In the past month Australia has been under attack. With Optus, Telstra, Woolworths, Medibank and now Vinomofo the wine producer, that’s millions of people’s personal data that has been breached in a matter of weeks. During each of these attacks, business was not as usual. In fact, Medibank alone had their shares drop by 3.4% after having to shut down everything to avoid more damage being caused. And let’s not forget the cost incurred by the ongoing investigation, loss of wages and business.
These attacks should have every business owner sitting up and taking notice. It should have everyone taking immediate steps to start protecting not only their business and assets, but their customer’s and client’s data as well. It should have every business ready to do what is necessary in the event of an attack. Yet in the PwC’s 2023 Global Digital Trust Insights Survey released this week, Australian business leaders are hesitating to publicly share any cyber security incidents to their business! One of their biggest concerns was that by publicly disclosing a cyber incident, it could lead to a loss of competitive advantage.
And that’s completely reasonable. Right?
As a stakeholder in your organisation, money is a big deal. Profit and loss is constantly on your mind, making sure things stay afloat is always a stressor. Even for those of you who’ve turned over significant profits year after year, we all know that one event can make it feel like the bottom’s dropped out of your stomach. So yes, the risk of losing your competitive advantage is a legitimate concern.
But what would you prefer: potentially risk losing your advantage OR knowingly let other businesses suffer the same attack?
By publicly sharing a cyber incident you are doing a multitude of things:
Though at the end of the day, if you’re taking every step you can to stop and avoid a cyber attack, you may never have to worry about the implications of reporting it!
If you don’t already have in-house cyber security specialists, this is the first step you need to take. In previous blogs, we’ve discussed some of the advantages to doing this, so have a read and then get in contact with us so we can help you find the right person.
While you’re waiting for the right person to come along, there are some other simple steps you can take to start improving your cyber security.
Technology is constantly evolving, so there is always a new version of your software or apps coming out. These aren’t done just to annoy you and waste your time. They’re provided because the developers have made things better and safer for you to continue using their platform or your device. So, take a moment now to check if there are any updates waiting for your attention, and better yet, turn on “automatic updates” in your settings.
We’ve said it once, we’ve said it twice and we’ll say it again – turn on multifactor authentication. Instead of just having to hack through your password, they’ll have to try and bypass your MFA. This takes much more time and effort for hackers to do, so adding an extra 10 seconds to your login process is a no brainer.
Do you remember when technology first started emerging? We all had external hard drives, USB sticks – some of you might even remember the floppy disk! Now things have become so digitised a lot of us either don’t bother backing everything up, or we back it up to a cloud. Don’t get me wrong, having your data backed up on a cloud is great. But what happens if your network gets hacked and so does your cloud backup? It’s all digital and it’s all just as vulnerable to attack. So, if you don’t currently have any back up – get onto it stat! And even if you’ve got cloud backup, look at having an external, physical hard drive backup.
Do you know what a scam looks like? Just in case, let’s go through a couple of the signs.
Remember, you can receive an email from a big company (let’s use Optus as an example) and it can look legit. They’ve got the company logo, the email address doesn’t seem particularly unusual, everything looks fine! But there’s a link. The best way to avoid scams is to go to the source itself. If you’ve received an email from a colleague and it seems a bit off, don’t reply, give them a call instead. If you receive an email or text message from a company asking for something, don’t click the link, go straight to their website and login. These things only take a few extra seconds to do but can save you a lot of heartache.
So if there’s anything we can conclude and agree upon, let it be this: taking steps TODAY to prevent hackers getting into your network is essential, but in the event it does happen, we need to report it and share it publicly so we can all learn and make every network safer.