Foster awareness & educate employees
One of the easiest ways to proactively lower the likelihood of your business being affected by a cyber attack is to openly discuss it in your workplace and provide education around best practices online. That’s because your employees are one of your biggest risk factors.
In today’s technological world (and even more so with the significant increase in remote working), many of your staff probably have access to devices that they take with them to meetings, on the road and home at the end of the day. And whether it be unsecure WiFi networks, children downloading games to the laptop, or other personal uses of the device – this is what exposes your business. It’s the chink in the armour of your IT security.
But if you’re able to have honest conversations with your employees and get them all on board with how to not only prevent a cyber attack, but also why they should care, then that is a great first step.
Know what risks you’re facing
Like most battles, the best way to defend against an attack is to know where it’s coming from and be able to identify it before it is able to strike. At the end of the day, most hackers want money, and there are a number of ways in which they can get that from your business. Here’s the top five to be aware of:
Malware/ransomware – blocking access to data until a ransom is paid
Phishing emails – ‘fishing’ for sensitive information, like bank details
Credential harvesting – capturing large email lists to deceive users
Website compromise – when secure information is stolen from a website
Cyber fraud – identity theft, similar to phishing emails
By being on the lookout for all of these kinds of activities, you and your employees could very well be able to stop them in their tracks – before they have a chance to demand a financial ransom or tarnish the reputation of your organisation via a private data breach. Chat to your IT provider for some tips on how to spot these.
Implement the right cybersecurity protocols
To secure your business against the risk of a cyber attack, there are three things you must put in place. If you fail to implement them all, you won’t be able to truly minimise exposure.
Users and digital identity. This is about what we mentioned above, in terms of getting employees on board and understanding the part they have to play.
Applications (software, apps and data). It is absolutely imperative to keep all of your business technology updated.
Devices (computers, laptops, tablets and phones). Keeping a tab on all of your technology assets, removing old ones that can’t be protected anymore and ensuring the ones in use have the latest in security updates.
You should also consider having multi-factor authentication to help verify users and create various user levels so employees only have access to the data they need for their role. It’s the ‘little things’ like that which can make a big difference.
Create a risk management strategy
Most businesses have risk management strategies in place for a variety of organisational operations, but for some reason cybersecurity doesn’t always make the list. However it doesn’t have to be an onerous task, to begin with it could just be about establishing three core principles:
What’s your exposure – what would happen if your business data was compromised?
What and where do your risks lay – depending on your type of business, what are the most likely threats you face?
Ensuring your data is protected – how can you best secure your identities, devices, networks and email?
From here you can continually update this plan and add to it when necessary.
Don’t be afraid – be proactive
Lastly, don’t be so worried about cybercrime that it renders you inactive. Of course having a sensible level of concern about the threat of it towards your business is understandable, but by being proactive, knowing the risks you face and putting in place the right security and processes – you really can minimise your exposure. And if you’re not sure where to start, give our team a call. We’re always happy to help and offer support.