Between 2022 and 2023, the Australian Cyber Security Centre (ACSC) reported that small businesses in Australia lost an average of $46,000 due to cyber crime. For medium-sized businesses, the average loss was $97,200. Every six minutes, a new cyber crime incident was reported.
Cyber criminals target small-to-medium-sized businesses (SMBs) because successful attacks are highly profitable, and these businesses often have less robust cyber defences compared to large corporations. Just a single cyber incident can have severe consequences, including financial losses, data breaches, and reputational damage. As cyber crime continues to rise each year, adopting a proactive approach to cyber security is vital for SMBs to protect themselves against these threats.
At Lateral Plains, we support Ballarat businesses to build their cyber defences, and the first step is education. In this blog, we’ll look at some of the most common threats facing SMBs, actionable steps that can immediately enhance your protection, and how we can help.
Understanding the Basics
What is cyber security?
Cyber security is the practice of protecting computers, networks, and data from unauthorised access or attacks. In today's digital age, cyber security is critical to protect business assets, ensure the safety of sensitive information, maintain operational continuity, and uphold customer trust.
What is a cyber attack?
Cyber attacks are unauthorised attempts to steal, expose, alter, disable, or destroy confidential information by accessing computer systems without permission. Without strong cybersecurity measures, businesses are at risk of these attacks.
Some common cyber security threats include:
Phishing:
Phishing is a form of “social engineering” that tricks people into clicking on malicious links, downloading malware, or revealing personal information (like passwords or credit card details) by posing as a trusted organisation or individual. Phishing can result in the loss of information, money, or identity theft. These attacks often appear as fake emails, text messages, phone calls, or websites. Some phishing attacks are random, while others are more targeted. "Spear phishing" refers to phishing attacks directed at a specific individual, group, or organisation.
Malware:
Malware refers to any software used for malicious purposes. It can be unknowingly installed by visiting compromised websites, clicking on harmful links, or opening infected email attachments. Once installed, malware can steal confidential information, track and record activities, or install other malicious programs. Some common examples of malware include viruses, worms, ransomware, spyware, and trojans.
Ransomware:
Ransomware is a form of malware that locks files and devices using encryption, making them inaccessible. Hackers then demand payment, usually in cryptocurrency, to restore access. They may also threaten to leak or sell sensitive data online. Ransomware attacks can lead to costly downtime, and without backups data can be lost forever. Hackers pressure victims to pay the ransom, but there is no guarantee of data recovery, and doing so can increase the risk of further attacks.
Distributed Denial-Of-Service:
Unlike ransomware, which encrypts businesses’ data, a distributed denial-of-service (DDoS) attack aims to take them offline. In a DDoS attack, many computers overwhelm a website or online service with excessive traffic, causing it to crash – like a crowd blocking a store entrance. These attacks can disrupt operations and cause significant damage to computer systems.
Password Attacks:
Password attacks occur when hackers try to gain access to accounts by using stolen or cracked passwords. They employ techniques such as brute-force attacks and credential stuffing, often with specialised software, to break into accounts. Hackers usually target accounts with weak or reused passwords. Successful password attacks can lead to significant data breaches.
Basic Cyber Security Measures
Enhancing your cyber security can be straightforward and practical with a few simple changes. We’ve compiled a list of fundamental cyber security measures to help boost your defences:
a) Strong Password Policies
Enforcing a firm password policy is crucial for defending against password attacks. When creating passwords, you should avoid using personal information such as your name or birthday and avoid common phrases such as 'password' or '12345678’. Strong passwords should be at least 12-14 characters long and include a mix of upper and lower-case letters, numbers, and special characters. Additionally, different passwords for each account should be used to ensure that the others remain secure even if one password is compromised.
A password manager is an excellent tool if you have too many passwords to remember. It securely stores all your passwords in one place, so you only need to remember one master password. It can generate strong, unique passwords for each account and automatically fill them in for you, making online security easier and more convenient.
Enabling multi-factor authentication (MFA) further enhances security. MFA adds a layer of protection by requiring additional information beyond the password, such as a code sent to your email or phone or an approval prompt on a mobile authentication app.
b) Regular Software Updates
Cyber criminals constantly search for new vulnerabilities to exploit in software, prompting developers to release regular patches to address issues quickly. The ACSC reported that between 2022 and 2023, one in 5 critical vulnerabilities was exploited within 48 hours despite a patch being available. This underscores the importance of keeping your device’s operating system and software updated with the latest protection.
