skip to main content
Business IQ

Checking the locks: How to audit your cyber security

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Cyber attacks are becoming more prevalent and sophisticated. To keep your business safe, regular cyber security audits can help.

Image shows a man using a laptop holding a Perspex lock. The rate of cyber attacks is on the rise.

Many small and medium businesses may be vulnerable to online threats, often due to a lack of online security resources. The Australian Cyber Security Centre (ACSC) found that 62% of Australian small and medium businesses they surveyed had experienced a cyber security incident. This seems counterintuitive because a common myth is that the bigger the business, the bigger the payoff, which would make large organisations more likely to be targeted – but that certainly isn’t always the case.

According to the 2019 Telstra Security Report, one of the top challenges for security professionals throughout the year was managing the impact of new technologies such as the Internet of Things (IoT). And it was predicted that by 2020 more than 25% of identified enterprise attacks will involve the IoT. But with the implications of COVID-19 and many more people working from home, around one-third of global cyber attacks occurred on IoT devices, according to Nokia’s Threat Intelligence Report 2020.

One example in recent years is the case of hackers breaching IoT security cameras to access networks and create a huge DDoS attack. The attackers hijacked CCTV cameras made by the surveillance firm Hangzhou Xiongmai Technology using malware known as Mirai. The attack took down sites – including CNN, Spotify and Twitter – for long periods, showing how hackers can control a growing number of online gadgets connected to the IoT and disrupt the online world on a massive scale.

To help prevent cyber threats, you can start by looking at the security measures you already have in place – and identify where you might have some gaps. Audits can include an assessment of emerging threats, such as ransomware and ‘shadow IT’ (solutions built and used inside organisations without explicit organisational approval). One way to address this threat is to devise a ‘safe list’ of assessed, permissible apps and ensure your team stick to the agreed list.

You should also be mindful of the potential threats posed by ‘bring your own device’ (BYOD). One effective preventative measure is to create robust passwords. A password that uses symbols, numbers and letters is tougher to crack. Consider implementing 16-character passwords that are formidably difficult to work out. Changing compliance requirements may also deserve consideration.

The Asia Pacific region’s most common malware strain – ransomware – holds a device or system hostage by blocking access until a ransom is paid. Ransomware can be shared through digital attachments, or it can be dropped onto vulnerable devices by ‘exploit kits’, when the user visits a compromised site. Training your team to identify threats is one of the most effective ways to prevent malware from infiltrating your business’s network in the first place. Keeping your software updated is also a vital consideration.

Your audit should integrate into an ongoing security strategy, involving a partner who is capable of ensuring your cyber security stays current at all times. Doing the job alone is difficult. You will almost certainly need assistance, so don’t be afraid to reach out. If you just wing it, you may suffer consequences beyond financial loss. A hacker attack may dent your business’s reputation and also result in legal compliance issues.

*Originally published on June 14th 2019. Updated February 19th 2021.

Is your business at risk of cyber crime?

Learn to assess risk and safeguard your business against online threats.

Access free reportIs your business at risk of cyber crime?

Young man online shopping
Trends
'Buy now, pay later': Could it help boost your business?

Today, the way your customers expect to book and buy online is more diverse than ever. As a small or medium business, this brings a new opportunity to strengthen your online pr...

Man checking receipts and working on a laptop
Business IQ
Business IQ
Watch out for COVID-19 remote work scams and phishing

Cybercriminals are targeting staff ordered to work from home amid the COVID-19 pandemic, with convincing phishing emails that reference the victim’s workplace.

Business owner and trainee working on a desktop computer
Business IQ
Business IQ
Federal Budget 2021: 5 opportunities for small businesses

Bill Lang, Executive Director of Small Business Australia, shares his take on the key opportunities for small businesses following the Federal Budget 2021 announcement – with a...

Online review options
Trends
Are you harnessing the power of online reviews?

Before choosing to buy, customers are turning to online reviews to see how a business fares. Discover how skillfully managing feedback online can give customers more reason to ...