skip to main content
Business IQ

Checking the locks: How to audit your cyber security

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Cyber attacks are becoming more prevalent and sophisticated. To keep your business safe, regular cyber security audits can help.

Image shows a man using a laptop holding a Perspex lock.
The rate of cyber attacks is on the rise.

Many small and medium businesses may be vulnerable to cyber threats, often due to a lack of information security resources. The Australian Cyber Security Centre (ACSC) found that 62% of Australian small and medium businesses they surveyed had experienced a cyber security threat. This seems counterintuitive because a common myth is that the bigger the business, the bigger the payoff, which would make large organisations more likely to be targeted – but that certainly isn’t always the case.

According to the 2019 Telstra Security Report, one of the top challenges for security professionals throughout the year was managing the impact of new technologies such as the Internet of Things (IoT). And it was predicted that by 2020 more than 25% of identified enterprise attacks will involve the IoT. But with the implications of COVID-19 and many more people working from home, the need for cyber security has increased. Around one-third of global cyber threats occurred on IoT devices, according to Nokia’s Threat Intelligence Report 2020.

One example in recent years is the case of hackers breaching IoT security cameras to access networks and create a huge DDoS attack. The attackers hijacked CCTV cameras made by the surveillance firm Hangzhou Xiongmai Technology using malware known as Mirai. The attack took down sites – including CNN, Spotify and Twitter – for long periods, showing how hackers can control a growing number of online gadgets connected to the IoT and disrupt the online world on a massive scale.

To help prevent cyber security threats, you can start by looking at the security measures you already have in place – and identify where you might have some gaps. Audits can include an assessment of emerging cyber threats, such as ransomware and ‘shadow IT’ (solutions built and used inside organisations without explicit organisational approval). One way to address this type of threat is to devise a ‘safe list’ of assessed, permissible apps and ensure your team stick to the agreed list.

You should also be mindful of the potential threats posed by ‘bring your own device’ (BYOD). One effective preventative cyber security measure is to create robust passwords. A password that uses symbols, numbers and letters is tougher to crack. Consider implementing 16-character passwords they are formidably difficult to work out. You could also consider changing your compliance requirements.

The Asia Pacific region’s most common malware strain – ransomware – holds a device or system hostage by blocking access until a ransom is paid. Ransomware can be shared through digital attachments, or it can be dropped onto vulnerable devices by ‘exploit kits’, when the user visits a compromised site. Training your team to identify threats is one of the most effective forms of cyber protection. It helps to prevent malware from infiltrating your business’s network in the first place. And don't forget your computer security by aways keeping your software updated.

Your audit should integrate into an ongoing cyber security strategy, involving a partner who is capable of ensuring your cyber security stays current at all times. Doing the job alone is difficult. You will almost certainly need assistance, so don’t be afraid to reach out. If you just wing it, you may suffer consequences beyond financial loss. A hacker attack may dent your business’s reputation and also result in legal compliance issues.

Take our cyber security quiz to find out jsut how effective your current cyber security measures are in protecting your business. 

*Originally published on June 14th 2019. Updated February 19th 2021.

Is your business at risk of cyber crime?

Learn to assess risk and safeguard your business against online threats.

Access free reportIs your business at risk of cyber crime?
Success Stories
Success Stories
Connecting with customer needs and values: How Pakko does it

Nina Nguyen is the CEO of an innovative packaging company called Pakko. After just five years in business, Pakko won the Progressing Australia category in the 2022 Telstra Best...

Growth
Growth
How to use Telstra Plus Market to find new customers

Telstra Plus Market is a new program that gives small and medium businesses access to more than four million Telstra Plus members, helping them reach new markets and customers....

Productivity
Productivity
Spend now, thrive in 2023: Investments to make before EOFY 2022

As the end of the 2022 financial year comes around, investing in your business now can enhance your business’s position later. Improving your digital channels, putting the righ...

Trends
How to spot a gap in the market: The minds leading the non-alcoholic drink movement

Paying attention to evolving customer needs is essential for any small business. Australian drinking culture has been changing over time. The Australian Institute of Health and...