Recently CyberGuru’s Chief Guru, Chris Jeffery, was interviewed by internet security software, ESET, about our thoughts on protecting work emails. Please see the resulting article below. As always, if you would like assistance with anything discussed in this article, please feel free to contact us.
Over 30% of cyber security breaches are caused by human error, according to the Office of the Australian Information Commissioner (OIAC).
Since Australia’s mandatory data breach reporting scheme came into effect in February last year, further light has been shed on the key causes of cybersecurity breaches on private customer information – and the reasons might not be what you expect.
The recent Notifiable Data Breaches Quarterly Statistics Report (link opens in new window) shows that malicious data breaches are increasingly relying on a human element to succeed, with a high rate of incidents occurring between October and December 2018 exploiting vulnerabilities from simple mistakes, such as clicking on a phishing email.
With cybersecurity incidents increasing frequency and severity, it’s more important than ever for Australian businesses to understand how best to protect themselves against an attack. To help you get started, CyberGuru Chief Guru Chris Jeffery has collaborated with the team at ESET security to bring you some key tips on how to protect your business emails from data and security breaches (link opens in new window).
Educate and prepare your staff
To protect your company data from a breach, it’s vital to train your employees on the latest strategies being used by cybercriminals and ensure they know what to look out for to avoid being exploited.
Here are some simple steps your employees should follow regularly:
- Checking an email sender’s “from” address to validate legitimacy
- Looking for any suspicious attachments
- Avoiding unrecognised links
- Keeping an eye out for poor spelling and grammar
“Multiple organisations have experienced significant loss from just one staff member opening an email that contained malware,” says Jeffery.
Having additional cybersecurity in place, such as email-filtering software, will help protect your business against email cyber breaches. If you’re unsure what kind of solution is best for your company, consider getting professional security advice or trialling some cybersecurity solutions (link opens in new window).
Foster good password hygiene in the office
“In many organisations today, passwords aren’t managed effectively,” says Jeffery.
“Often, accounts are shared between users or staff, stored on sticky notes, written in notebooks easily accessible on desks, or printed using professional label makers and stuck under keyboards.”
ESET recommends that passwords are changed regularly with a high level of complexity – and if a password is thought to be breached, to change it immediately. While it can certainly be difficult to recall a vast collection of different passwords, it’s important you avoid doubling up as much as possible. A password management solution can make this process much easier, and using two-factor authentication will also serve to strengthen your defence even further
Encourage secure remote working
Do your staff work remotely or on the go? Then you’ll need to make sure they can access emails in a secure way from whatever device they need. In these cases, Wi-Fi security is a big watch out. ESET recommends looking out for fraudulent “free” public Wi-Fi by always checking the name, asking for a password from reception, or using a virtual private network (VPN).
Building the best defence for your business
These steps are a great place to start in protecting your business against data breaches. The OIAC has also developed a data breach preparation and response guide with a four-step process: contain, assess, notify and review. If a breach has been discovered, the faster you respond, the faster you can mitigate the risk and save your reputation.
Significant penalties now apply through the Notifiable Data Breaches Act for businesses who fail to take care in protecting their customers’ data – so it’s vital your business builds the best defence possible.
We encourage you consider how you can protect your organisation by following these tips. If CyberGuru can be of any assistance to you or organisation through consulting, support or training, please contact us.