Information and technology has transformed the way Australian businesses operate. Online operations are now almost mandatory in most industry sectors for day-to-day transactions, local and international. This has brought countless advantages, but also risks.
Businesses have a higher exposure to cybercrime than ever before. We hear about the attacks on big businesses – like Sony, Target and Ashley Madison – and the financial and non-financial damage caused. However, the Australian Federal Police revealed last year that they are seeing a trend to smaller businesses becoming targets, with more than 3,500 breaches in Australia reported per month. The ACCC are also receiving an increasing number of complaints about ‘ransomware’ attacks which block access to a computer system until a sum of money is paid.
National cyber security strategy announced
The Government has recognized cybercrime as a serious threat, announcing its $30 million ‘Cyber Security Growth Centre’ as part of the National Innovation and Science Agenda (NISA).
The Centre will be an independent and not-for-profit organisation led by a board of industry leaders who will work together with researchers and governments.
The Australian Government expects the Centre to benefit businesses by
+ Helping them address the growing threat of cybercrime
+ Improving management and workforce skills, productivity and competitiveness
+ Improving access to global supply chains and international markets via secure communication lines.
Once the full strategy is released and the Centre is operational later this year, businesses should be able to take advantage of the cyber security measures put forward. The new developments may spur more innovative business models, products, services and markets.
Businesses need to protect themselves
While everyone should welcome the Government moving to enhance cybersecurity, small to medium businesses also need to take steps to protect their data.
The risks are more widespread than you may think, not only through malicious actions. For example, the staff in your business might be using a public cloud service like Dropbox to access and share work-related documents on their mobile devices. Once your business data leaves your business environment, you have lost control of the information and have no way of knowing if a cybercriminal or competitor has gotten hold of it.
So, how do you secure an organisation with limited resources? The first priority is to not be an obvious target. Ninety per cent of attacks are associated with weaknesses in basic remediation, such as firewalls, default passwords, VPNs and double authentication.
Some simple steps ensure your business isn’t noticeably insecure – like creating good passwords and changing them regularly, doing regular backups to a removable hard drive, moving off of Windows XP if you still have it (as support and updates ended last year), ensuring your automatic software updates and antivirus updates are enabled, and your firewalls are maintained.
For ways to help your businesses stay safe, see the Government’s Stay Smart Online Business Guide at www.communications.gov.au/what-we-do/internet/stay-smart-online/alert-service and check out http://www.scamwatch.gov.au/ to stay alert to the latest scams.