This is a question everyone should be asking themselves, with most of 2022 and 2023 littered with data breaches, scams, and large-scale hacks among small to medium enterprises and large corporations alike.
Easy as Password123
Proactive and robust cyber security measures are imperative to the successful running and protection of your business. However, many businesses are unequivocally unprepared for this risk, with Australians falling victim to hackers 15 times per minute and over $3.1b lost to scams in 2022.
With flexible working well and truly entrenched in most Australian businesses, there are several vulnerabilities in an organisation’s network that didn’t exist before. Access points for hackers to intercept have increased exponentially, so cyber security needs to intensify as a result. In addition to the rise in access points, employees increasingly are the entry point into a business with weak password hygiene being a significant factor in cyber hacks.
Business Victoria estimates nearly 81 per cent of all data breaches are caused by hacked passwords, with the most common choice still being ‘password’. Social engineering – the process of either manipulating people into handing over confidential information or monitoring social media to gather necessary background information – along with general naivety, highlight the importance of regular password hygiene and employee cyber education.
From a business perspective, third party risk also poses a significant threat to a business’s cyber security risk. With the large-scale data breaches Australia has witnessed over the last year, third-party providers were the weak links to those organisations. Businesses should include a review of their third party or supplier risk in any risk framework they create.
Data makes the world go around
Everyone in the world, business and individual alike, has what criminals want – data. Information and data are now currency – especially in the age of AI – and simple things like name, address, phone number, and credit card or bank details are at the forefront of the type of information sought after by cyber hackers. The importance of this data is intrinsically understood – but how do we safeguard it?
For any business subject to a cyber attack, a thorough and robust plan to cleanse systems and reinstate security is imperative. This is typically done by having backups of your system, which is readily available and easy to implement should the need arise. To prevent a cyber security attack, immediately review and adopt enhanced cybersecurity measures such as malware detection, mitigation, and response.
However, with many businesses holding onto information for longer than they need to, errors are bound to occur. A regular assessment of data retention policies, including short and long-term data retention needs and risk assessment should be undertaken to ensure businesses are not holding onto information they no longer need.
Don’t trust – verify
According to the Australian Bureau of Statistics, 22 per cent of businesses experienced a cyber security attack during the 2021-22 financial year. Cyber crime can be financially debilitating for many businesses, with the Australian Cyber Security Centre estimating an average increase of 14 per cent to the cost of cyber crime reports, or over $39,000 for small business, $88,000 for medium business, and over $62,000 for large business.
Cybercrime is affecting businesses up and down the country, but not every organisation can survive the financial losses if after experiencing a cyber attack, with the costs of ransom and protecting your information post-attack. The costs can blow out exponentially, with further costs including litigation and legal costs, and public relations and reputational costs to stem the loss of current and future clients or customers.
Businesses need to take an offensive approach to mitigating cyber risk, with constant gateways and checks, whether that’s through multi-factor authentication or multiple passwords for different parts of the business. Businesses can protect themselves by:
- improving password hygiene and education across the business
- reviewing the Essential Eight at cyber.gov.au
- enabling multi-factor authentication (MFA) and regularly backing up business critical systems
- ensuring disaster recovery and business continuity plans consider cyber risk and mitigation strategies.
We’re here to help you stay protected
Understanding data, and how to store, manage, protect and retrieve it is critical for business continuity. Contact our Risk Consulting team to strengthen your cyber security position and help you make informed commercial decisions.