With the recent high-profile cyber security breaches, Australians are more conscious of cybercrime than ever. And for good reason. According to IBM, the average data breach costs organisations USD $4.35 million (an all-time high) in 2022, with compromised credentials, phishing and cloud misconfiguration responsible for the majority of attacks. And that’s just for business – stats from the Australian Institute of Criminology reveal that 34 per cent of Australians have experienced some form of cybercrime in the last 12 months, with a total economic impact of $3.5 billion.
As more and more of us migrate to the cloud, or work from home, cyber-attack vectors tend to multiply, making cyber training more relevant than ever before. So how can we keep ourselves, and our organisations, safe? Here are some top tips for protecting yourself, and your employees, from cyber attacks.
1. Start with zero trust
This sounds counterintuitive – of course you should trust your employees. But ‘Zero Trust Architecture’ is actually referring to a strategic cyber approach that eliminates implicit trust and continuously validates every stage of digital interaction. It’s one of the fastest growing cyber trends. And it pays dividends, too: according to IBM, organisations deploying zero trust jumped to 41 per cent in 2022, and cyber breaches in organisations neglecting zero trust cost (on average) USD $1 million more. Just be aware, zero trust is an organisational journey, and it takes time to implement. You can read more about it here.
2. Training matters
The best thing we can do to combat common cyber threats is education. Training. Teaching our staff about risks, and how to mitigate them. Without solid cyber training, human error is always more likely to creep into an organisation’s digital strategy. Most experts agree that around 85 per cent of data leaks are a direct result of user mistakes. That’s an enormous scope for improvement right there. Cyber training has also been shown to improve system integrity, save costs and cyber-related downtime, and minimise potential damage. Consider this: the average cyber breach isn’t even detected for 287 days. With quality training, we can drastically shrink that number.
“Comprehensive and frequent cybersecurity training can no longer be considered a ‘nice to have’ for businesses – it’s now absolutely crucial for organisations that are facing an ever-evolving array of cybersecurity threats in the current work-from-home environment,” Fred Voccola, CEO of IT software company Kaseya, told Forbes.
3. Cyber best practice
For an organisation, it’s critical to get cyber security right from the beginning. That means implementing a best-practice strategy, and most importantly, communicating that strategy to your employees. So where to start? As an organisation, you should – at the very least – be across data encryption, two-factor authentication, up-to-date antivirus software, and data backup and storage. This is even more important if your employees are working from home. WFH staff need to make sure their WIFI connections are secure (i.e. password protected), and the same goes for any online collaboration tools. It also pays to disable auto-connect for Bluetooth-enabled devices.
4. Passphrases, not passwords
Passwords are a common Achilles heel for individuals and organisations, and in fact the Australian Government recommends ditching them altogether. Instead use passphrases: four or more random words strung together. These are harder to hack and easier for employees to remember. The best passphrases are long (at least 14 characters), unpredictable (a jumble of random words) and unique (you shouldn’t use the same passphrase across multiple accounts). If all employees implement this across your organisation, you’ve already significantly mitigated one of the most common cyber-attack vectors.
5. Don’t go phishing
Phishing scams cost Australians over $2 billion in 2022, and the ACCC’s Scamwatch noted a 90 per cent year-on-year increase in reported attacks (which is particularly sobering, since only about 13 per cent of actual victims report to Scamwatch). You can get lots of good anti-phishing tips on the ACCC’s website, but the basics remain the same. Don’t open suspicious emails. Don’t click suspicious links. Never give out personal information to unverified sources. Only contact businesses and government departments through their official websites, not email links. And implement multi-factor authentication wherever possible. If you need a phishing refresher course, the ASCS has a helpful guide.
6. Multiply your defences
Multifactor authentication is one of the most effective things individuals can do to combat cybercrime. It’s a simple principle: instead of one password holding the key to all your data, create a system of overlapping layers of protection. This will usually be some combination of a) a unique passphrase or PIN, b) a physical possession, like a credit card or security token, c) a fingerprint or retinal scan. All of which are required to login and view sensitive information. Biometric identification is becoming more common on smartphones and laptops, and it’s pretty easy to set up. The Australian government has a quick guide for various apps, too.
Want to improve your organisation’s cyber strategy? Invest in cyber training at RMIT Online.