Being attacked by cybercriminals can cost businesses time and money, not to mention the damage that can be done to their reputations. Too many businesses are leaving themselves open by failing to adequately secure their environments. As the end of the financial year approaches and following recent attacks, businesses should look to bolster key areas in their cybersecurity defence.
Mostly resulting from employee error or inadequate company policies, the repercussions of a cybersecurity breach reverberate across entire organisations. A successful breach can negatively impact on a company’s reputation, and a diminished capacity to attract and retain customers.
As budgets are finalised for the 2018 financial year, now is the time for Australian businesses to strengthen cybersecurity defences. By examining cybersecurity policies and procedures, and ensuring IT infrastructure is current and employee training is up to date, businesses can put themselves ahead of emerging threats.
There are 3 key security risk areas businesses should strengthen ahead of the new financial year:
-
Ransomware
The cost of ransomware to the Australian economy is conservatively estimated to be $1 billion a year. And the number of attacks and cost of unlocking devices expected to increase. In the defence against cyberattacks, employees are repeatedly the weakest link. Instead of focusing on reactive measures, employee training should shift to target prevention.
Pure compliance-driven approaches have shown to be ineffectual. They are not engaging, nor do they hold personal value to gain employees’ attention. Thus, educational programs should centre on how employees can safeguard personal information as well as organisational data.
While employee training can be conducted in numerous forms, one approach to consider is gamification. It is a great way to engage employees, and drive awareness of cybersecurity guidelines, including how to negotiate cyberattacks correctly. Gamification also lets business leaders recognise and reward employees for positive behaviour, leading to a safer environment.
-
Internet of Things (IoT)
The Internet of Things (IoT) has led to a proliferation of endpoint devices, opening up thousands of possible entry points in business networks. Because they’re automatic, organisations may be unaware of the danger posed by these devices, which include sensor attachments, closed circuit television, smartwatches, and fitness trackers, placing the businesses further at risk if not appropriately secured.
Organisations must have policies and procedures in place to safeguard the network, including educating employees on the kinds of devices they can plug into the network. Next-generation security technology can also be used by the business to protect the network and endpoints, as well as the data flowing within the network.
-
Weaponised data
Cybercriminals weaponise a business’s data by divulging confidential information or by gaining access to and corrupting data, with consequences including reputational damage and material costs. In order to protect data effectively, organisations must know where critical data is located and which employees can access it.
As the end of the financial year approaches, businesses should take time to review and update their cybersecurity procedures. Business leaders should ensure they understand the potential impact cyberattacks can have on their business and take a proactive approach to make sure employees understand company policies.
