Cybersecurity is fundamental to safeguarding the digital platforms that are part of nearly every aspect of our personal and business lives. From securing customer data to protecting financial transactions, cybersecurity is now a non-negotiable. However, as many small and medium-sized businesses (SMEs) will attest, it can be daunting to sift through the numerous recommendations online and determine which security steps matter most.
Recent research from Business NSW highlights the challenges and risks SMEs face. Their findings reveal that cyber breaches are on the rise, with SMEs particularly vulnerable due to limited resources. For instance, the latest data shows that 34% of small businesses and 43% of medium businesses in NSW experienced cyber incidents, including hacking attempts and scams, in the past year. These stats emphasise that even basic controls, if neglected, could turn the holiday season from good to bad. So, as we approach the year’s end, taking a few foundational steps can make all the difference in preparing your business to withstand potential threats.
In preparing your cybersecurity defenses, remember the three Os: Observe, Own, and Overcome. Start by observing the risks unique to your business, understand the threats and how they might impact you. Think, what would happen if my systems can’t operate? What would happen the data I use was stolen? Which of these systems do I need to protect? Next, own the responsibility by accepting that, yes, cyber risks are real, and they can affect any business, large or small. Finally, overcome both the intimidation factor of “I’m not a cybersecurity expert” and the initial hurdles by trying to covering the basics. Technology alone can only go so far; your proactive attitude and ongoing awareness are by far the strongest shields against cyber threats.
This season, cybercriminals are likely to target common weaknesses in your systems and exploit seasonal distractions. Phishing, for instance, is likely to spike, as are scams using deepfakes and AI designed to trick businesses into sharing sensitive information or making unauthorized payments. So with that, here are some cybersecurity steps you should consider before the holiday period:
- Secure devices: Ensure all devices, including laptops and mobile phones, are updated with the latest security patches. These updates close vulnerabilities that attackers might exploit.
- Use encrypted storage: Tools like BitLocker make it harder for thieves to access data on lost or stolen devices. Protecting physical assets is as crucial as digital defenses.
- Strengthen passwords: Set complex passwords and avoid reusing old ones.
- Multi factor authentication: Implement multi-factor authentication (MFA) to add a layer of security, this step can drastically increase the difficulty of accessing your accounts and help deter cyber criminals.
- Encrypt files and communications: When sharing sensitive files, use encrypted containers or peer-to-peer encrypted messaging platforms, avoiding social media apps for confidential discussions.
- Monitor for festive scams: Fake promotions, urgent donation requests, and other scams often pop up around the holidays. Social media scams, deepfakes, and impersonation are tools cybercriminals may use to deceive businesses. Before you click that button, think twice about whether everything you are seeing makes sense. Asking another person for their opinion can often also help.
- Train employees: Employee awareness is paramount. If you have employees, have the conversation and train your team to verify unusual requests, especially those involving finances or data.
- Avoid public Wi-Fi: Public networks can be insecure. Encourage remote employees to use a secure VPN rather than public Wi-Fi to protect against potential eavesdroppers.
- Verify transactions: Establish a system for double-checking payment requests through alternative channels, ensuring secure transactions and avoiding costly errors.
- Assess vendor security: Your cybersecurity is only as strong as your partners’. Evaluate third-party vendors’ practices, as many data breaches originate from vendor vulnerabilities.
- Backup and prepare: Backups are your lifeline in a crisis. Understand if you have a backup of your data and systems. Test your backup and recovery processes to ensure you’re prepared to quickly restore operations if needed.
So, as you "wrap up" for the holidays, remember: Observe your risks, Own the responsibility, and Overcome by taking these essential steps. With some basic controls in place, you can secure peace of mind, knowing that your business is better protected against seasonal cyber threats.
Brenton Steenkamp is the lead partner heading up Clayton Utz's cyber security practice. Andreas Ostenfeldt is a highly experienced cybersecurity expert, specialising in cyber crisis management and incident response.