Welcome to Cyber Security Awareness month – this year it’s a big one, an anniversary year! It’s been 20 years since October was declared the month to raise awareness amongst individuals, businesses and government agencies about the threats to our digital world.
20 years is a long time – back in 2004 the online landscape was completely different. The cloud wasn’t (much of) a thing, fewer people were connected, and cyber threats were relatively simple. Fast forward to today, and it’s a cyber jungle out there. A huge range of connected devices, the explosion of the cloud and a growing dependence on the internet in all facets of life and business has helped propel the cybercrime problem into epidemic proportions.
Now more than ever, cyber security should be an intrinsic part of everything we do – it needs to be a cornerstone of office cultures and a responsibility that we all take on board. The risks are too great not to, with the average cost of a data breach in Australia increasing to $3.35-million in 2024.
Everyone Has to Step Up!
The omnipresent threat of cyber criminals has prompted the 20th anniversary theme of this year’s Cyber Security Awareness Month: ‘Cyber Security is Everyone’s Business.’ It no longer sits in the realm of IT professionals or large corporates – everyone can be affected by cybercrime, so cyber security is everyone’s business, from individuals to small businesses and big enterprises. We all need to make protecting our data, safeguarding our networks and fortifying our digital lives an absolute priority.
One easy way of doing this (which is being encouraged by the Australian Cyber Security Centre), is simply to talk about cyber security. Keep it in the public consciousness. Bring it up with your friends and family, discuss any near-miss cyber incidents you’ve experienced, and enlighten people if you were actually scammed. Share your experiences and educate each other – the more we talk about cyber security, the more we learn and the better protected we are.
As well as making that your mission for this month and into the future, the ASCS also recommends everybody implements four basic steps to improve individual and business cyber security. Let’s look at what they are.
Four Basic Steps to Improve Cyber Security
If you’re at the very start of your cyber security journey, these simple and effective actions will be pivotal to locking down your digital world. The great thing is, they’re not hard to implement, and doing so significantly reduces your risk of a cyber incident or data breach.
1. Turn on Multi-Factor Authentication (MFA)
Over 99.9% of account compromises can be prevented with MFA. It adds an extra layer of protection to an account by requiring two or more credentials for access to be granted. The extra credentials could come in the form of a text message, email, authenticator app and so on. It means that even if an account password is compromised, the hacker cannot gain access because they don’t have the second or third credentials.
2. Keep Your Devices and Software Up to Date
We’re all guilty of ignoring that ‘update available’ notification on our phones or devices. Truth is, doing so is risky, because cyber attackers exploit security vulnerabilities in outdated software and devices. If you install the latest patches and updates, you’re closing the security gaps and keeping them at bay.
3. Use Strong and Unique Passwords, or Better Yet, a Passphrase
Another thing many of us are guilty of, are weak passwords! These are one of the biggest cyber security vulnerabilities, and one of the easiest to shut down! Use strong and unique passwords that differ across all your accounts. Your date of birth followed by your cat’s name isn’t considered strong! Use a mixture of lower- and upper-case letters, symbols and numbers – the longer the better. You can also use a passphrase, which is a long sequence of random words. And if you’re struggling to remember everything, a reputable password manager like Keeper could be the answer!
4. Recognize and Report Phishing
It seems like phishing scams have been around forever, and while the tactics don’t change the scams are getting more sophisticated. There are constant efforts to steal our sensitive information through texts, emails, social media and even phone calls. Being able to spot one of these scams is crucial in safeguarding yourself and your business. We recommend businesses use a cyber security awareness training platform like phished.io to educate their team on how to protect themselves from phishing scams.
The Essential Eight of Cyber Security
If you’re running a business and looking to implement a solid cyber security baseline, Smile IT and the ASCS both recommend implementing the Essential Eight. This set of eight mitigation strategies will reduce your risk exposure, ensure a reliable defence and boost your disaster recovery abilities in the event of a cyber incident.
Let’s do a quick rundown of what the strategies involved in the Essential Eight.
- Application Control – Restrict the applications that can run on your systems to prevent harmful software from executing.
- Patch Applications – Ensure your software is up to date to eliminate vulnerabilities.
- Configure Microsoft Office Macro Settings – Block macros from running unless they’re absolutely necessary and come from a trusted source.
- User Application Hardening – Disable unneeded features in web browsers and applications to reduce the risk of exploitation.
- Restrict Administrative Privileges – Only allow essential personnel to have admin rights, limiting the damage an attacker can do if they gain access.
- Patch Operating Systems – Just like applications, your operating systems should always be updated to the latest versions to prevent security breaches.
- Multi-Factor Authentication (MFA) – As mentioned earlier, MFA provides an additional layer of security for user accounts.
- Regular Backups – Regularly back up your data so you can recover quickly if an attack compromises your systems.
By following the Essential Eight strategies, you enhance your ability to bat away common cyber threats. Your attack surface becomes smaller, and the impact of a breach is also minimised. It’s becoming increasingly important for businesses to adopt this approach.
Contact Smile IT, Brisbane Cyber Security Experts
Cyber security can be daunting – we get it. It’s complex and the stakes are high, which is why you want seasoned professionals on your side. Smile IT is here to help you secure your business and protect your data, whether it’s implementing basic strategies or performing an Essential Eight assessment to determine where your vulnerabilities lie.
This Cyber Security Awareness Month, let’s all do our part—because when it comes to cyber security, it really is everyone’s business. Contact Smile IT today to learn how we can help secure your systems and safeguard your future.
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!