Recently CCF SA Members had the pleasure of hearing Greg Hill, the founder and CEO of HDQ Consulting, and CCF SA Member, give an industry briefing on cyber security.

What’s cyber security?
Is it important to your business? 

According to Hill, this practice of defending your business from malicious attacks in cyberspace and protecting important data is absolutely crucial and in everyone’s interest.

It is protection for your revenue and is especially important for small businesses because they are the ones most targeted. Why? They tend to have less sophisticated defence mechanisms in place against these attacks.

And in the prevailing climate of lockdowns, additional caution should be exercised with more people working from home using their PCs from which they also download movies and other content; they are unwittingly exposing themselves to the risk of malware.

Many are affected by cyberattacks.

Also, as most people tend to use the Business Basic version of Microsoft Office 365 that does not come with advanced security and device management, they are prompting hackers to carry out these acts.

While a business engages an IT partner to safeguard its cyber security, the very things that needed updating and changed to protect the system are often overlooked when time is often spent in other tasks like fixing email signatures or resetting passwords.

So far, with a cyberattack happening every 10 minutes, it has cost the Australian economy about $29 Billion.

Tailem Bend Netball Club and My Budget have both fallen victim to such thuggery with the former losing $150,000 in an online invoice scam last June, and the later blaming ransomeware attack for its system outage affecting thousands of its customers. Hackers who stole information from My Budget threatened the company they would sell it on the dark web unless paid a hefty sum.

Even with the shutting down of DarkSide (hacking group) by the FBI, new hackers have surfaced, actively recruiting partners, and seeking affiliates to gain access to compromised computer networks.

To mitigate the occurrence of these incidences, businesses can explore using cyber security frameworks of which there are several – ACSC with the Essential 8 considered highly recommended as it covers most areas of concern.

Can a business be insured against cyberattacks? In a word, YES, but the cost of such policies has skyrocketed to match the soring incidence of such attacks.

Here’s a tip – be cautious with emails that could be fake. If in doubt about the legitimacy of an email, don’t click on it. Consider if the message is from someone official, the urgency requested to respond to it, or the possible emotional stress you may experience from reading it… that message could be a phish.

When in doubt, ring the email sender; don’t open attached links or emails that are not part of your job; be vigilant with things that ‘don’t look right’; and avoid making financial decisions in email proposals.

And another – do backups that are critical to maintaining online security (which is often ignored, especially with people working from home). Consider implementing an automatic backup system and restoring a complete system twice yearly. Ensure your IT partner does it for you religiously.

With the use of Passwords, use different passwords for different applications ie banking, work, social media etc. Choose a very long and unique password (of 24 characters) and use it for only one platform to access. And use MFA – Multi Factor Authentication for extra protection. Importantly, ensure your IT partner is managing your passwords on your system.

Lastly, remember – cyber security is a business problem, not an IT problem. Look after your business as if it were your life.

Contact Greg to do arrange a cyber health check on your business: https://hdqconsulting.com/