The escalating situation in Europe is highlighting the new way that threats are conducted: online. We are seeing countless news articles about the wave of attacks being levelled against Ukraine and Russia as hackers organise and choose sides.
Locally, the Australian Cyber Security Centre (ACSC), the Australian government’s lead agency for cyber security, has stated that Australians urgently need to protect themselves against increased attacks.
In particular, Australians need to be vigilant against ransomware, as threat actors believed to be associated with ransomware provider Conti have “claimed they will target unspecified critical infrastructure in response to cyber or military actions against Russia”.
So how can Australian businesses arm themselves against attacks, and what are the consequences if they don’t?
8 ways to prevent a cyberattack
Taking steps to prevent an attack, breach, or hack should be one of the foundational tasks in your business.
Our IT experts, as well as the ACSC, recommend these 8 preventative measures to take:
- Using Two-Factor Authentication (2FA)
Two-factor authentication should be used across your entire enterprise – including all your software, devices, and applications. Threat actors can use any entry point available, no matter how small.
For organisations using the Microsoft 365 environment, Microsoft’s free 2FA software should be the bare minimum.
- Testing your people’s security awareness
Remote and hybrid working have created the perfect environment for threat actors because security within home networks is often less stringent than within enterprises. Additionally, some people within your organisation are unaware of the warning signs of a phishing scam.
Undertaking regular training and testing of your people’s awareness through simulated phishing emails will allow you to find the weak points and conduct further training to secure them.
- Securing your EndPoints
Desktops, laptops, and mobile devices all have EndPoints (or entry points) that can be exploited. Securing them with a higher level of protection will help block ransomware and malware attacks that utilise AI to find and exploit inconsistencies in user behaviour.
- Installing a Firewall/Router
Preventing malware from entering your work environment is key – and you can do so by utilising a firewall/router solution. It works by scanning all network traffic that passes through it for threats, and some solutions may also provide higher speeds of data transfer within your IT environment.
If more than 20% of your employees work from home (which is more than likely in today’s environment), we also recommend DNS Protection as another measure on top of the firewall/router solution.
- Removing user local admin access from all machines
When employees are set up on company devices, they can often be given administration privileges – but this is one of the biggest mistakes that you can make. These privileges allow users to make significant changes to their configuration and operation, bypass critical security settings, and access sensitive information.
We recommend removing these privileges as this is one of the most effective ways to secure your systems.
- Upgrading or removing old tech
Having older devices, machines, or servers puts your business at risk as these don’t have the high level of protection that newer technology does. Because they’re not supported by the vendor anymore, they won’t receive critical security updates.
Removing these devices and upgrading to newer ones is one of the easiest ways to add a higher level of protection to your systems.
- Adding an external email warning
Because email is one of the easiest ways to stage a breach, it’s imperative that your email program has built-in protections against scams and spam. For example, utilising software that adds a warning banner to all emails from outside the company can help users identify if a threat actor is imitating an internal team member in an email.
- Adopting more than one of these measures
While implementing at least one of these measures will increase your protection, we highly recommend applying as many as you can. This may take some time, so a phased approach is recommended.
What happens without these preventative measures?
While it may seem unlikely to have your business targeted by hackers or phishing scams, security experts all reiterate that this is a matter of when, rather than if. Some of Australia’s largest entities (Service NSW and Lion) have already fallen victim to attacks or breaches.
It’s critical for business owners to arm themselves against breaches to prevent catastrophic damages, such as:
The loss of millions of dollars
Breaches come with high costs because they’re expensive to discover, investigate, contain, and recover from. Additionally, businesses can face massive monetary losses if a breach or attack is successful.
The loss of IP & unplanned downtime
Hackers can steal or wipe a business’s sensitive or copyrighted data in minutes – with no chance of getting it back. Businesses that don’t take measures to protect themselves can be at serious risk of losing the data that can cause days of unplanned downtime. It can be incredibly hard to recover from this for some businesses.
Heavy fines and reputational damage
Depending on the size and industry of a business, it can fall under the Notifiable Data Breach Scheme (NDB) or the Security Legislation Amendment Bill.
The NDB requires businesses to notify individuals who are likely to be at risk of serious harm by a data breach, and the Security Legislation Amendment Bill requires businesses to shore up their cyber defences to prevent attacks.
Non-compliance with either of these carries the potential for heavy fines and reputational damage.
What else can I do to protect my business?
Some of the preventative measures we’ve recommended may not be easy to implement without a clear understanding of IT principles and infrastructure. But that doesn’t mean your business should be left unprotected.
One solution is to hire an IT managed service provider to help you build up your defences, manage your security, and ensure that your systems are running smoothly. At VITG, we’ve been doing exactly that for the last two decades.
Our team is built upon high expertise and is driven by strategic thinking and innovative ideas. We have also been rated one of the world’s premier managed service providers and one of the top MSPs in Australia.
If you’d like to discuss your cybersecurity options with us, you can contact our friendly team to learn more about how we can help you protect your business.