“In this corner we have firewalls, encryption, antivirus software, etc. And in this corner we have Dave!”
This apt cartoon of a boxing ring face-off between a stack of computer hardware and a blank-faced end user was the opener to July’s Professional Development and Training Seminar at the Majestic Roof Garden Hotel presented by Loftus CEO John Stronnar.
And it’s the perfect representation of the risks posed to business in the digital age – the essence of Loftus’s download on the ever-changing subject of cybersecurity.
Mr Stronnar provided an overview of the eight key checks for business digital security recommended by the federal government’s signals directorate, and his own ‘Loftus 8’, which provided an insight into practical measures businesses of any size should take into account to secure their information assets.
Even members from larger organisations with in-house IT spoke highly of the insight into the world of cybersecurity Mr Stronnar provided.
Here are Showcase SA’s takeaways from this insightful session:
1. Update your firewalls
And do so regularly when you perform other system software updates. Businesses should log each firewall update in an audit document to demonstrate undertaking the fundamentals required to protect your system – which may be useful when you need to demonstrate your internal processes to an insurer!
2. Take a Layered Approach to Security
Consider the layers of your business and how they may or may not be vulnerable. What ways of bypassing your business’s security might exist internally or externally? Can staff use personal email and social media on work systems, potentially giving hackers another way in? Is your data stored in Australian jurisdictions, or off-shore and subject to the laws of other nations? You can work with your external or internal IT teams to determine where your vulnerabilities may exist.
3. Know your Supply Chain
A hacker will likely attack your IT provider and all the services they administer, rather than your one business. Knowing your IT provider’s business practices is therefore essential. Key questions include those like: what does your IT provider’s insurance protect you from? Does it hold relevant accreditations or endorsements (or is it at least working towards any)? Is the storage of your sensitive material protected by multi-factor authentication systems? Remember, you may be doing everything right, but be sure your IT provider is too!
4. Wireless
There are many things you can do to beef up your wireless protection, but three simple measures are: Create a guest Wi-Fi service so you don’t need to give out your details to everyone, hide your SSID so that your Wifi is not publicly viewable, and change the wireless password – when was the last time you changed it? When was the last time someone left your business with it?
5. Responsibilities and audit
Appoint someone in your business who is process-minded to act as your audit officer – responsible for logging the things you identify as important to your digital processes – and someone to review their completion (they don’t need to be a tech expert either). Some actions could include: reviewing backups, tracking software updates, reviewing the users registered to your system.
6. Cyber awareness
Good cyber principles begin at home. The human link in the cybersecurity chain is usually the weakest – that’s your system’s users. Establish a cybersecurity and awareness program for staff, teaching simple measures like using secure passwords, avoiding dodgy websites, using two-factor authentication.
Fact: 4% of ‘phishing’ emails result in a reply back to the ‘phisher’ – that’s 40 in 1000 emails potentially leaving your business vulnerable.
7. Off-boarding
When someone leaves your company, what happens to all of the passwords, information and devices that have access to your systems, social media and more? Make sure processes around exiting staff are incorporated into your responsibilities and audit log, and finally…
8. Use Good Passwords!
“Passwords are dying!” Or so say the naysayers. But passwords will always be here, and you should treat them link your undies – change them regularly, and never share them with anyone. A good password is something memorable, long and complex. Instead of choosing one random word, pick a long combination of words.
I5ThereLifeOnMar$? is probably better than bowie71.
And certainly better than password.
Loftus is a Showcase SA Sponsor and Platinum Package Member, providing tailored technology solutions for South Australian business. You can find out more from the team at Loftus at loftusit.com.au.
