Cyber security quiz
-
1. If your business was subject to a ransomware attack, would you pay the demand?
- Yes, I need my business back online ASAP.
- No, I can safely restore my data to a new device from the cloud.
- Yes, but I’d then look into ways to protect my business from future attacks.
- I don’t think it would happen. My business is too small for attacks.
Did you know that ransomware is a type of malware (malicious software) that infects your computer or device and demands a ransom? It works by preventing access to your all-important files. There are a few types – non-encrypting, encrypting, leakware (doxware), and mobile ransomware. These can collect your personal details, attack other computers in your network, or can corrupt all your data.
While paying the demand might get your data back, it’s only a temporary solution and once a business is hacked, they usually experience ongoing issues. As the saying goes: prevention is better than cure. If your system has been infected, you’ll need a complete rebuild of the operating system and restoration of information from a secure backup. -
2. To protect your business, do you have antivirus software installed?
- Yes, my computer came with it pre-installed.
- Yes, I purchased antivirus software when I purchased my computer.
- No, I don’t need it – I have a Mac.
- No, I use in-built protection.
To shore up your cyber security, it takes more than checking antivirus software is installed on your business’s computers. Every day, technological advancement presents us all the challenge of keeping up with the changes – and tech is changing at an ever-faster rate.
Increased adoption of the cloud and mobile connectivity has raised new challenges for SMBs. Broadly, endpoint protection like McAfee Endpoint Protection Essential for SMB is the standard for small-to-medium businesses, and its variants generally include cloud management, antivirus, anti-spyware, endpoint firewall, and web control. -
3. Do you have antivirus installed on your mobile devices like your tablet and phone?
- I don’t need anything for my phone.
- My main computer has protection – that’s adequate.
- Yes, I have additional endpoint protection.
- In a way. I have a data management program so I can erase my data remotely if needed.
Should SMB smartphones and tablets have dedicated antivirus installed? The answer isn’t yes or no, it depends on the scope of protection your business needs. Your network’s cybersecurity is only as strong as its weakest link, whether that’s an untrained staff member or an outdated smartphone. Again, this is where endpoint security can come in – that integrated combination of cloud management, anti-virus, anti-spyware, endpoint firewall, and web control.
This approach when combined with a mobile device management tool – a product which restricts the features of the smartphone or tablet to stop, for example, the installation of an app that might be infected – is a robust duo. If you make the decision to adopt neither of these options, dedicated antivirus on your devices should be the bare minimum. -
4. Are you aware of your requirements to report data breaches under the Federal Government’s Privacy Act 2018?
- This only applies to businesses bigger than mine.
- No. What legislation?
- I’m aware of it but I’m unsure of my specific obligations.
- Yes, and I have systems in place that safeguard my data.
The latest report from the Office of the Australian Information Commissioner paints a picture that all SMBs need to see. A year into one of the key functions of the Act, the country’s notifiable data breach scheme, the office has received 812 reports where consumer data has been lost, stolen or shared with the wrong people. Almost half, 47 per cent, have involved financial details. The most common causes of breaches are malicious attacks, human error, and system faults. All organisations covered by the act must log a report when a data breach might cause harm. -
5. Are your employees’ devices protected?
- Yes, they are supplied equipment with integrated protection.
- I don’t know, they use their own personal devices at work.
- They don’t work on the main server, so I don’t think they need it.
- Yes, they all have endpoint protection on the devices they use to interact with the business.
A good rule of thumb is that any device working on a network or server is a potential entry point for a cybersecurity breach. Antivirus or anti-malware is just the tip of the iceberg when it comes to device protection, and endpoint protection combined with mobile device management is a good foundation.
You can take it one step further with additional security. Features like containerisation (putting a wall between an employee’s work and personal usage), remote wipe (to erase sensitive data if the device is compromised or a device is lost), anti-spam products (for text or call spam), and sim monitoring products (which can alert you to smartphone or device in the wrong hands), might be the extra help you need. -
6. Do you have email and internet browser security add-ons installed?
- Yes. I use whitelists, prefilters, and password agents.
- I don’t think so. But I do keep my passwords safe and regularly change them.
- No. But I’m aware of the fact that browser settings can help block 3rd party cookies.
- No. I think my passwords are enough.
A white-list is a list of email addresses or domains that your security software will allow data from. In a sense, it’s the inverse of a spam filter, which will actively block addresses or domains you don’t wish to hear from. A pre-filter redirects mail via a filtering server that sorts your mail. While a reputable password agent will create robust passwords for your use online, and pop-up blockers will keep you away from nefarious websites. -
7. What is your practice when it comes to scanning for malware and viruses?
- I make sure that both scans are scheduled daily.
- I have scans scheduled for roughly once per week.
- My antivirus and malware are set to manual. I run scans when I remember to.
- I don’t run scans, as far as I know. I figure the software will do the job.
Scanning is only effective if your equipment’s software is up to date, including the operating system. Matthew Wilson, CEO of Australian cybersecurity specialist Penten, says: "Installing security updates is the number one control that needs to be in place for organisations, as it will neutralise many of the threats that you face. Malware only works because there’s a vulnerability in the software, and often it’s a published vulnerability which has already been fixed in the latest update. Attackers are simply relying on the fact that many businesses fail to install these updates."
Terms & Conditions
By subscribing here you consent to receiving marketing from Smarter Business™ separate to any preferences you may have with Telstra. You will continue to receive marketing communications from Smarter Business™ unless you unsubscribe. You may continue to receive marketing communications from Telstra until you unsubscribe using the contact information in our privacy statement.
By submitting this form you are consenting to Smarter Business™, Telstra or a third party contacting you, including by telephone, about products offered through Telstra. Your name and other details provided will be collected, stored and may be used for online targeted advertising by Smarter Business™ and Telstra in accordance with our privacy statement.
