15 Cybersecurity Best Practices To Implement Across Your Organisation

Our Prime Minister, Scott Morrison, had announced “Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” to raise awareness about the increasing cyberattacks and to nudge organisations to step-up cybersecurity measures on a priority basis.

Though there have been no large-scale personal data breaches, he pointed that off late there has been a considerable increase in the cyberattacks across a range of sectors including government, health, manufacturing, political organisations, education, and operators of other critical infrastructure.

The notable points are the sophistication of these attacks where a failed attempt is followed-up by multiple attacks through the various method. The Australian Cyber Security Centre (ASCS) mentioned a failed cyber-attack to exploit public-facing infrastructure was followed up by numerous attempts which included spearphishing techniques, including sending targets links to malicious files and websites aimed at harvesting passwords.

Health critical infrastructure and essential services should “implement technical defences to thwart this malicious cyber activity”.

It is needless to say that a cyberattack would break the business sector that is reeling under the effects of an economic slowdown. This awareness-raising exercise by Mr Morrison is also an indicator that it is not just large-scale organisations but even small and medium-sized organisations across different verticals are equally susceptible to this state-sponsored sophisticated attack. So, this is a wake-up to businesses to prioritise cybersecurity.

Linda Reynolds, the defence minister, to has asked all organisations Australia-wide, to protect their network and be aware of threats.

However, do not pick up the phone and call some cybersecurity guy just yet. First, understand your risks, talking to an IT security expert with and without a background knowledge can make a sea of difference.

You would need time to process new information and staying susceptible to threat till then is not an option. So, here are some basic best practices on cybersecurity that you should implement across your organisation now:

As an owner, you hold the sole responsibility of implementing a culture of good cyber practices and prioritising information security risks. IT security remains a neglected or “will be looked into in the future” part of businesses. However, with the new warning coming from the State itself, organisations are no more in a position to ignore this looming cyber threat. So, as a first step follow these

• Educate employees: A good majority of cyber-attacks takes place when an employee unknowingly clicks on malicious links or opens emails containing malware. You educate them on identifying suspicious emails and ads.
• Block Pop-ups: Activate pop-up blocker on the browser to block unwanted and misleading ads containing malware.
• Use a strong password and multi-factor authentication: Create strong passwords and encourage employees to change the password every 30 days. Also, encourage them to use an established password manager, instead of saving them on notepads on computers where it is easy to find. Use 2-Factor authentication wherever applicable
• Secure Wi-Fi: Secure your Wi-Fi and ask your employees to access your networks only through the secured Wi-Fi
• Classify information: Not everybody needs to know everything. Classify critical information and provide access to only relevant data to relevant employees.
• Secure Remote working: If you have remote workers, either provide them with secured machines or secure their machine with anti-virus and encourage the use of only authentic software.
• Update software updates: Most software has built-in security features offering a peripheral defence. Regularly update your software for optimum security.
• Back-up data: Follow a regular schedule for backing up data and follow a 3-2-1 back-up strategy – 3 copies of your data; 2 stored on different mediums (hard disk/local drive/network share; 1 copy stored in the cloud. Data back-up ensures speedy recovery in the event of an attack.
• Monitoring: Check with your Managed Service Provider (MSP) if they have a remote monitoring and management tool deployed to monitor your peripheries for suspicious activities. Also, ask your IT person to patch your online systems.
• Prohibit external devices: External devices such as flash drives, hard disks and even smartphones can contain viruses and bugs that can compromise your machines. Ban their use and encourage file sharing only through secured channels such as Microsoft Teams and SharePoint.
• Share carefully: Beware of the information that you share on social media. Hackers can use this to get insights into your company.
• Banking online: While conducting company banking transactions, make sure to use secured devices and Wi-Fi. BankVault SafeWindow is an innovative application to hide your online activities from hackers. This application creates a virtual computer with every login that is as good as a new computer which is free of key loggers and other malware.
• Third-party controls: Your IT resource will be able to put in place some essential security features, but is that enough to defend against sophisticated attacks? You need an expert to thwart unconventional attacks on your network and data. Hiring a Managed Security Service Provider (MSSP) is both cost-effective and need of the hour. An MSSP can design the right IT security architecture to deploy the right technology to monitor, respond and recover from cybersecurity threats.
• Education and Training: Educate your employees on the need to protect information and on the ways to protect it. Help them save themselves from falling prey to online frauds. A compromised employee gadget might compromise company information too. Bring-in experts to train your staff on how to identify and mitigate cybersecurity risks.
• Report: Encourage employees to report any irregularities they notice in the network or in general. If you sense any breaches, report it to the Australian Cyber Security Centre (ASCS) or contact us immediately.

Most small businesses think “I am a small-fish for hackers” – never underestimate a hacker’s interest in your organisation’s data. Your organisation is an easy target, with only minimal work required to hack into your system to access that valuable information with which they can bargain or sell on the dark web.

With warning issued by the government, the question is would you dare to risk?