We’ve all had those new year’s resolutions, we start strong for the first couple of weeks. Then quickly reminded by how busy being in business is and our priorities shift. Our good intentions slowly get forgotten about and never picked back up.

If you’re here, it’s because you want to do the most crucial thing you can for your business. Make sure your cyber security is up to snuff.

Whether you’re starting from scratch or want a fresh perspective, we’ve listed key goals you must work towards so that your cyber security resolutions will not die in spirit. Here is everything you need to get the ball rolling with your cyber security today.

Let’s be clear, this might be daunting, but let me remind you this isn’t a solo effort, cyber security is a collaborative process. Work with your IT provider, HR, and the entire team to discuss, brainstorm, and implement these tactics. Rome wasn’t built in a day and neither will your cyber security. Take your time and get each step right from the start.

Here are 5 cyber security resolutions to prepare your business for online threats in 2023.

Perfect Your Password Policy

I get it, passwords, how boring. Listen though, I’m going to tell you something you probably haven’t heard before.

You’ve always been told for staff to change their passwords frequently, let’s scrap that. It’s obvious to both of us that getting staff to constantly change their passwords is nearly impossible, time-consuming, and annoying. Requiring frequent password changes only leads to users making small adjustments to their already simple, previous password, resulting in weaker security.

Users should have strong and unique passwords for each account. To help achieve this, only enforce password changes when there is suspicion that passwords may be compromised. Now, staff can focus on creating a stronger password, knowing it won’t need to be changed anytime soon.

A simple way to implement this? Promote the use of unique passwords by using a password manager, it will do all the hard work for you. They can create and store an unlimited amount of passwords for all staff, it’s a tool that will save your team loads of time.

If you’re a micro business there are lots of free password managers. If you have 10+ staff, you’ll need to pay for a business-based password manager. Our top business password manager recommendations are Keeper, Password Boss and LastPass. At Pronet we use Keeper for ourselves and all clients. Its extensive sweep of security features makes it one of the best options for cyber security.

Top it off with the security measure in our next resolution.

Enforce Multi-Factor Authentication (MFA)

Do you know how you get a text asking to enter a 6-digit code after your login details? Yeah, that’s a form of MFA and it’s extremely important now.

So important that enabling MFA reduces the chance of your account being hacked by 99.9%. Hackers will not be able to access your account unless they are physically able to get your MFA-enabled device. Let’s be honest that won’t happen because I don’t think they’re leaving their bedroom anytime soon.

Making sure all your staff and all their accounts are set up with MFA is a MUST this year. It may not be something you can directly implement yourself, so make sure your IT team put it as a top priority. It’s on you to make it happen!

And a little bonus. Some of the current password manager apps allow you to use MFA within them. The same application can be used to enable strong passwords and implement MFA. Talk about cost-effectiveness.

Remove Old Users from Your Systems

One big cybersecurity resolution for the new year is to clean up all those old user accounts.

If your company has active accounts from old employees, it dramatically increases the potential vulnerabilities in your organisation. An attacker only needs to find one set of login details to gain access to your systems.

Let’s not waste any time with this one, start removing unnecessary accounts to reduce the risk of hackers infiltrating your network. That’s not all. If you want to stop this issue from coming back up there’s one more thing to do.

It’s even more important to change your policies to ensure the principle of least privilege is followed. What this means is that users should only have access to the resources they need to do their job. When that access is no longer needed it should be revoked.

This becomes especially important when employees change roles, leave the company, or are terminated. They may attempt to abuse their access and cause harm to your organisation through actions such as stealing or destroying data, planting malware, or other malicious actions.

Let’s get rid of those old accounts and get new policies in place to prevent the issue going forward.

Conduct A Risk Assessment

I do not doubt your business has experienced some kind of change over the year. Whether that means changes to your systems, structural arrangements, technology or more, your business is in a state of flux.

Due to that, a yearly risk assessment is so important. It gives your company a chance to take note of all of these changes and analyse the threats to your security.

Once your organisation has an updated view of the challenges it faces, it can plan successfully for the future. This may include adjusting security plans and policies to stay safe in the coming year.

Without conducting a risk assessment based on all the changes, it could cause you to focus in the completely wrong areas. Not only wasting time and resources but also leaving your business vulnerable in to threats.

Get that new year risk assessment done ASAP.

Quarterly Employee Training

This might seem daunting, but one, it’s the most important, and two, it’s not as hard as it seems.88% of data breaches are caused by employee mistakes. Human error is still the driving force for cyber security issues, you’re asking for problems by ignoring staff training.

When it comes to training staff, there are already so many resources online where the work is practically done for you! Videos, articles, and interactive quizzes are readily available and can be accessed at staff members’ own pace. All you need to do is point them in the right direction.

Be sure to make it relevant. Relate training materials to your staff’s job responsibilities and the types of threats your organisation is most likely to face. Of course, you’ll know exactly what kind of threats your business will face from that risk assessment. This will help ensure that the training sticks and that staff are more likely to use the skills they learn on the job.

Training provides a good opportunity to remind your staff of policies, but they also allow you to update them on the latest threats. Your employees are often the first line of defence in a cyberattack, so don’t underestimate their role when it comes to protecting your company.

