Staying cyber safe with skeleton staff
By John Hines, Verizon Enterprise Solution head of cybersecurity Asia Pacific
Monday, 19 December, 2022
The holidays are fast approaching, with Australians looking forward to a well-deserved break. Unfortunately, the cyber threat won’t be taking a break, and Australian companies need to be ensure they stay alert and cyber safe even with a skeleton staff, or risk returning to the office in 2023 to deal with unwanted consequences.
There are a number of easy and cost-effective steps small and medium businesses can take to ensure they remain cyber safe and vigilant over the silly season.
Focus on arming your staff over the break
Verizon’s 2022 Data Breach Investigations Report (DBIR) found that the human element continues to drive breaches. This year, 82% of breaches involved the human element. Whether it is the use of stolen credentials, phishing, misuse or simply an error, people continue to play a very large role in incidents and breaches alike.
A simple step to prepare is to make sure that staff still working in the office and remotely are aware of what online dangers to look out for, and know who to contact if they notice something suspicious.
Have clear lines of accountability
The DBIR found a 13% increase in ransomware attacks in the last year, an increase greater than the previous five years combined. And the report found that the number one motivation for hackers is financial gain.
We have seen high-profile brands attacked in recent months, with subsequent confusion about the immediate action that staff need to take. It’s time for all companies, no matter their size, to have a clear outline of emergency contacts for when the office is closed over the Christmas period, and employees should be strongly encouraged to flag anything suspicious to these people.
Address remote working and mobile device use
The DBIR also found that more than half of the analysed breaches involved the use of remote access or web applications. With remaining staff often working remotely and from a range of locations over the holidays, businesses need to ensure there is a clear process in place for staff members who are logging on from remote locations.
This should involve a list of the locations where staff will be logging in from, so suspicious logins can be detected, and the continued use of two-factor authentication.
Those working remotely are also more likely to use their mobile phones, and the DBIR found that these devices are commonly targeted by hackers, with nearly 20% of clicked phishing emails coming from a mobile device.
Keep patches and updates up to date
It’s easy to let simple things slide during the holiday period, such as being vigilant about ensuring all software is kept up to date. Keeping software updated and patched is one of the simplest and most effective ways to stamp out any potential vulnerabilities, and this is even more important over the break.
Do a data audit
Before shutting up shop before Christmas, Australian businesses should also conduct an audit and ensure that all data they hold is correctly classified. This will help to inform an impact assessment if any data is unfortunately breached over the break, and greatly assist with the response.
Cybersecurity is front of mind in Australia currently, but it’s unlikely to be over the holidays, a fact that cybercriminals are already preparing for. By acting now to ensure the mechanisms are in place, your company can ensure you are as cyber safe as possible during the upcoming well-earned break.
This will ensure that 2023 starts smoothly, and there are no lumps of coal left on the office doorstep in the form of a cyber attack.
Building a critical infrastructure security dream team
Today it's essential to have a strong cyber strategy, with all corners of the business aware...
The AI regulation debate in Australia: navigating risks and rewards
To remain competitive in the world economy, Australia needs to find a way to safely use AI systems.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...