Many people think that cybersecurity is a technology problem.
It’s understandable, given the name - ‘cyber’ is generally used when looking specifically at technology. However, 82% of all cybersecurity
breaches involve the human element. Password compromise. Social engineering. Misunderstanding what information is okay to show.
The good news that there is a lot you can do to shield your business from the impacts of cyber attacks before you spend real money on technology.
As busy people we tend to accumulate a lot of documents like bills, notes, client profiles, copies of ID, and a variety of other stuff than contains important and even sensitive information on or around our working spaces. It is important to make sure that people who should not have access to that information do not have the opportunity to read and make copies of it. The best way to do this is to make sure any documents are secured in a locked drawer or filing cabinet when you are not there to supervise and oversee.
It is very hard to defend against attacks and threats you don’t understand. The way to get this understanding is by getting educated in what a common attack looks like and what to do about it, through cybersecurity awareness training. This comes in many forms, including phishing emails, recognising suspicious links, verifying invoices by phone and more. Also don’t overlook opportunities to get together with other businesses to share your experiences.
Every person and business now has an ever-increasing mess of logins to remember, secure and keep track of. Using a good password manager like KeePass or LastPass puts all that information into a secure database available everywhere you go for very little time and money. This has the upside of also making it easy to have strong passwords that are hard to crack. Multifactor authentication, also know as MFA, adds even more security and the most common solutions from big companies like Google and Microsoft are free on Android and Apple. Securing your logins is one place where it is easier to be secure than to do it the old way.
Like for every other part of business, security needs to be focussed on your priorities and goals. Identify and classify the roles, processes and information inside your control then prioritise those in relation to the needs and goals of your operation. This is foundational to building good security that delivers and is high value for money. This doesn’t need to be a big, complicated project but instead is a part of your regular planning and review efforts. Telstra’s 5 Knows are an excellent set of principles for this.
Another planning item that saves a lot of headaches and improves security in the long run is called least privilege. In simple terms this means ensuring everyone has all the access they need to do their jobs and nothing more. While it is tempting to just give open access to everyone and share logins for convenience, this only makes the risk of an account or a staff member being compromised much higher. Fitting access to people’s roles is a critical planning item in security and business resilience.
A key requirement for any successful business is making sure that the rules you have in place for internal and external dealings are appropriate and enforceable through policy and contracts. This extends to security of your information and systems as the people you deal with need well defined expectations on what is and is not acceptable use and the incentive to perform as expected. Policies need to be clear and easy to understand and vendor contracts must set out legally enforceable requirements that make sure they are accountable for doing so securely. Neither of these need to be massive and complex but they should be professionally written and regularly reviewed for conformance.
Planning for failures and testing to see if those plans work is critical to knowing how resilient your business is and provides your people with experience dealing with tough situations in a safe space. In security, this sort of testing is referred to as an Incident Response Exercise, which tests the rigour of your incident response planning.
As you can see, any business owner can start securing their business from cyber threats in ways that are not tied to the technology by creating a culture of good cybersecurity governance and risk management. Making good decisions are just as foundational to success in cybersecurity as it is in any other part of your business strategy and operations.
As a dynamic community hub, the Beenleigh Yatala Chamber of Commerce are dedicated to empowering businesses. Our chamber serves as a catalyst for growth, providing a platform for networking, collaboration, and shared success. Whether you're a seasoned entrepreneur or just starting, our diverse community offers invaluable resources, insightful events, and unwavering support. Join us on a journey of business development, where innovation meets connection, and together, we shape the future of commerce. Elevate your business with the Beenleigh Yatala Chamber of Commerce—where every success story is a celebration of our thriving local business ecosystem.