skip to main content
  • Business Intelligence
  • Growth
  • Customers
  • Productivity
  • Business IQ
  • Trends
  • Success Stories
  • Tech
  • Awards
  • Business Tools
  • Subscribe
  • Tech Enquiry
  • Business IQ

    “Most breaches involve human error”: Why people are key to your cyber security

    Smarter Writer
    Smarter Team

    A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

    Smarter Writer
    Smarter Team

    A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

    Staying on top of internet security updates might be the last thing on your mind, but it’s important. More often, cyber criminals are exploiting weaknesses in your team’s decision making to gain access to your systems.

    Stressed man using laptop

    “When it comes to employees, your cyber security controls are only as good as your weakest link, with most breaches involving some kind of human error,” explains Telstra’s Cyber Security Product Executive Matthew O’Brien. Often, it’s an innocent slip by an individual – like opening a phishing link in an email or using an unsecured Wi-Fi network when working on the go – that can lead to a serious cyber threat.

    Here, we look at how you can evaluate your cyber security risk profile and some of the real-life scenarios and examples of where staff (owners to employees, contractors and suppliers) can erode your business’s cyber security.

    Check your cyber security risk profile

    Evaluating the gaps in your cyber security can help you make a plan to improve it. Start by breaking down the following things that could potentially compromise your business’s security:

    • Who’s doing the work: humans who provide the first line of defence through their actions.
    • How they’re working: tools and programs used to create, share and store information.
    • Where they’re working: environments and networks where the work happens.

    If you’re not sure how your business fares in these areas, try our free Cyber Security Quiz. You’ll receive a personalised report (as well as recommendations to help you strengthen your defences) and it’ll only take a few minutes.

    Opening phishing links in emails

    One of the most common types of online attacks for small businesses starts by a person clicking on a malicious email link. To help prevent this from happening, educate your team to know what to look out for when it comes to phishing links, so they can steer away – and also advise the business that they received a potential threat.

    Letting security software updates slip

    It’s easy (and common) to keep hitting the “later” button when a new software update pops up. But it’s important to know that updates are released specifically to combat bugs and to maintain defences against online threats. Encourage your team to allow system updates to automatically install. Or consider making automatic updates part of your device policy for anyone in your business.

    Using unsecured Wi-Fi networks

    The free Wi-Fi at your local café or at the airport is not a secure connection. Hackers and cyber criminals can easily intercept data by tapping into these networks. You might think your business is too small to be a target, or that a criminal wouldn’t target you as an individual, but there plenty of reports of these kinds of online crimes every day in Australia. One way to mitigate this risk is to secure your sensitive business information with a virtual private network (VPN).

    Giving out information on the phone and social media

    The way your team shares information can be compromised if they aren’t using secure sharing software. This is especially true if they are working remotely or on the go. Things like reading a credit card number aloud on the phone in a public area or sharing an employee’s details or passwords via private message on social media can pose risks. Hackers can use personal information your team have shared on their personal social media profiles in a number of ways, including posing as someone trustworthy in order to get them to give away information or click on a link. To help mitigate these dangers, implement policies and education on how your team can share information securely.

    Use of employee-owned devices (including while working from home)

    If your team are using their own devices for business activities without adequate cyber protection, it could leave your business exposed. With more devices in your business network, the urgency to keep up with your business protection increases. Securing personal devices in the age of remote work must extend from desktop to mobile and other connected devices to keep your business secure.

    Not using multi-factor authentication

    Multi-factor authentication is when a user is only granted access to an application or system after successfully presenting two or more pieces of evidence (like a phone number and a password) to authenticate their identity. Without it, passwords can be guessed by hackers and systems can be more easily accessed by criminals. Staff should be advised not to use the same passwords for work and personal use, and to change them at regular intervals. Consider getting multi-factor authentication software for your business, or speaking to an expert to help you set this up.

    To stay vigilant, keep up to date with the latest tech news and government recommendations around cyber security. Create policies and implement processes that educate your employees on the relevant risks and instil habits that will mitigate cyber risks in the first place.

    Is your business at risk of cyber crime?

    Learn to assess risk and safeguard your business against online threats.

    Access free reportIs your business at risk of cyber crime?

    Business IQ
    Business IQ
    3 ways to use data for repeat business

    Data analytics is often associated with large enterprises. But, there are a wide variety of ways that small and medium-sized businesses can use data insights to learn how to ge...

    Productivity
    Productivity
    Make working from home work for you

    Boost your home office by following some clever work from home guidelines, including a well-planned wardrobe, time-saving technology and some work-life balance.

    Productivity
    Productivity
    Remote working is here to stay: Our checklist to update your setup

    Many businesses had to start working from home due to COVID-19, with no time to put proper remote working processes in place. In many industries, remote working will be here to...

    Productivity
    Productivity
    5 work from home tips: habits for a healthy mind, body and business

    Health and productivity are inextricably linked. So how can you ensure you’re setting yourself and your staff up with a successful work life balance while working from home?