The most efficient way to manage this is to turn on automatic updates. This ensures you receive the latest security updates immediately and keeps your system secure with minimal effort.
c) Antivirus and Anti-Malware Software
Antivirus software is an effective tool for protecting devices against malware. Most modern devices like Windows and Apple computers have built-in antivirus solutions. While these built-in programs offer basic protection, third-party antivirus options often provide enhanced features and more comprehensive security.
When searching for antivirus software online, be cautious of malware posing as fake antivirus programs. Always ensure you download and purchase from the provider’s official website to avoid scams and receive legitimate, effective protection. Thoroughly research any product to verify its reputation and effectiveness.
Since cyber threats are continually evolving, keeping your antivirus software up to date is crucial. Regularly running scans and configuring your antivirus to start automatically with your device will help ensure continuous protection.
d) Secure Wi-Fi Networks
Your router, often referred to as the “Modem” or “Wi-Fi,” is the small box provided by your internet service provider (ISP) that connects your devices to the internet. Securing your router is essential to prevent unauthorised access to your internet, network, and online activities.
Making a few changes in your router's settings can significantly improve your Wi-Fi security. To access your router settings, open a web browser and type your router’s IP address into the address bar. You can find this, along with the username and password, in the user manual or on a sticker on the device.
In your router's settings, change the default Wi-Fi network name (SSID) to something unique and create a strong password. You should also update the router's default username and password, usually set to ‘admin’ or ‘administrator.’ For the best security, set the Wi-Fi encryption to WPA3 if your router supports it.
Public Wi-Fi hotspots, common in cafés and hotels, offer convenient internet access but can be risky as they are less secure and attractive to cyber criminals. To safeguard your information, avoid sharing personal details over these networks, always verify the network you connect to, and use a VPN to encrypt your internet connection when possible.
e) Data Backups
Backing up your data is crucial to recover it if it’s lost, stolen, or damaged. You can back up your data to the cloud (using services like OneDrive or Google Drive) or to physical media (such as external hard drives). Backups should be performed at regular intervals, such as daily, weekly, or monthly, depending on the importance of the data and how frequently it changes. For optimal security, combine cloud-based backups with local backups to ensure comprehensive protection.
f) Employee Training and Awareness
Nearly 90% of cyber-attacks succeed due to human error, highlighting the importance of education and awareness in preventing cyber security incidents. Security awareness training is vital for teaching employees about potential threats, current best practices, and managing risks effectively. Regular security awareness training sessions ensure that employees stay informed and are equipped with the latest knowledge to handle evolving online threats.
g) Implementing Firewalls
A firewall functions like a security guard for your computer network, blocking unauthorised access and preventing potential threats from entering or leaving your system. When your organisation connects to the internet, a firewall safeguards against online dangers.
Firewalls come in two main types: hardware and software. A hardware firewall serves as a gatekeeper for all network traffic, while a software firewall protects each individual computer. Using both types together offers comprehensive security by shielding the entire network and each computer.
h) Access Control
Access control is essential for preventing data breaches and blocking unauthorised access to sensitive or confidential information. It manages who can access data by assigning user roles and permissions, verifying identities, and monitoring access. This process helps reduce security risks, prevent unauthorised access, and ensure compliance.
Physical access controls manage entry to secure locations such as buildings and restricted rooms through measures like key cards, biometric scanners, and security personnel. This includes always locking your screen when you’re away from your device. These controls ensure security within physical environments.
i) Secure Mobile Devices
Enabling security features is essential to safeguard business smartphones and tablets from cyber threats. To secure your device, use a strong passphrase, password, or PIN, and enable biometric locks such as facial recognition or fingerprints. Set your device to automatically lock after a short period of inactivity, and activate remote tracking features such as Find My iPhone or Find My Device. These tools help you locate or erase your device if lost or stolen.
Additionally, only download apps from reputable sources and ensure your device’s data is encrypted. Most contemporary smartphones, including iPhones and Samsung models, automatically encrypt your data once you set up a passcode or other form of authentication. Understanding and implementing basic cyber security measures is essential to prevent costly incidents and protect your business. These fundamental steps serve as your first line of defence, and establishing them now will help cultivate a strong cyber security culture within your organisation.
How Can Lateral Plains Help?
Given the rapidly evolving cyber landscape, staying informed about emerging threats and remaining proactive in your security efforts is also crucial to maintain long-term resilience. If you’re a Ballarat-based business looking to strengthen your cyber defences, our local MSP is here to help. Get in touch with our friendly team here to chat about how our services and support can safeguard your business’ operations and data.