Business IQ

Checking the locks: How to audit your cyber security

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Cyber attacks are becoming more prevalent and sophisticated. To keep your business safe, regular cyber security audits can help.

Image shows a man using a laptop holding a Perspex lock. The rate of cyber attacks is on the rise.

Many small and medium businesses may be vulnerable to online threats, often due to a lack of online security resources. The Australian Cyber Security Centre (ACSC) found that 62% of Australian small and medium businesses they surveyed had experienced a cyber security incident. This seems counterintuitive because a common myth is that the bigger the business, the bigger the payoff, which would make large organisations more likely to be targeted – but that certainly isn’t always the case.

According to the 2019 Telstra Security Report, one of the top challenges for security professionals throughout the year was managing the impact of new technologies such as the Internet of Things (IoT). And it was predicted that by 2020 more than 25% of identified enterprise attacks will involve the IoT. But with the implications of COVID-19 and many more people working from home, around one-third of global cyber attacks occurred on IoT devices, according to Nokia’s Threat Intelligence Report 2020.

One example in recent years is the case of hackers breaching IoT security cameras to access networks and create a huge DDoS attack. The attackers hijacked CCTV cameras made by the surveillance firm Hangzhou Xiongmai Technology using malware known as Mirai. The attack took down sites – including CNN, Spotify and Twitter – for long periods, showing how hackers can control a growing number of online gadgets connected to the IoT and disrupt the online world on a massive scale.

To help prevent cyber threats, you can start by looking at the security measures you already have in place – and identify where you might have some gaps. Audits can include an assessment of emerging threats, such as ransomware and ‘shadow IT’ (solutions built and used inside organisations without explicit organisational approval). One way to address this threat is to devise a ‘safe list’ of assessed, permissible apps and ensure your team stick to the agreed list.

You should also be mindful of the potential threats posed by ‘bring your own device’ (BYOD). One effective preventative measure is to create robust passwords. A password that uses symbols, numbers and letters is tougher to crack. Consider implementing 16-character passwords that are formidably difficult to work out. Changing compliance requirements may also deserve consideration.

The Asia Pacific region’s most common malware strain – ransomware – holds a device or system hostage by blocking access until a ransom is paid. Ransomware can be shared through digital attachments, or it can be dropped onto vulnerable devices by ‘exploit kits’, when the user visits a compromised site. Training your team to identify threats is one of the most effective ways to prevent malware from infiltrating your business’s network in the first place. Keeping your software updated is also a vital consideration.

Your audit should integrate into an ongoing security strategy, involving a partner who is capable of ensuring your cyber security stays current at all times. Doing the job alone is difficult. You will almost certainly need assistance, so don’t be afraid to reach out. If you just wing it, you may suffer consequences beyond financial loss. A hacker attack may dent your business’s reputation and also result in legal compliance issues.

*Originally published on June 14th 2019. Updated February 19th 2021.

Is your business at risk of cyber crime?

Learn to assess risk and safeguard your business against online threats.

Access free reportIs your business at risk of cyber crime?

Man using tablet in stockroom
Business IQ
Business IQ
The fundamentals of online security planning

Protecting your business online requires more than set-and-forget antivirus software. In an increasingly digital world, planning and strategy are key for keeping your business ...

Man using tablet in stockroom
Productivity
Productivity
Your 5-step guide to digitising your business

Kickstart your business’s digital transformation with our quick guide. Discover the five essential steps that can help your business thrive online in 2021 and beyond.

Hacker working on a laptop
Business IQ
Business IQ
What it's like to be hacked: 2 businesses tell their stories

We uncover the financial, reputational and emotional impacts faced by two small Aussie businesses that have been victims of an online attack.

Secure payment on a mobile phone
Business IQ
Business IQ
3 ways to show customers you’re keeping their data secure

Give customers every reason to shop with you by showing them your business is secure online.