10 steps to help prevent cyber attacks on your business

Midland offers a wide variety of services, from personal and risk insurance, through to property and business and even travel insurances. Whatever you need to secure, Midland has the product for you. Simply click on anyone of the listings to the right to be taken to the appropriate page. Or you can contact us for a no obligation quote or excellent advice on whatever it is you require.

Request A QUOTE

The latest cybercrime statistics make for sobering reading, with a 75 per cent rise in ransomware attacks in the 2021/2022 financial year and up to 200,000 vulnerable routers in Australian homes and small businesses.

The Australian Cyber Security Centre’s (ACSC) most recent annual report states medium-sized businesses with between 20 and 199 employees are the most at risk of attack, with the average cost of an attack for a business of this size being $88,407.

While the risk of cyberattack remains high, there any many preventative measures businesses can put in place to reduce the risk of attack and, should one happen, reduce its severity.

 

1. Make a plan

Your approach to cyber security should have a clearly articulated strategy that’s regularly revisited. This should guide the actions taken by the business to ensure it adopts the latest cyber risk mitigation techniques. ACSC recommends adopting eight security controls to help prevent attacks. This framework is useful for directing a business's actions around cyber security.

The controls include taking away unnecessary network administration privileges from employees who don’t need them and putting in place multi-factor authentication for access the network. These are described in more detail below.

 

2. Secure the business’ internet connections

Make sure all the points at which the business connects to the public internet, such as remote desktop applications, file sharing software and webmail are secure and not vulnerable to penetration by hackers. It pays to work alongside an experienced IT professional through this step.

 

3. Safeguard all devices

All the common tools your team uses to connect back to the business such as their laptops, tablets and smart phones also need to be secured to ensure they are not a back door through which criminals can enter a business and exploit its weaknesses.

 

“Medium-sized businesses with between 20 and 199 employees are the most at risk of attack”

 

4. Configure automatic updates for software

The business should be fully protected for viruses and spam through the protections of a suite of leading anti-virus anti-spam (AVAS) software solutions and intrusion detection systems. Make sure any patches and updates are automatically installed so you’re protected from emerging threats.

 

5. Automate back ups

Like software updates, data should be automatically and regularly backed up offsite to a system of servers not connected to the business. That way, if criminals do infiltrate the system, they cannot access back-ups through it and delete them. This means in the event of an attack, the business can be up and running in no time, having accessed the most recent back-up. These systems should also be regularly tested, well before an attack occurs.

 

6. Implement multi-factor authentication

It should be nearly impossible for criminals to get into a system if it has the right protocols in place. These can include, but are not limited to, multi-factor authentication and mandatory regular password updates. As a minimum, passwords should include a mix of lettering, numbers, symbols and cases. Passphrases are even better than passwords, as they can be harder to crack yet easier to remember.

 

7. Audit third parties

Criminals can gain access to your system through external parties such as suppliers if they can access your systems remotely. Regularly audit their cyber security protocols to identify and fix and insecurities through which hackers and scammers could access your business.

 

8. Train staff quarterly

Cyber security training should be a routine aspect of staff professional development. At least each quarter, train staff about the latest threats and run simulations to identify staff who are at risk of opening phishing emails.

 

9. Respond immediately to threats

Make sure to put protocols in place, so in the event of an attack, you can lockdown the system and stop criminals misusing it further.

 

10. Put in place a cyber insurance policy

Cyber policies can help businesses recover from an attack by paying for associated costs and helping to mitigate the effects.
Your broker can help you identify and address the cyber risks in your business. Talk to us today for your peace of mind.

You may also read:

 

10 steps to help prevent cyber attacks on your business

10 steps to help prevent cyber attacks on your business 

The latest cybercrime statistics make for sobering reading, with a 75 per cent rise in ransomware attacks in the 2021/2022 financial year and up to 200,000 vulnerable routers in Australian homes and small businesses.

The Australian Cyber Security Centre’s (ACSC) most recent annual report states medium-sized businesses with between 20 and 199 employees are the most at risk of attack, with the average cost of an attack for a business of this size being $88,407.

While the risk of cyberattack remains high, there any many preventative measures businesses can put in place to reduce the risk of attack and, should one happen, reduce its severity.

 

1. Make a plan

Your approach to cyber security should have a clearly articulated strategy that’s regularly revisited. This should guide the actions taken by the business to ensure it adopts the latest cyber risk mitigation techniques. ACSC recommends adopting eight security controls to help prevent attacks. This framework is useful for directing a business's actions around cyber security.

The controls include taking away unnecessary network administration privileges from employees who don’t need them and putting in place multi-factor authentication for access the network. These are described in more detail below.

 

2. Secure the business’ internet connections

Make sure all the points at which the business connects to the public internet, such as remote desktop applications, file sharing software and webmail are secure and not vulnerable to penetration by hackers. It pays to work alongside an experienced IT professional through this step.

 

3. Safeguard all devices

All the common tools your team uses to connect back to the business such as their laptops, tablets and smart phones also need to be secured to ensure they are not a back door through which criminals can enter a business and exploit its weaknesses.

 

“Medium-sized businesses with between 20 and 199 employees are the most at risk of attack”

 

4. Configure automatic updates for software

The business should be fully protected for viruses and spam through the protections of a suite of leading anti-virus anti-spam (AVAS) software solutions and intrusion detection systems. Make sure any patches and updates are automatically installed so you’re protected from emerging threats.

 

5. Automate back ups

Like software updates, data should be automatically and regularly backed up offsite to a system of servers not connected to the business. That way, if criminals do infiltrate the system, they cannot access back-ups through it and delete them. This means in the event of an attack, the business can be up and running in no time, having accessed the most recent back-up. These systems should also be regularly tested, well before an attack occurs.

 

6. Implement multi-factor authentication

It should be nearly impossible for criminals to get into a system if it has the right protocols in place. These can include, but are not limited to, multi-factor authentication and mandatory regular password updates. As a minimum, passwords should include a mix of lettering, numbers, symbols and cases. Passphrases are even better than passwords, as they can be harder to crack yet easier to remember.

 

7. Audit third parties

Criminals can gain access to your system through external parties such as suppliers if they can access your systems remotely. Regularly audit their cyber security protocols to identify and fix and insecurities through which hackers and scammers could access your business.

 

8. Train staff quarterly

Cyber security training should be a routine aspect of staff professional development. At least each quarter, train staff about the latest threats and run simulations to identify staff who are at risk of opening phishing emails.

 

9. Respond immediately to threats

Make sure to put protocols in place, so in the event of an attack, you can lockdown the system and stop criminals misusing it further.

 

10. Put in place a cyber insurance policy

Cyber policies can help businesses recover from an attack by paying for associated costs and helping to mitigate the effects.
Your broker can help you identify and address the cyber risks in your business. Talk to us today for your peace of mind.

You may also read:

 

Request A Quote
Midland Insurance Brokers Australia Pty Ltd
ABN 81 006 528 329 AFSL 238963
- Important information about insurance contracts
- Midland FSG
- Terms of Engagement
- Privacy statement and compliance
- General Insurance Code of Practice
- Insurance Brokers Code of Practice
- Complaints and disputes
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram