Managing cyber threats in your business.

Cyber attacks present a growing threat to businesses. Preparing your business for when a cyber attack may occur can be a daunting task. Research from the Australian Cyber Security Centre (ACSC) shows that in 2020-21, cybercrime cost businesses $33 billion. And with a cyber attack happening every eight minutes, it’s clear that Australian businesses need to have a plan in place to be able to respond quickly.

Preparation is the best strategy to have when it comes to facing fast-growing cyber threats. The ACSC recommends putting in place these Essential Eight mitigation strategies to make it harder for cyber attackers to compromise your systems and applications.

Here are some key tips to help you get started:

 Have a plan in place.

A Cyber Response Playbook is a series of actions that may help your business prepare for and reduce the impact of a cyber attack. The Australian Cyber Security Centre has a Cyber Incident Response Plan template that includes the key planning and response steps to a cyber attack. Having this information in one place, in hard copy, means it will be easier to access if an attack occurs.

Rehearsing this plan is key to making sure you have people and processes in place to respond.

Back up your data and monitor your systems and applications.

It’s considered best practice to back up your systems and critical data regularly. Some industries have obligations to keep records for specific periods of time - think about what your business’ data retention requirements are and whether or not there is an industry standard that applies. Store that data in a secure, external location, preferably so that it can be restored from multiple points when needed - this includes using a cloud-based solution or removing hard drives from your network once a backup is complete.

All of these things are important aspects of being prepared for a cyber attack, especially if it involves a data breach.

Crucially, monitoring your critical platforms, data, systems and applications, means that you will be alerted to unusual or suspicious activity as it happens. That way, you can try to avoid or stop a suspected cyber attack.

Manage employee access.

For users who have administration access to systems, or who also work across different areas in your business, it is recommended they have different or unique email accounts and passwords for the tasks they work on and systems they have access to. Just as no one person should have both combinations to your safe, no one person should have complete access to both the front and back ends of your systems.

Use multi-factor authentication.

Multi-factor authentication (MFA) is an added layer of protection for anyone accessing your digital systems. This can prevent attackers from getting in in the first place. MFA requires you to have a combination of two or more of these authentication types before granting access to accounts and systems:

• Something you know (e.g. a PIN, password or passphrase).
• Something you have (e.g. a smartcard, physical token, authenticator app or mobile phone).
• Something you are (e.g. fingerprint or facial recognition).

It’s critical to have multi-factor authentication (MFA) in place around your email accounts, bank accounts, and any other critical systems that you use to run your business (accounting systems, customer records and intellectual property).

Keep software up to date and have a patching habit.

Updating software on all devices to the latest version and making sure you have a strategy in place to patch vulnerabilities in applications or operating systems in a timely manner may help to protect your organisation. Ensure your anti-virus and other security software is up to date, and double check the level of protection suits the needs of your business.

Regular training for your teams.

Helping your employees to understand the importance of cyber security can make all the difference if a cyber-attack occurs. It will also help if your teams are aware of what to look out for when it comes to identifying online dangers like phishing scams or criminals impersonating well known organisations, Government departments or utility companies.

You can also recommend that your employees register for Australian Cyber Security Centre Alert Service or Scamwatch Radar Alerts. These are free Government initiatives that alert of new online threats as they are identified.

Resources

• Westpac’s Cyber Response Playbook
• Be Safe & Secure guide - for hints and tips so you can better safeguard yourself and your business from potential threats
• ACSC’s Small Business Cyber Security Guide
• Safeguard your devices - McAfee™ has partnered with Westpac to offer you a 6 month free trial of its popular Multi Access program.

This information is general in nature and has been prepared without taking your objectives, needs and overall financial situation into account. For this reason, you should consider the appropriateness for the information to your own circumstances and, if necessary, seek appropriate professional advice. © Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit licence 233714.