The Ultimate Guide to Business Cybersecurity

With phishing scams on the rise in Australia, it is crucial that you take the necessary steps to protect your staff members and business. You should:

1. Install protection software

Start by installing the latest firewall, spam filter, anti-virus, and anti-spyware software on all your computers, devices, and servers. This process is often overlooked and forgotten, but it’s essential to keep your protection technologies up-to-date so spam and phishing emails can be filtered out before they reach your employees.

2. Monitor website, email and network activities

Invest in technology that provides complete control and visibility across your business information environment, including print and document services. Automated monitoring solutions can track website traffic, email communications and other activities, alerting you to hacking attempts or malware infiltration.

3. Educate your staff

This is the most important step you can take to protect your business from phishing attacks, particularly those that come via SMS. Train your employees to be alert to the dangers of opening suspicious emails or clicking unverified website links in messages they receive. Remind them to only give out personal or sensitive information via email or text after confirming the validity of the source. You should also create clear policies and procedures for responding to and reporting a suspected phishing attack or data security issue.

A hacked account can have a devastating impact on the business. One Australian small business owner lost 43,000 Instagram followers overnight when hackers blocked access to her account. In many cases, business owners are forced to start over with a new account, their months or years of hard work going down the drain.

3. Control access to social accounts

The fewer people who can access your company’s social media accounts, the less risk you take on. Your social media policy should outline which employees require access and at what level. Make sure to update this regularly, especially when employees move on to other jobs. Regularly monitoring usage levels is also a good idea. This way, you can note any suspicious activity – and quickly act to shut down access.

Disgruntled current and former employees, contractors or other business associates can pose a significant risk to your business if they have access to your company’s network, social media channels, third-party platforms and, most significantly, data. Whether it’s for revenge, coercion, ideology, ego or financial gain, these threat actors use their legitimate access to your business assets to cause damage to your company.

Most companies invest a lot of resources into improving security to combat external threats. However, some of the biggest business cybersecurity risks can come from malicious insiders such as former or current employees. In fact, a 2021 study of APAC organisations found that insider threats caused 58% of data security incidents in the last 12 months. Another global study found that malicious insiders perpetuated one-third of ransomware attacks.

Accidental leakage by insiders is also a major issue. In 2022, Telstra accidentally published the data of thousands of customers online due to a “misalignment of databases”.

1. Limit and control data access

One of the best ways to protect your business data is to limit and control the level of access staff have to confidential information. Employees should only be allowed access to the information required to do their jobs well.

A lack of defined processes can also lead staff to leave important information in shared folders, lost laptops and USBs, on desks or in printer out trays.

However, if your policy specifies that staff must access and share all sensitive information via your secure document management system (DMS), you can reduce the risk of the above scenarios. You just need to make sure that staff stick to the process.

Consider implementing a DMS or enterprise content management (ECM) solution to monitor and regulate document access and usage. An ECM can set access rights for specific employees and record who accessed certain information and when.

3. Monitor access and user behaviour

It’s important to track and monitor user behaviour across your systems and networks. This will allow you to identify unusual and suspicious behaviour and respond accordingly.

However, there is a fine line to tread here. It’s important not to go overboard and turn into ‘Big Brother’. A lack of trust showed by you will breed a lack of trust in your employees – which increases the chance of resentment that could lead to malicious acts.

The risks posed by unsecured printers and multifunction devices (MFDs)

The connected printer can bring numerous benefits to an organisation, including increased productivity, streamlined workflows and reduced costs. But if left unconfigured and unsecured, such as when devices are dispersed across multiple locations, printers and MFDs can expose the business to unnecessary security risks.

The possible risks and vulnerabilities include:

• Confidential information being left in printer trays
• Unauthorised access to printer and administration settings
• Hackers using your printer as a backdoor to your network
• Hackers accessing sensitive data that has been sent via unsecured printers

3 ways to protect your business from a document security breach

Printers and MFDs handle a lot of company information daily – so how do we make sure that all the data (both paper and digital) is protected

Here are some tips on how to improve your document security.

1. Update and configure printers and MFDS

Your first step should be to assess the security of all your printers and MFDs – and that should start with updating any default passwords.

Ameer Karim, VP and GM of Consumer IoT Security at Symantec, said that printer default passwords are often never changed. This creates a weak link that hackers can exploit to penetrate the system. Cybercriminals can see the information printed and use the access point to hack the wider network and uncover more sensitive information, including financial data (CeBIT 2018, ‘IoT Security for the Real World’).

Also, take the time to configure and update your machines and devices with the latest software and technologies. Speak to your printer provider about activating built-in security features and measures for every device. For instance, KYOCERA offers three levels of configuration: basic or standard, medium-level and high-level security.

3. Implement a mobile security policy

As workforces are increasingly decentralised, more and more employees work on their mobiles. That’s why it’s important to implement a stringent and detailed mobile device security policy to which all employees must adhere.

This could include:

• Enforcing operating system updates: These often include important security patches, so updates should be performed promptly.
• Requiring employees to undergo business cybersecurity training: Teaching employees how to identify phishing attacks or how to access company data securely will go a long way towards ensuring your data remains safe.
• Restricting the applications employees can download: Not all apps are secure, so you may want to restrict what employees can download to apps your IT department has deemed acceptable.
• Implementing a public Wi-Fi policy: This may include stipulations like only accessing the company network while connected to a VPN or only accessing secure https sites when connected to a public hotspot.
• Having a contingency plan in the event of a breach: In the modern threat landscape, it is not a matter of if you will suffer from a data breach, but when. It’s important to be prepared with a cybersecurity incident response plan that you’ve practised using.