How to protect your business from cyber attacks

12 December 2018

Key points

  • Businesses with any type of online presence are susceptible to cyber attacks
  • Business owners need to shape their own cyber security strategy
  • Utilise different controls to minimise the risk of an attack on your business.

Cyber Security for Business Owners with Nigel Phair, Connect Events highlights

As a business owner, what is your cyber security strategy? That’s the question posed by cyber expert Nigel Phair, who implores businesses of all sizes to fully understand their online exposure.

Nigel, who served with the Australian Federal Police for 21 years and headed investigations at the country’s High Tech Crime Centre, said any business with an online presence is susceptible to cyber attacks.

“There are lots of people with various motivations seeking to do harm to your organisation,” he told an audience of 120 business owners at a recent Bankwest Connect Event.

“Whether they want to get intellectual property, they want to make money out of it or whether they just want to be disruptive.”

“What is your technology strategy?” he asked. “How are you going to protect your business?”

Nigel said any business that uses the internet, be it for tax and accounting, social media, human resources or any other use, should employ a cyber security strategy to minimise threats and to know how to respond to an attack.

In shaping your business’ cyber security strategy, Nigel suggested owners consider several aspects.

1. What data assets do you hold?

“The first thing I really want you to think about is, what is the information that your organisation holds? And the reality is you probably hold some really valuable data,” Nigel said, adding that it could be personally identifying information, intellectual property or even just your bank account details.

Nigel said business owners should rank their data from most to least important to start to understand where they need to focus their attention and invest money to protect their data.

“So you need to classify your data from the most important, and invest time and money around that, and work your way slowly down (to least important)," Nigel said.

2. Who has access to the company’s data?

Nigel said 20% of cyber attacks on businesses come from employees. This included employees who unknowingly fell victim to online scams, such as phishing scams.

“We really need to think, how do we train our staff in the process of good information security. What are the tools and techniques that we can give them?” he asked.

As well as providing adequate training, Nigel suggests restricting administrator access to a business’ network to just one or two people in the company. Not necessarily because staff can’t be trusted, but because it reduces the risks of your network being hacked from staff falling victims to scams.

“You don’t want your staff to fall victim to a scam, whether that’s a car buying scam, a dating scam, an investment scam, whatever it might be,” Nigel said.

3. What controls do you have in place?

“Because the criminals are moving ahead so rapidly, you really need to start thinking about the controls you need to put around the serious and important data," Nigel said.

He recommended a few basic steps that business owners could take to minimise their risks of a cyber attack. These included:

  • Encrypt sensitive and important data
  • Turn on automatic updates for your software
  • Install and keep anti-virus software updated
  • Back up your network regularly
  • Reduce administrator access to just one or two people in your company
  • Restrict applications on your network to just those that are needed.

4. Where does your data reside?

Nigel said a key consideration for business owners was understanding where the company data is held.

He said most government organisations require contractors to hold their data within Australia, even for cloud-based environments.

Nigel said employees’ mobile phones also posed an extra layer of complexity around data storage.

“We all love mobile devices, your employees are going to want to interact and do business on a mobile device. What are you going to do about that?”

Nigel said one option for business owners was to pay for staff mobile phones so they can place controls on the devices.

5. How will you respond?

Nigel said business owners should have a plan in the event of a cyber attack.

“At the end of the day, if you have a cyber incident, you’ve really got to be thinking about what you do next. How you respond is going to be critical.”

Nigel said this was particularly important if your business had contracts with government organisations or large corporations, who wouldn’t hesitate to cancel a contract in the event of a cyber attack on your business.

“How are you going to engender trust and safety and confidence in your stakeholders, in your contracts, your employees, that you’re on top of the game?”

The information contained in this article is of a general nature and is not intended to be nor should it be considered as professional advice. You should not act on the basis of anything contained in this article without first obtaining specific professional advice. Also to the extent permitted by law, Bankwest, a division of Commonwealth Bank of Australia ABN 48 123 123 124 AFSL / Australian credit licence 234945, its related bodies corporate, employees and contractors accept no liability or responsibility to any persons for any loss which may be incurred or suffered as a result of acting on or refraining from acting as a result of anything contained in this article.