Debunking data security myths to help avoid security breaches
Why data security is an important part of helping protect your business
Data security is the practice of protecting digital information from unauthorised users. A good data security strategy considers the physical security of hardware and the cyber security systems that can help protect business software applications.
When you have a data security strategy, it helps defend your business against hackers and cyber criminals. The increasing importance of data protection reflects the changing landscape of business security, which now extends beyond the perimeters of your physical premises.
Ways of working that warrant the use of data security
Online ways of working have changed the ways we share and interact with digital data. No longer do we engage with colleagues and customers in person only, we also frequently do so online. This reality creates what IBM refers to as an "expanded attack surface" that can be more challenging to monitor and secure.
Business operations that may increase the need for cyber security measures
- Remote working practices, such as collaborating via digital platforms.
- The use of a wider range of devices, technology solutions, and business applications.
- Engaging with customers via digital channels, such as business websites and social media platforms.
5 data security myths worth thinking about
Today, many businesses are aware of the importance of data protection. Even so, several myths about best practices remain. Here, we debunk five key myths to help you maintain strong data security practices.
Myth 1. Your business operating system is too small to target
The reality is, cyber criminals target businesses of all sizes. Big software companies are constantly monitoring their products for potential vulnerabilities that hackers can exploit. So, ensuring that your employees’ operating systems are up to date is the easiest way to help ensure that your small business cybersecurity systems are protected against known issues.
This is true for all devices, including computers as well as any phones and tablets your team may use for work.
Myth 2. Secure networks aren't crucial for remote locations
Working from home and remotely is now the preference for many employees. When people work from a range of devices in different locations, network security becomes more important. So, if you run a business, it’s important to ensure that staff connect to their devices on trusted Wi-Fi networks.
If your employees are working in public places, encourage them to avoid connecting to free networks and to instead tether to their mobile device. Open networks are unsecured, and cyber criminals have been known to establish their own networks in public spaces to lure in unsuspecting users.
Myth 3. You don’t need cyber insurance
As defined by Cisco, cyber insurance is an insurance product designed to help businesses defend themselves against the effects of cyber crimes, such as:
- distributed denial-of-service (DDoS) attacks, and
- other methods used to compromise a network and sensitive data.
If employees forget to update their passwords, cyber insurance can help cover you against cyber threats. Passwords should also be updated regularly to minimise the risk of security breaches. So, it’s good to encourage employees to update their passwords regularly.
Tip: The strongest form of password is what’s called a passphrase, basically a password made up of a series of words, special characters, and a mix of upper and lower case characters. Passphrases should be unique to each device and software system to help further protect your business.
Myth 4. Cyber criminals don’t impersonate trusted brands and individuals
Businesses are sometimes the target of impersonation attacks. This is a form of fraud that involves a hacker pretending to be a trusted party to trick you into doing certain things. The cyber criminals behind impersonation attacks may pretend to be an individual, brand, or organisation you know and may convince your business to do the following:
- transfer money to a fraudulent account
- share sensitive information (such as intellectual property, financial data or payroll information), or
- reveal private login credentials.
An impersonation attack is a particular type of social engineering attack, a kind of cyber security attack that relies on the psychological manipulation of human behaviour. So, make sure you educate staff on signs of social engineering scams, including the receival of unusual requests that are often written with a sense or urgency.
Tip: Teach employees to be sceptical of unusual messages, even if they appear to come from someone they know. Information protection is crucial, so encourage them to delay acting on requests until they’ve established the identities of the people they’re talking to.
Myth 5. Data isn’t easily lost in the event of a cyber breach
The truth is that security breaches can lead to data loss. To help with data protection, you can set up a business central server that staff can access remotely. This allows employees working across multiple locations to save data to a central location.
When data is saved on a business central server, you’ll still be able to run your business effectively if individual employees lose their local data, or if data is corrupted or stolen due to a cyber crime. Remote back-up systems also defend your data against incidents such as data theft or loss, helping to keep your business data safe from privacy breaches.
How to help protect your business against data security breaches
When it comes to creating a cyber security strategy, it can be tricky to know where to start. The good news is there is a lot of help available for small and medium businesses in Australia.
The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help organisations mitigate cyber security incidents caused by various cyber threats.
To check if your business is ready to defend itself against cyber security threats, it’s worth reviewing the Strategies to Mitigate Cyber Security Incidents by ACSC. This document highlights what is referred to as the ‘Essential Eight’, which are the top eight security practices recommended by the ACSC.
To learn more, you may also like to explore the Essential Eight Assessment Guidance Package, a resource that provides business owners with detailed assessment methods for each security control within the Essential Eight.
Originally published November 2021. Updated March 2023.