How to improve your Cyber Security for your business!

For those that don't know me my name is Peter and Im one of the directors of CX IT Services - we are a Managed IT Service provider that helps Accounting Firms and Law Firms plus many other industries. We look after over 700 users across 50-60 businesses and have a passion for technology.

I love helping businesses and I find posts like this are often my best nuggets of gold to give back to other businesses who may need a bit of a guidance - especially with Technology, as there are so many areas and unregulated sections that overwhelm many.

Something that we have really been blitzing on at the moment is Cyber Security. We have partnered with the Australian Cyber Security Centre and follow their Essential 8 mitigation strategies. I have been in IT for 23 years now and I am also working through my Diploma of Cyber Security to further strengthen our companies services for our clients and future clients(hopefully some of you).

So here are my recommendations for improving your businesses stance in Cyber Security. Some are free and easy to do, some require investing in and some may seem like common sense, but the thing is hackers see Australian Businesses as low hanging fruit or easy pickings due to our lack of security.

Its time to change this!!!

If you look at all the breaches in the news, this is just a small few that made it to the media. What you don't see is all the smaller businesses like yours and mine. Some of which lack basic security through no fault of their own, they just haven't been educated on best practices or it is not within their budgets yet or they haven't scaled to requiring some of these yet.

Basically with security you need to have multiple layers of security and you can no longer just rely on Antivirus, Updates and Backups - you need to do more - its a big misconception out there on this.

So for me this is what I consider my bare minimum for Security

1. Update your Operating System and Applications - make sure your doing all your patches, security updates as these stop vulnerabilities in your programs and operating systems.

2.Have Strong Passwords/Passphrases - Don't use date of births, names of your kids, personal identifiable information that can be easily guessed. Don't use same password for everything!

Have at least 12 character or more passwords that include uppercase, lowercase, number and special characters. Use passphrases instead of passwords. Shorter passwords with current CPU processing powers can brute force some passwords very quickly and instantly. Also don't leave post it notes on monitors or a little black book with all your passwords in it. Y'all know who you are!

3. Managed Antivirus - have a managed antivirus that your IT provider is actively monitoring, ensuring your updated and do regular scans. We do End Point Detection and Response this can stop malware and ransomware and isolate the machine from the network

4. Backup Backup Backup - Make sure you backup your data - Office 365 included as there are big misconceptions out there that because its cloud its already backed up. It only holds 30 day retention and after this its gone.

5.Multifactor Authentication - Ensure you have 2FA or Multifactor enabled on all your business and personal accounts, Banking and social media accounts. Lock it down.

6.Restrict Admin Rights - Don't give staff admin rights unless they really need it. Implement some Access Controls to reduce risks in your business. If your pc is compromised your giving hackers keys to your kingdom.

7.Password Managers - Get a password manager to store all your passwords and clients passwords. The amount of people with an excel document with all their passwords and worse - their clients passwords scares the crap out of me. Store them in a password manager and not your browser. We recommend Keeper Password Manager. It will also notify you if your listed on a breach, have a weak password or reused that same password too many times. Implement Biometrics like fingerprint or facial recognition

8.Dark Web Monitoring - scan the dark web to see if your companies domain/emails are listed on any known breaches and implement a strategy to resolve it straight away if listed.

9. Email Protection - Get yourself a decent Spam Filter and utilize Office 365 Business Premium as it offers some great additional security features like Advanced Threat Protection, Azure, Mobile Device Management, Endpoint Manage and more.

10. Implement a Managed Firewall - If you have an office you will definitely need a UTM (unified threat management) which is basically a firewall for your office. It prevents unauthorised access to your network, monitors data traffic, can do VPN, segment your network.

11.Maintain your Website - we see so many business with WordPress Sites unmanaged, not backed up, outdated plugins - much like your computer if its unpatched hackers can exploit this and start sending links to victims using your website - Get it locked down, secured, updated and backed up.

12. Phyiscal Security - Do you lock your Communications cabinet/room up, do you secure off staff areas, have security cameras. Can anyone just waltz into your staff areas or tailgate through doors - Are staff educated on not leaving personal belongings or office pass/keys on their desks that could easily be stolen. Internal Cyber threats from disgruntled ex-employees is quite common. Start thinking about these types of threats in your business and how your at risk.

13. Cyber Awareness Training - conduct regular training for your staff and make it mandatory for new employees. You want to establish who is in need of some training or which employees are a risk to your business

14. Essential 8 - We are partners with the Australian Cyber Security Centre - https://cyber.gov.au and they recommend all business urgent increase their Cyber Security by implementing the Essential 8: Regular Backups, Patch Operating Systems, Patch Applications, Microsoft Office Macros, Multifactor Authentication, Restrict Admin, Application Hardening, Application Control.

A lot of these are already in my other points.

15. IT Policies & Procedures - get your policies setup and signed off by employees - Information Security Policy, Password Policy, BYOD device policy, Mobile Device Policy, Internet/Email Use Policy, Termination Policy, New Employee policies, Website Policy, Encryption Policies, Business Continuity Policy, Disaster Recovery Policy, Cyber Incident Policy - there is so many you can and should have setup.

16. IT Strategy Meetings - Do you have quarterly business reviews with your IT Partner to discuss your business. Things like future growth, IT budgets, Lifecycle management and any security gaps or risks in your business.

17. Lock your Social Media down - if you have a business page on Facebook, Google My Business, Instagram, LinkedIn, TikTok - go through and lock it down to prevent unauthorised access and restrict your privacy. Also from your personal accounts be vigilant in what information your sharing online and potentially does that information target you in phishing emails and cyber attacks.

Be cyber conscious on what's out their online about you.

18. Cyber Insurance - Many businesses only have your standard insurance and don't realise if they have a breach it could cost them a lot of money in recovering from it - legal issues from clients data been exposed, money lost from hackers, reputation damages - the list goes on. Get cyber insurance. Some companies are upping their excess for businesses who don't do some of the basics mentioned above.

There is probably more you can do but the above is a pretty good start. Its often overwhelming to look at all this and say - but Peter i don't have time to do all of this or cant afford to pay for all this. The issue for many is exactly this.... they don't know where to start, they lack the IT knowledge to roll this out or they don't want to invest or see value in it and its usually until they get hit with ransomware they wish they had of taken action earlier...if only someone had told me all this! Alarm bells... Do something now not later!!

That's where finding the right Technology Partner is crucial to your business. Someone who is going to identify these security gaps in your business and give you expert advice to reduce those risks before disaster occurs.

If you turned off all technology in your business - would it still function? I bet the answer is no as it heavily relies on Technology - Internet, Emails, Office365, Phone Systems, website, sales apps- its the backbone of your business and you need to invest in maintaining your data, especially aim to protect your customers information and reduce risks.

By maintaining a good secure technology platform I can almost guarantee it will allow your business to grow and scale.

Answer this question- Who is liable if your business is breached and your clients data is exposed to the internet....is it you? is it your IT partner, is it your staff? Own it and take action... Reduces your risks today

If you want a hand implementing any of the above or have any questions at all - feel free to comment below and ill be happy to answer any questions.

Don't forget to like and share or tag any business owners you know

We want to get Australian Businesses leveled up in Security!!!

Thanks for taking the time to read