In the 2021–2022 financial year, the Australian Cyber Security Centre (ACSC) received one cybercrime report every 7 minutes.
Whether it’s a major breach exposing millions of records or a SME attack, each one serves as a reminder that data breaches happen regularly, and we could find ourselves affected at any time.
That’s why improving staff awareness of data security threats should be a priority for all businesses.
Our cyber security risk management tips are designed to help you become a more difficult target for cybercriminals, while reducing the impact a data breach may have on you, your staff and your business.
What is a Data Breach?
The Australian Cyber Security Centre defines a data breach as “when data is inadvertently shared with or maliciously accessed by an unauthorised person or third-party. This can be by accident or because of a security breach”.
Cybercriminals committing malicious attacks often do so with the intent to make money, or for other malicious agendas, such as political or personal reasons.
Who’s at Risk of a Data Breach?
A common misconception is that only large organisations are at risk… but data says otherwise!
Anyone who has provided, collected or shared personal information is at risk of a data breach – no matter if you’re an individual, small business or large corporation.
Larger companies are often a financial target, however, have dedicated IT teams to mitigate risk. Conversely, it’s often an afterthought for SMEs, making them easier targets.
How Will I Know If My Data Has Been Breached?
Each year in Australia, there are thousands of cyber breaches to businesses.
To be notified of cyber incidents as they become known, you can register to receive ACSC’s alerts.
You can check if your email or phone number have been compromised in a breach using the free tool, Have I Been Pwned.
Our complete list of data breaches in Australia also details the major breaches that have had the biggest impact on the largest number of people.
What Do I Do If My Data Has Been Breached?
If your data has been breached, follow these 4 simple steps to minimise the immediate and long-term impact:
Know How You Have Been Affected
If you have been notified that you are the subject of a cybercrime, or read about one in the media, contact the organisation that has been breached to confirm which personal data has been compromised.
The ACSC ‘Have you been hacked’ tool also provides actionable tips to secure your finances, accounts, email and identity if you are a victim of cybercrime.
Communicate Only With an Official Source
Following a breach, you may receive an email with a link asking you to take certain actions, such as resetting your password. It’s highly recommended that instead of clicking an email link, you visit the organisation’s official website to orchestrate this.
Reset Your Password
Whether you’ve been instructed to or not, reset your password immediately. Where possible, also force logout of all active sessions.
Check Your Account Statements and Transactions
Keep a close eye on your account statements and transactions. If you spot any purchases you didn’t make, report these immediately to your financial institution.
Strategies to Mitigate Your Risk and Keep Your Data Secure
To help protect yourself and your business online, here are 8 simple strategies you can implement today:
1. Enable Multi-Factor Authentication (MFA)
MFA makes it more difficult for attackers to use stolen or phished credentials. It works by using additional codes or tokens to enable at least two authentication processes to access a system.
While cyber criminals may manage to steal one authentication type, to access your account, they require the other MFA method(s) as well.
It might take an extra 30 seconds to login, but falling victim to cybercrime would take up a lot more of your time and resources!
Our Tip: Enable MFA on all applications that support it, even if it’s not a requirement.
2. Use Antivirus Software
Prevention is better than a cure!
Antivirus software helps to prevent malware from being installed on your device – that is, software designed to cause viruses, ransomware, spyware and trojans, which can steal your information and take control of your system.
Our Tip: Ensure your systems have antivirus software installed, and that it is updated automatically.
3. Keep Systems and Software Up To Date
Did you know that outdated software leaves you vulnerable to attack?
Ensuring your software and applications are up to date and correctly configured helps to mitigate the risk of software vulnerabilities.
Our Tip: Try restarting your computer every night and installing any available updates, so by the time you log on in the morning, your system is up to date.
4. Backup Your Data
Having your data regularly backed up to a secure, offsite service can be the critical factor in determining whether you will be able to continue operating your business, should you be victim to a breach.
Cyber experts recommend storing three copies of your data: two locally (on different devices) and one off-site.
Our Tip: For most, this means storing the original data on your computer, a backup on an external hard drive and another on a cloud based service.
5. Avoid Reusing Passwords
If you reuse your password and any of your accounts are compromised, all of your accounts could be at risk.
So it goes without saying… Don’t use the same password for more than one account!
To help protect staff, try implementing password requirements, such as a minimum of 12 characters per password, a combination of letters and numbers, and no birthdays or names.
Our Tip: Create and use unique passwords for all of your accounts.
6. Enable Password Management
Remembering secure passwords for different accounts is a near impossible task!
Not only do they help generate or store different passwords for you, but they can also highlight any areas for improvement, like duplicate passwords, weak or unsafe passwords.
Our Tip: Try using a password manager tool to help you create and store strong, unique passwords for all accounts.
7. Limit the Amount of Data You Share Online
It might sound obvious but it’s important to only share information that an organisation actually needs to provide goods or services.
For example, if you are asked to share your home address, ask yourself – does this organisation really need it?
That way, if they are ever affected by a data breach, less of your data is impacted.
Our Tip: Review the information you share before sharing it.
8. Complete the ‘Exercise in a Box’ Training
To support Australian businesses, the ACSC has launched a new online tool called Exercise in a Box: Be business ready for a cyber incident.
These free classes allow you to practise your response to a cyber incident in your own time – and as many times as you need!
Our Tip: Complete the training with your staff to understand the risks your business is currently exposed to, and how you can best mitigate the risks. For more information, watch ACSC’s introductory video below!
Does My Insurance Policy Protect Me From Cybercrime?
Unless you specifically have cyber insurance, it’s unlikely you’re insured against the risks of cybercrimes.
A Cyber Liability insurance policy is typically recommended to form part of your overall risk management strategy and not act as a ‘bandaid’ for poor risk management.
This policy goes beyond traditional liability insurances, to address the risks involved with internet exposure and provide you with maximum protection for your business.
In fact, most cyber insurers won’t agree to insure you unless your other risk management is up to scratch!
For more information on how Cyber Liability insurance can protect you in both our current and future digital environment, get a Cyber Liability quote and tailored advice from an expert insurance broker today.