Most New Zealand businesses have a reasonable understanding of just how important it is to protect their digital assets. But when it comes to actually implementing cyber-security systems and processes, many don’t know where to start.
It doesn’t matter how big or small your business – if the data and information held within it is of interest to cyber criminals, you’re a target. Peter Bailey, general manager of Aura Information Security, offers the following top tips to help businesses stay one step ahead of the bad guys.
1. Keep your systems up-to-date.
This may seem like a simple one but it’s surprising how many people would choose to ignore running Windows or Anti-Virus updates in favour of getting out the door and getting a jump start on their journey home. However, these updates are there for a reason – they are a built-in line of defence for software and apps to patch any discovered vulnerabilities or potential backdoors into the system. Next time a reminder pops up, make sure you run the update.
2. Do an inventory of your digital assets.
If your business was the victim of a cyber-attack – would you know what information and documents had been copied or stolen? Which leads to the next question – how do you begin recovering from a breach if you don’t even know what the attackers have been able to extract in the first place?
It’s crucial all businesses take inventory of their systems and understand the basic ins and outs of what should be where. Often it’s better to speak with a cybersecurity expert in order to get a true understanding of asset management, risk assessment and establish the key steps your business should take in the event of a data breach.
3. Ensure your employees understand cyber-security.
Most security breaches can be attributed to employee error…or ignorance. According to SplashData’s annual list of stolen passwords ‘1,2,3,4,5,6’ and ‘password’ are still the most commonly used passwords globally. What’s worse is they were also the most popular passwords the year prior. It’s this complacency that is a hacker’s dream.
To ensure your business fosters a culture of cyber-security awareness, regular training and education is key. If you don’t have a CISO to help lead the charge, there are some great online tools and employee checklists available from sites such as ConnectSmart.govt.nz. Aura also recently launched its e-learning tool which is designed to provide businesses with the ability to train and educate staff whilst also identifying areas for improvement.
4. Invest in the right tools.
A good cybersecurity system will provide businesses with an Indicator of Compromise (IoC) if there are any breaches. An IoC provides a strong signal that there has been interference or a digital intrusion – for example an email signature loaded with viruses or a malignant URL address for botnet. This data can then be used to help future proof the systems from similar attacks, essentially giving the cybersecurity suite the ability to ‘update’ as circumstances change.
5. Call in the experts.
Information security is perhaps one of the fastest evolving industries, with breakthroughs happening virtually every week. For most businesses, keeping up with these changes is no easy task – particularly if they don’t know what they are looking for.
There are cybersecurity experts who live and breathe this ever-changing landscape. What’s more, they are trained to identify a business’ weaknesses and make recommendations about the best next steps to take to ensure they aren’t a sitting duck for hackers.