Conclusion:

There you have it, our 5 cyber security New Year’s resolutions. 5 things that we believe are a must to implement to have the best chance of being protected this year. With cyber crimes predicted to soar in 2023, you don’t want to take any chances, especially with your business.

Remember what I said initially: cyber security is a collaborative effort. Work with others in your organisation to ensure this gets done, otherwise I can guarantee you will fall short. Tackle one at a time and get them right from the start. Good luck and I wish you a successful year ahead!

It’s alarming to know that nearly half of social media users have fallen victim to shopping scams.  

It may seem like a good idea to avoid the shops at this time of year. If your employees are doing some last-minute Christmas shopping at work, it’s important to ensure that your business is protected. Online shopping scams are on the rise, especially this time of year. With the damages for business owners being so high, it’s not a risk you want to be taking. 

The Dangers of Online Shopping at Work 

Unfortunately, new research shows that 47% of people click on dangerous links. They think they’re getting a great deal, but instead, give up financial & personal details to cyber criminals. I know it’s the season of giving, but let’s not get too carried away.  

Your employees don’t only risk giving up their personal information, but risk your device and potentially exposing your company’s entire network to criminals.  

It’s not just shopping scams employees need to look out for. Phishing scams also manage to trick 36% of people into revealing personal data. Phishing scams are where you get an email that seems to be from someone or somewhere you trust, but it’s not. 

Remember that account you never made, emailing and asking you to update your payment details? You probably don’t remember it because good chance you never actually made the account. It’s just a scam.  

The same 36% have also fallen for gift card scams. Where criminals gain the trust of victims and try to persuade them to buy gift cards or online vouchers. Not in the Christmas spirit at all. 

See, with all the benefits online Christmas shopping can bring, there are a lot of nasties you and your staff need to be aware of.  Especially this time of year. 

The Damage It Can Bring to Your Company 

Let’s talk about what kind of damage you can expect, and it’s not pretty. If employees do happen to click on malicious links or download an infected file, the results for your business can be devastating.  

Cyber attacks are now so harmful that the risk goes beyond the loss of data and reputation. Once victim to attack, criminals can force you to cease your business operations altogether. The cost of downtime has proven to be enough to put people out of business for good. An astounding 60% of SMEs that fall victim to cyber attacks go out of business after the first 6 months. 

Yeah, not the kind of Christmas present you’d want, so let’s talk about how we can avoid this happening at your company. 

How You Can Lower the Risk Today  

Here are some ways to help you protect your employees, and more importantly your business this holiday season. 

While technical protections such as firewalls, antivirus, and strong password management are important, the focus needs to be on training your team. It should be known that the most effective defence is a team that can recognise a threat when they see one. Investing in your team’s training and education will help them stay vigilant and protect your organisation against potential attacks. 

Make sure your staff are aware of the latest scams and know what warning signs to look out for. At a minimum make sure all staff are  

• Check website links are genuine 
• Making sure websites are the real deal  
• Being suspicious of offers that look too good to be true 

It is also important to have a plan in place that can be implemented as soon as a security breach is detected. All staff should know how to report incidents immediately and who to notify. The faster your team can respond, the more damage you can prevent and the associated costs that follow. In some cases, it may be possible to stop the breach before it negatively impacts your business altogether. By being prepared and having a clear plan of action, you can minimise the risks and protect your organisation. 

If you’re after the quickest way to make sure your team is keeping an eye out for scams, send a quick email reminder. Take the points from this article and forward them to your staff. Even better, forward the entire article! The best thing you can do is make them aware. 

There you have it, some easy ways to protect your business from online shopping scams. We hope you’ve been able to take something away or give you something to think about. 

Among all the components that a business needs to operate successfully, cybersecurity has now become one of those essential components. In the wake of COVID outbreak, businesses have stepped up their digital adoption, and threat actors are ready to grab the moment by going after companies of all sizes and industries. The year 2021 will go down in history as one of the most successful in terms of both security breaches and cyberattacks.

No matter what industry you’re in, attackers have no limits on what they may do. They just care about the data they can get their hands on and the money they can get for it. Even now, the attacks are getting more aggressive and smarter. If you are an employee of the company, then you must understand that you are on the front line of information security. Therefore, it’s important to stay on guard to help assure your company’s data is safe and secure. This article will focus on the best practices that employees should try to follow as human factors remains the primary reason for most of the cyberattacks happening in the world. Silly mistakes can bring devastating results and even complete closure of businesses in many cases. So, it is the duty of the employer and the employee too to be aware of cybersafe practices and follow them to remain safe. Let us start with these quick things:

Never Use the Company Email Outside of Work
For the sake of having all the updates in one single email, it is commonly seen that people use their work email for personal use, like for shopping, dining, etc. While it makes life easier, it’s also one of the riskiest things a person can do. Doing so unintentionally can put a business or corporation at risk. Your email can reveal confidential information about your company, which could cause the business to fail.

For instance, Australia’s one of the big universities, i.e., Deakin University was also a victim of cyberattack recently when an attacker used a staff member’s username and password to access student information via one of Deakin’s third-party providers. So, if you’re going to use your business email for personal purposes, think again about it.

