Three ways to combat cyber attacks and mitigate their impact
Following the recent cyber attacks on Medibank and Optus, organisations around Australia have been left wondering whether they could be next.
The Medibank incident saw four million customers have their personal information leaked, while the Optus breach exposed personal details of a massive 9.8 million Australians.
Cyber attacks are on the rise around the country, with the Australian Federal Police announcing earlier this month that it was recently involved in stopping an international ransomware gang that was targeting Australian businesses.
According to Adam Gibbins, a Director at BlueRock, “Cyber security breaches can have serious implications for a business, and can result in not only data being lost, but also customers. Optus has reportedly lost 10 percent of its customers following last month’s cyber attack. Businesses are required by law to hold on to past customers' data, so former customers can also be affected.”
“While it’s required by law to retain customer and employee data, organisations need to look at their internal strategies and ensure they have a plan in place to combat a potential cyber attack. It’s also essential to communicate this to customers and employees to build trust.”
Gibbins shares three ways how Australian businesses can combat cyber attacks and mitigate their impact:
Backup data
In order to recover any information you may lose to a cyber incident, backup your business’ data and website. This is essential as most of your important data and information will be the first to be accessed if an incident occurs. Therefore, having your information backed up will help you ensure important information isn’t lost.
Useful backup methods include daily incremental back-ups to a portable device and/or cloud storage, end-of-week server back-ups, quarterly server back-ups and yearly server back-ups. Using a combination of these will cover you all year round.
It is essential to make backing up your data a habit. Backups to an external drive or a portable device that is separate from offsite storage will give your business a plan B.
Cyber security training
As your staff are the primary contact point for customers and other employees, it is important to ensure your team knows about the threats they can face and the role they play in keeping your business and customers safe.
Your business should provide an educational training service that provides your staff with the information needed in case of an incident. The training should include how to maintain good passwords and passphrases, how to identify and avoid cyber threats and what to do if they encounter a cyber threat, including reporting.
Cyber insurance policy
It is important to remember that no IT system is impenetrable. That is why it is essential that your business has a cyber insurance policy in place as part of your business strategy. Cyber insurance firstly helps to meet the direct costs incurred by a business and damages to parties affected, and secondly, it provides access to a response team of experts to assist you in managing every aspect of a cyber breach.
It is important to know that cyber crime is not limited to large organisations and as many as 58% of victims of breaches are categorised as small businesses. Basically if your business has a website or electronic records, you’re vulnerable to cyber hackers. Cyber insurance policies are accessible to businesses of any size, and as it is a relatively new form of cover, it is important to review your current insurance and perceive data like you would any other asset.
With tougher scrutiny on businesses and the way they store data, now is the right time to protect your business from the repercussions of cyber-crime.
Read also