Cyber Attack Warning

8 Things You Need to Do Immediately to Protect Your Business

Did you know that Australia is currently the target of a focused and unrelenting cyberattack from a sophisticated foreign entity? No matter how big or small your business is, this vital information means one thing: you need to act now to protect yourself.

Who is Being Targeted?

Short answer: Every Australian including businesses, Government organisations and private citizens.

Nobody is immune to the tactics being used and everyone’s private data is seen as desirable. It’s not just credit card numbers, bank details, usernames and passwords, all of your personal and business data has a value on the dark web. Economists say data is worth more than gold or oil in today’s economy.

In the Last 12 Months…

  • 51% of businesses attacked by ransomware
  • 58% saw increase in phishing attacks
  • 60% increase in impersonation fraud
  • 82% experienced downtime from an attack

What Can You Do?

The Federal Government’s Australian Cyber Security Centre (ACSC) says it’s imperative that you are alert to this threat and take steps now to enhance the resilience of your computer networks and smart technology.

8 Things You Need to Do Immediately to Protect Your Business

1. Multi-factor authentication (MFA)

You may already be using multi-factor authentication for some of your accounts. If you’re not, you need to start using it right away on all accounts. It’s hands down one of the most effective ways to protect your systems from cybercriminals.

MFA requires you or your staff to input a username and password and then receive another login code on their mobile phone, email or other device. This code is then entered into the system to successfully complete the login.

In order to protect your business from cyberthreats, multi-factor authentication should be applied to all internet-accessible devices and services, including web and cloud-based email, workplace collaboration apps, virtual private network connections and remote desktop services.

Here’s StormWarden CEO Aaron Harch with some more tips on MFA and cybersecurity.

2. Patch applications

All internet-facing software and apps need to be updated to the latest versions right away. The hackers behind the current threats are exploiting known vulnerabilities for which patches are already available. Updating your software will close known vulnerabilities off from hackers. Reliable app providers are prompt to act and provide ‘patches’ for known threats via software updates, so it’s always best practice to keep install the latest available updates within 48 hours of them becoming available.

3. Patch operating systems

Never use outdated or unsupported versions of your operating systems for your devices. Always ensure your smartphones, tablets and computers are operating with the latest version of their system installed. If a new operating system update arrives, be sure to download and install within 48 hours of it becoming available.

4. Application control

Effective application control will prevent unwanted malware – malicious software – from being able to open and operate on your network. If you have it correctly set up, only approved applications can run on your systems, so even if an employee unwittingly opens or tries to install malicious software, it will do no harm.

5. User application hardening

The ACSC recommends you configure your web browsers to block or better still uninstall Flash, ads and Java script on the internet. It’s also wise to disable any features you don’t need in Microsoft Office (e.g. OLE), web browsers and PDF viewers. That’s because these are popular ways hackers use to get malicious code onto your systems.

6. Block macros

Speaking of Microsoft Office, it’s recommended to configure Office to block macros from the internet. If you only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate you remove the risk of internet macros delivering and executing malicious code on your network.

7. Restrict admin privileges

ACSC describes your operating system and applications’ admin accounts as the ‘keys to the kingdom’ and rightly so! Your admin accounts have the most control and highest levels of access. That’s why it is vital to regularly evaluate the need for privileges and only provide access to those for whom it is essential.

8. Backup daily

Ransomware criminals rely on your need for your own files and data. If successful, they hold this information for ‘ransom’ and demand payment for its release. One way to mitigate risk of becoming prey to these cybercriminals is to conduct regular backups of your software and data files. Your backups should be stored off-site, for example with a reliable cloud storage provider, for at least three months. Some businesses find daily backups to be enough, however if you have a lot of new data applied to your systems throughout the day, it can be prudent to back-up your data even more frequently.

Receive a FREE Security Assessment

StormWarden is offering new customers a free security assessment including dark web scan, internal security audit and one free phishing testing assessment for your staff when you sign up for our MFA cybersecurity services. Download the MFA flyer here or get in touch to find out more about this offer.

Share this article with your friends...

Facebook
Twitter
LinkedIn
WhatsApp
Email

Get Started With StormWarden

Getting started is easy.  Get in touch with us today.

Read More

Related Articles

What are some of the key differentiators that can propel small businesses forward? They include efficiency, productivity, and innovation. Microsoft has expanded

Data is the lifeblood of modern businesses. It fuels insights, drives decision-making, and ultimately shapes your company’s success. But in today’s information

The shift to remote work over the last two years has caused companies to realign their digital tools. Now, many meetings default