Develop a cyber secure mindset to upskill your team and help protect your business
Good security is a matter of routine. You need to make it part of your everyday way of thinking at home and at work. Here we lay out three key pillars to creating a cyber safe mindset in how your run your business. And we introduce the Cyber Wardens initiative – a free programme you can register to participate in today.
Why a cyber secure mindset matters
The good news is that you don’t have to learn complex technical concepts to help improve your cyber security. It simply starts with taking a proactive attitude to online security, just like we all do every day when we lock our front door or our car.
It makes sense to take your phone with you to the restaurant restroom if you’re on your own: why leave it and risk it? So, can you assume your tech is secure or that an IT expert is handling security by default?
Unfortunately, you cannot. While the consequences of leaving your valuables unattended are clear, the risks of trusting that your tech is cyber secure may not be as clear. But if you’re not a cyber security expert and you rely on a generalist for IT help, then you may lack an effective way of determining the security of technology.
Thankfully, adopting a cyber secure mindset can help you start to reduce risk without requiring expert knowledge. It helps you to be better prepared to act if something goes wrong.
To build that mindset, you need to:
- understand the basics of cyber security,
- be clear on what actions to take as a matter of routine, and
- stay aware of scams that may put you at risk as criminal behaviour evolves.
Take steps to understand the basics of cyber security
Being well prepared starts with understanding the basics of cyber security. This can help you develop the right risk management plan for your business.
What is cyber security?
In short, cyber security is all about protecting data, devices, and systems. This is done by using tools like anti-virus, software firewalls, strong passwords, password managers, two-step or multi-factor authentication, and more.
These protections are put in place to help counter risks associated with scams and threats that could result in identity theft and financial fraud. So, taking time to understand cyber security is a worthwhile investment.
Why are small and medium businesses particularly vulnerable to threats from cyber criminals?
Almost half of cyber crime (43%) targets small businesses. Those businesses with limited resources to dedicate to cyber security or which underestimate the potential of threats can face even greater risk.
The result of this exposure can be catastrophic financial damage; the Federal Government’s Australian Cyber Security Centre (ACSC) found the average small business lost $39,555 to cybercrime in the financial year to June 2022. For medium businesses the average loss was $88,407.
What’s the biggest threat to small business owners?
When we think of cyber security risks, often the first thing that pops into our heads is the threats we face from hackers who are actively trying to penetrate technical systems. But cyber criminals are often opportunistic scammers who are more like criminal pranksters.
These scammers are deliberately trying to trick you into making a mistake, like clicking a dodgy link or accidentally sharing sensitive data such as your password details. An estimated 95% of cyber attacks target people who work in your business and are not technology failures according to the World Economic Forum.
Criminals are getting savvier – and may even personally target people by posing as their boss or colleague to trick them into handing over sensitive information. Business email compromise is a common form of attack whereby criminals impersonate business representatives by using compromised email accounts.
So, making sure you and your team are armed with the know how to make cyber secure practices a part of your everyday business culture is a key part of your defences.
Get clear on what actions to make a priority
Understanding the simple steps to prioritise helps embed a cyber secure mindset into your routine and your business culture. Here are some key actions to focus on.
Change your reused passwords
Reusing passwords across multiple accounts seems logical given the difficulty of remembering them, but it is among the most dangerous things you can do online. Stolen usernames and passwords litter the cybercrime underground and are automatically and rapidly used in attempts to break into other accounts, such as email and social media. Ensure every password is unique and consider a password manger app to help you set, store, and recall them as needed.
Set up multi-factor authentication
Turn on multi-factor authentication (MFA), sometimes called ‘two-step authentication’, anywhere it is offered, especially for your email, marketing and campaign platforms, social media, and any service you cannot afford to have compromised.
The free technology can help protect your account even if your passwords are stolen by validating that a device is your own through time-sensitive codes generated in an app or sent by SMS. Never, ever, given anyone your MFA codes.
These are basic hygiene steps small businesses can make, with more strategies available as you increase you understanding of the cyber security space.
Back up data routinely
Back up your critical data. Make your backup routine a regular task and remember to test that backups can be restored without a hitch. Consider the 3-2-1 backup strategy, which helps in the event of multiple disasters. In short:
- create two backup copies of your data,
- store them on two different media (like a hard drive and cloud service),
- store a hard disk off-site in the event of a physical disaster.
Commercial backup services exist that can simplify the process.
Schedule automatic updates
Apply updates for all of your IT platforms and then schedule any automatic updates you can. Updates contain fixes and repairs for cyber security flaws. Update your devices, websites, apps, network storage, CCTV, routers, and anything with an internet connection.
Stay aware of scams
Cyber criminals are opportunistic and the growing number of ways for people to communicate electronically means scams can come in many forms.
Telstra’s Cyber Security team constantly monitors suspicious emails, phone calls and texts to identify ways to minimise their impact and help you stay safe online. You can check information on active scams online at any time but note that while it is updated regularly, it is not complete list of all possible active scams.
Look for a report phishing button in your app or service to flag suspicious messages and emails. You can also:
- report suspicious SMS, emails or calls to Telstra
- forward SMS messages to 7226 (SCAM)
- report suspicious messages to the ACCC
How the Cyber Wardens programme can help you
For small and medium businesses to thrive in an online world, increasing employees' cyber safety skills is essential. Cyber Wardens is a programme from COSBOA with support from Telstra and Commbank.
Cyber Wardens’ purpose is to help create a frontline defence against cyber threats within Australia’s five million-strong small business workforce. It’s inspired by first responders such as first aid officers and fire safety wardens to deliver training to help prevent and respond to cyber attacks.
The programme aims to arm small business employees and owners with simple steps to help protect their personal and professional lives online. The focus is on practical behavioural change with a focus on accessible language over technical jargon. Training is delivered via a free and easy to use e-learning platform.
Benefits of participating in the Cyber Wardens programme
Participating in the Cyber Wardens programme will enable you or your team members to become certified ‘Cyber Wardens’ with a digital certificate and toolkit complete with ‘Cyber Warden Drills’ to run with your teams that test their cyber safety.
Having at least one trained Cyber Warden in your organisation can help your business:
- Make better decisions to protect itself from online threats.
- Uplift cyber safe culture across your team.
- Strengthen customer trust and reinforce your reputation.
- Upskill your team and provide employee development opportunities.
And if your business has a trained Cyber Warden you’ll also receive:
- A certification to use on your website that shows your customers you have taken proactive steps to help protect your business.
- Downloadable resources for your workplace, including cyber safety posters, fact sheets and fliers.
Helping you, your team and your customers be more confident you are doing what you can to help protect your business and your customers from cyber criminals.
Help fight security breaches
By signing up for Cyber Wardens, a program from the Council of Small Business Organisations of Australia (COSBOA) that aims to educate businesses like yours on how to help fight online threats.