Following on from the recently reported Uber data breach, Australian businesses have yet again received a reminder of the challenges cyber-threats present. With mandatory data breach notifications, which requires the disclosure of significant data breaches, becoming law in February 2018, Australian businesses are being urged to take a proactive approach to cyber-security.
Andrew Morris, director of specialised recruiter Robert Half Australia said: “IT security and corporate reputation management are linked as company reputations can be destroyed if cyber-attacks and data breaches aren’t managed appropriately. In an age where cyber-threats are becoming even more prolific as new technologies evolve, it’s in a company’s best interest to be proactive towards cyber-security, rather than reactive. This starts with having the right security infrastructure in place to prevent attacks, as well as employing the right IT talent to manage it."
Robert Half has developed four strategic steps companies can take to help protect themselves against cyber-attacks:
1. Review your security policies and train staff
From email phishing scams to ransomware and malicious websites, it is important to stay updated on the latest cyber-attacks and scams, and to train your employees in how to recognise them.
“A company’s IT security strategy affects everyone in the organisation, so staff training on cyber-security needs to address both external security threats as well as internal best practices relating to data security and privacy,” added Andrew Morris.
2. Audit and update your systems
One of the most effective ways to stay prepared for cyber-attacks is to ensure that your network and computing devices are kept up to date. Don't ignore security notifications and alerts being sent from your operating systems, anti-virus software, web browsers and firewalls, as waiting until later to apply them can leave your data and networks vulnerable to hacks and malware.
Failing to update IT systems can make your IT infrastructure more vulnerable to advanced persistent threats (APT), which take advantage of neglected security holes to steal data over a long period of time while remaining undetected.
3. Enhance your cloud security
The risk of cyber-attacks against cloud infrastructure can be reduced by encrypting your data before uploading it to the cloud, or by using a cloud service that encrypts it by default.
A strong defence against cyber-attacks to cloud systems starts with strong cloud passwords that are changed regularly, and two-step verification options – such as requiring an SMS code along with a password to log in at the beginning of each day.
4. Hire security experts
The escalating cost and frequency of cyber-attacks has resulted in an increasing number of companies forming their own teams of cyber-security experts, in order to pre-emptively discover and track security problems in their IT infrastructure.
“Although hiring additional IT talent is a business investment, having the specialised cyber-security expertise will be worth it against the money, frustration and reputational damage incurred from a cyber-attack or data breach. Training existing IT professionals, or using the services of contract IT professionals or external consultants are also effective courses of action,” Andrew Morris concluded.