As the financial year draws to a close, it’s a good time to reflect on the previous year and plan for the next. And those plans for the new financial year may well include introducing new cyber security measures within your organization.
In the same way we review and plan our finance positions, we should also take stock and plan projects for our physical and digital security measures for the year ahead.
Reviewing the resilience of your current business practices, systems, and tools is a step in the right direction toward improving your organization’s cyber security.
In this context, thinking like a cyber criminal can help. Not in a nefarious way, but to help you understand the most common security flaws cyber criminals try to exploit. Then, you can make sure to address those risks appropriately or get some expert security advice.
Once you’ve found the gaps in your existing security measures, you’ll be able to prioritize them and start working to address them. This vital planning will serve you well as you enter the new financial year.
Looking in the rear-view mirror
SafeStack recently wrapped up the number crunching and reports for EOFY 2021/22. We’ve had reason to celebrate a few significant milestones this year as we continue our startup journey. But we’re also alert for anything that could signal a cyber security threat.
A rise in fraud and tax scams plaguing businesses around tax time is a global phenomenon. The incidence of false billing, phishing, and impersonation scams tends to peak as attackers try to use the pressure and chaos accompanying EOFY deadlines to their advantage.
Keep your spidey-senses tuned for any unexpected emails, invoices, or callers you’re unfamiliar with – especially if they request changes to payment details or other sensitive financial information. These may very well be clues that alert you to an attempted cyber crime.
No company is too large or too small to consider itself safe from the crosshairs of greedy cyber criminals. They’re prepared to cast a wide net, hoping to snag someone to deceive and defraud. The best way to protect your organization and data is to develop good cyber security practices. There are a few things you can start doing right now that will stand you in good stead in the immediate future.
Wide-awake and ready
Our mission at SafeStack is to enable and encourage you to work more securely. Your financial advisor may have given you a number of things to focus on to improve the financial health of your business. In a similar spirit, we’ve put together six things you can do to improve your business’s cyber security practices right now.
#1 Keep software up-to-date
It’s critical to keep the software on all your devices updated. Turn on automatic updates to update your operating system as soon as a new version becomes available. Often these updates address recent security issues identified in the software.
The same goes for keeping your web browsers and mobile apps updated. Security updates to web browsers may contain security updates to patch new vulnerabilities. Many business functions now rely on web browsers, so making sure you’re up-to-date is key.
#2 Install antivirus protection
Using antivirus software remains one of the best defenses against cyber attacks. Seek advice from an IT security specialist about which antivirus provider will best suit your business’s needs.
Using antivirus may seem obvious, but don’t let something you overlook be the weakness cyber criminals can exploit.
#3 Practice good password hygiene
Remembering and managing large numbers of complex passwords is overwhelming. It’s tempting to take shortcuts, like reusing the same passwords repeatedly, sharing logins with coworkers, or using simple passwords. But these password behaviors cause weaknesses in your cyber security defense.
Take a mental load off and store your passwords securely in a password manager. Doing this means you can safely store unique, complex passwords for all your accounts without stressing about remembering them. You can leave those birthday and pet name passwords in the past — where they belong.
Also, ensure your team knows not to provide their credentials to anyone, particularly when someone asks over the phone. Legitimate providers will have ways to authorize you without asking you to do this, like multi-factor authentication.
#4 Use two-factor authentication (2FA) to protect your email accounts
An email account is a veritable gold mine of information and presents an attractive target to attackers. Our email inboxes contain sensitive information about our businesses, our clients, and ourselves. We recommend enabling 2FA on your email accounts to up your protection factor.
When you enable 2FA, you create an extra layer of cyber security for your email account. It means that when accessing your email account, in addition to your password, you need to provide a second form of identification – this is often a code sent to your registered mobile phone.
When 2FA is enabled, your account can’t be accessed by anyone unauthorized by you, even if they’ve stolen your password.
#5 Backup your data
Back up regularly and frequently. Your backups should be stored separately from your business systems to prevent them being affected by any malicious attack.
Having a good backup strategy means that if you’re the victim of a security incident or ransomware attack, you’ll be able to recover quickly and continue business as usual with minimal interruptions.
#6 Top up your cyber security awareness training
Whether most of your team is returning to on-site work or working remotely, now is the time to book some security awareness training seats. Your organization’s security is only as strong as its weakest link, and every single person has a role to play.
Cyber security awareness training helps people with the steps they need to take to protect themselves and the data they work with. Putting learning into action is where security awareness training directly impacts your business, employees, and data.
We hope this advice encourages you to prepare your business for working more securely in the year ahead. Identifying what’s most valuable in your business and finding out how best to protect it is undoubtedly time well spent. If you’re looking to keep growing and improving your security and privacy awareness practices, we’re here to help.
Building your cyber security superpowers
Growing and embedding a security and privacy awareness culture takes time and effort. SafeStack’s Security Awareness training program can get your teams on the right track. Our courses cover the behaviors and skills to help position your team as your greatest defense against cyber attacks and data leaks.
A chain is only as strong as its weakest link. This is particularly true when it comes to cyber threats and data security in your organization.
Anyone in an organization can be the target of a cyber attack. Security Awareness training equips everyone in your team with the skills to handle data securely, identify possible cyber threats, and know what actions to take to protect themselves and the organization.
Learn how to defend yourself, your organization, and your valuable data.
Help your team build their cyber security superpowers
Growing and embedding cyber security culture takes time and effort. And culture change needs the active participation of your team. Learning secure behaviors and practical skills means your team becomes your greatest defense against cyber attacks and avoids data leaks.
SafeStack’s Security Awareness program helps teams learn about aspects of cyber security. We help people understand what behaviors make them less likely to become the target of a cyber attack. Simple, action-oriented learning content helps you embed good cyber security practice basics into your daily routines.
Recent titles added to our Security Awareness course catalogue are:
- Security for people who don’t work in offices
- Data classification
- Sharing data and documents securely
- Incident response for everyone
Try it yourself
Want to test-drive our Security Awareness training with no obligations? Sign up for a 14-day free trial to take it for a spin — no credit card required. You can also invite more team members once you’ve signed up.
We love to hear from you
We’d love to hear your feedback. Drop us a line on firstname.lastname@example.org and let us know what you think.