Mind Your Clicks
It is human nature to click on pop-ups, links, and ads if we personally receive them to know what value they offer. And, hackers savagely target this weak point of humans, and just with one click, they get access to your company data in a matter of seconds. These can be delivery emails pretending to be from DHL or Amazon, amazing offers, and so on, all designed to entice the reader to click the link. So, if you ever get an email with a link in it that doesn’t pertain to you, I suggest avoiding forwarding or clicking on it, and only notifying your company’s security staff. This would allow your company to put a halt to the attack and prevent it from spreading further at the time it occurs.

For instance, this is the phishing email we received a few days ago where the hacker portrayed himself as the shipment company DHL, but our employees are well-educated about the cyber safe practices and no one clicked on the link. The catch here was that the email i.d. that was used to send did not belong to the DHL company and all our employees realised the same.

Educate Yourself About Phishing Scams
Phishing scams are the most common scams that result in a security breach. Hackers or phishers lure employees to click on links that ask you to enter personal or company information, and once the information is entered, the whole network of the business is exposed to the hackers. It is very crucial to understand the difference between a genuine link and a corrupted one. If you are unsure of the link or email you have received to fill in the details, I suggest you immediately consult your I.T. department to verify. This will help prevent any cyberattacks.

Use Strong Passwords
So, again, to make our lives easy, we all use the same passwords or common passwords at work and in our personal lives. It simplifies our lives and even the lives of hackers too. Keeping common passwords gives an open invitation for hackers to compromise all the accounts using that password and, through them, give access to your company’s or business data. The last thing anyone would want is to be held responsible for such a devastating setback for a firm. So, just be mindful when creating passwords for the tools and software you use at work.

Never Share Passwords
So, another human trait is to have passwords written somewhere or to share them with someone trustworthy (according to you), which is not at all a good practice. Being humans, you never know when a person’s intention changes and it might be too late before that person misuses the information you have shared. It is a good practice for both personal and professional life not to share passwords with anyone. 

Use 2FA While Logging into Devices, Software, etc.
An extremely safe option to use for staying safe in the present unsafe digital environment. You can try using different apps to have the authentication turned on for all of the logins. This will keep everything safe and even alert you instantly when there is an attempt to hack the accounts.

Make Sure all the Updates are Followed
Another thing that most of us ignore is the pop-up messages that come on our screen to update certain software, applications, etc. Usually, we all ignore or delay updating the installed software or applications, and this opens the gate for hackers to compromise the system from your machine, using your identity passwords, and have access to all your company’s sensitive data. If your company sends out instructions for any security updates, it is wise to install them all right away. Cyberthreats often take aim at your data. I am sure no one would want to be the reason for a cyberattack at their workplace, so next time when you see the update message on your screen, take the necessary action immediately.

Talk to Your I.T. Department
It is a good idea to learn more about the best practices to follow to be safe from cyberattacks online without any hesitation. Your I.T. department or I.T. partners will always advise you the best when it comes to cybersecurity. Reaching out to the I.T. department or person to alert them of any possible warnings is also advised to keep away any threats.

Use the Latest & Relevant Technology
Another major thing to keep in mind is to use the latest versions of tools, software, and technology in the workplace. If the licence of the software, applications, etc. you are using has expired or needs an update, do take the necessary action immediately as these outdated versions are most commonly used by hackers to attack. It is usually the duty of the I.T. department or external I.T. partner to suggest the best technology, but the employees should also be aware of putting forward any demand or need they have when it comes to technology they are using.

You Can Avoid a Data Breach

Having the right knowledge about how to identify spoofed content, links, emails, etc. is very crucial for strengthening your company’s defence against cyberattacks. Always remember: one corrupt click by you could let in a hacker and a single delay or failure to fix a flaw in time could become the primary reason for a cyberattack. So, take it as a part of your job to engage in safe online behaviour.

IT should be the backbone of every business and to help businesses leverage the same, Pronet Technology has been offering the best IT solutions along with cybersecurity tailored to your business needs and budget for more than 25 years now.

CALL US today at 03 9069 2188 to get a free consultation for your business IT requirements.

Stay tuned to our blogs to know interesting IT-related tips and facts.

References:

Graham, J. and Carey, A., 2022. Deakin University cyberattack: Hackers get details for 47,000 current and former students. [online] Theage.com.au. Available at: <https://www.theage.com.au/national/victoria/hackers-get-details-of-47-000-current-former-students-in-deakin-uni-cyberattack-20220713-p5b16v.html?fbclid=IwAR23ya2lPoU0L7_ZxQhFipMEtbQLzlS8hw0sbhU3OuYtiKYriSNnBJps3w4> [Accessed 24 July 2022].

2018. Silver Magic Keyboard. [image] Available at: <https://www.pexels.com/photo/silver-magic-keyboard-1109543/> [Accessed 25 July 2022].

Cybint. 2020. 15 Alarming Cyber Security Facts and Stats. [online] Available at: <https://www.cybintsolutions.com/cyber-security-facts-stats/> [Accessed 24 July 2022].