Insights on Business
How’s Your Cyber Hygiene?
Given that so many industries, including the accounting industry, are experiencing a wave of digitisation it follows that here is an increased risk of cyber criminals targeting digital assets.
First of all, let's agree what we mean by ‘cyber criminals’.
Cyber criminals are those who operate in the digital space and typically target companies computers, servers, mobile devices, electronic systems, networks; subjecting them to malicious attacks.
And let’s be clear, there are some pretty smart, sophisticated cyber criminals out there who hack software for a living. It can be a very lucrative career path, albeit they run the risk of being imprisoned if they get caught.
Garmin digitally crippled by ransomware attack
One very public example from recent times was the attack on Garmin, a multinational technology company well-known for its mapping and sports tracking products.
As a result of cyber criminals hacking the Garmin systems, users around the world were unable to access Garmin services or sync their data - showing the power that they can wield. But that wasn’t all. Not only did Garmin’s online services go offline but so did their call centres, emails and online chat systems too.
They were digitally crippled and the whole world witnessed it.
What happened? It was a cyber attack that encrypted some of its systems. And the only fix was to have the decryption key to unscramble the files - it's often referred to as a ransomware attack. Instead of taking a person hostage, the cybercriminals take part/all of your systems ‘hostage’ and demand a ransom to ‘release’ it.
Just think about the implications of that attack for Garmin.
Here’s a quote: "As a result of this cyber attack many of our online services were interrupted including website functions, customer support, customer-facing applications, and company communications".
Now think about that in the context of your business.
Scary isn't it? And this is ‘Garmin’ who have a huge IT department and very deep pockets to protect their business.
As professional accountants and business advisors we take a series of steps to ensure that our systems remain secure. Naturally we have a high level of antivirus installed across our devices, we have a remote tracking and management system in place with our IT providers and we use a FortiGate threat management system installed which provides a single sign in facility for all staff.
In addition to these necessary digital systems, cyber hygiene is also reliant on the behaviour of the humans involved too. Not unlike an individual's personal hygiene practices, to maintain good digital health also.
Therefore, educating your employees also plays an important role in maintaining good cyber hygiene. By this we mean, your employees are your front line defence against cyber attacks.
In fact, the most common ways your IT systems are breached is not through some elaborate online, sophisticated attack. It is most commonly by an employee using an infected USB driver or clicking on an email that looks suspicious.
Not all employees are super tech savvy and therefore, education is required. Just knowing what’s in the paragraph above could significantly reduce the risk of future attack. As in the case of Garmin, not taking this subject seriously can jeopardise not only your operations but could, in the worst case lead to the closure of your business.
And of course...
Remote working heightens security risks
The reality is, it’s not just the big companies that are vulnerable. In the wake of the COVID-19 pandemic an increased dependency on mobile devices, remote working using cloud applications, and data being used from more locations, meant the risk of cyber attacks in 2020 skyrocketed.
It is reported that more than 36.5% of Australian businesses have already been involved in an incident through a third-party cloud service used by their employees in the past year. Therefore it’s more important than ever for businesses to close potential gaps in their security.
Even before COVID-19 displaced workforces around the country/world, 26.4% of Australian small businesses reported that they lost between $3,000 and $15,000 through cyberattacks in 2019.
But the damage can extend far beyond the sums of money we’re talking about. It could be argued that losing your customers' trust has far greater implications. Reputational damage, losing clients along with lost revenue and business continuity is hard to place dollar values on until it's too late. There are legal implications too. Handling and storing customer data securely is a big responsibility and if a data breach involves customer data there may be legal costs involved as well.
Perhaps the most frightening statistic is that as many as two-thirds of SMBs that suffer a cyber attack collapse within six months. Sobering isn’t it?
So where to start?
As we’ve discussed already, too often a cybercrimminal’s access to business systems preys on employee naivety. However, employees knowledgeable about current security scams and security risks can identify and block an attack before it happens.
We encourage clients to schedule basic security awareness that includes covering essential practices for passwords and accounts, email security, PC security, and web browsing. Sounds basic, right? But not taking care of this stuff makes you an easy target in the digital space.
After that, unless you’re a whizz on the tech front and have the time to dedicate to the ongoing maintenance of the required security systems, a professional IT partner should be considered a valuable part of your team.
If you have any questions about your business or personal tax position. Contact us for professional business and accounting advise.