8 Steps to Improve your Cyber Security

While technology presents countless efficiencies in business, it also brings with it a variety of risks. With exponential growth and innovation in this space, effective IT Risk Management & Cyber Security processes are vital.
 
We have recently noticed an increase in online scams relating to fraudulent online payments. Typically, an email account is initially ‘hacked’ and the hacker initiates contact on requesting a creditors change of banking details. The communication contains a new BSB and account number and the target individual is requested to update the creditors details.
 
We have seen a recent spike in cases and in the particular examples that came to our attention, two organisations suffered a loss. These examples highlighted a lack of robust processes on both sides of the transaction: firstly the organisation being hacked has usually not taken sufficient security precautions and secondly a failure on the recipient of the scam request to thoroughly verify the request.
 
Therefore, to help you safe guard your business from hacking attempts, here are 8 key steps to improve your cyber security.
 

Step 1: Secure your passwords


Use secure complex passwords. The longer and more complex the password, the more difficult it is to crack. Don’t use the same password for all your sites! If you find it difficult to remember multiple passwords then use a password management tool.

Step 2: Implement Two Factor Authentication on your systems


Two Factor Authentication requires two forms of verification before enabling access to systems. This provides an added layer of security against many common forms of attack.

Step 3: Only work in secure environments


Be careful where and how you connect online. Be mindful of open access WIFI networks and web sites that don’t have secure connections (where the URL address does not start with https).

Step 4: Secure your applications


Limit the number of applications that your staff can use. This technique of ‘application whitelisting’ prevents unauthorised /malicious programs from running. Also, ensure that access to your applications is on a need to know basis. Leavers should have their access rights removed quickly.

Ensure your applications are patched to protect against the latest forms of threats and ensure that your web browsers block add-ins such as Flash and JAVA which are common access points for malicious code.

Step 5: Backup regularly and test your DR capabilities


This won’t necessarily stop you being hacked but it will help you recover should an incident occur. Having a robust back-up strategy is vital in ensuring business continuity. The frequency depends on the needs of your organisation but daily is usually a good starting point. However, it is also important to test your backup on a regular basis.

Step 6: Staff awareness


If you employ staff, then they are potentially the first line of defence to a cyber attack. It is therefore important to ensure they have the necessary (ongoing) training and awareness in being able to spot a potential threat and knowing what to do in the event of an attack.

The first and most basic step you can take is training your staff to challenge unusual email requests such as demands for payment and the changing or divulging of personal, banking or contractual details.

In each case, the first response must be to do nothing and check directly (ideally by phone as the source email account could be hacked) with the legitimate source of the request. Your staff should be advised to not accept call-backs, excuses or worry about feeling uncomfortable about challenging these types of requests.

Step 7: Network monitoring


Although the need in this space will vary depending on the size of your organisation, you will likely have a combination of on-premise and external infrastructure. Whatever the depth or split of your network configuration being able to monitor your organisation’s applications and the incoming and outbound traffic is increasingly important.

In addition to monitoring, being able to actively protect your network and applications from attack is an increasing necessity.

Step 8: Update your T&C’s


Update your T&C’s with your clients so that a clear process for changes to key data points is in place. No changes should be made to any banking, contractual or personal details without them first being verified directly with nominated individual(s) from your organisation.
 
If you are concerned about the threat of cyber attacks on your organisation then we have a range of services that can be tailored to suit your needs. Please email Simon Cohen, our head of IT Consulting, on 08 9225 5355 or email scohen@moorestephens.com.au