Every business, regardless of industry or size, is vulnerable to cybersecurity attack- that’s just a fact; your business is not immune. As of the writing of this article, there’s an uptick in attacks across New Zealand in both the retail and manufacturing sectors, businesses that normally would be considered low on the radar, and that will only increase in these and other unexpected segments during the year.
According to CertNZ, 2021 was a busy year with 8,831 cyber incidents reported and a combined loss over $16.8 million (these are just reported cases). The primary causes of these incidents were phishing and credential harvesting, scams & fraud, and malware; where phishing had a significant increase in numbers.
I often hear, “We don’t know what we don’t know,” with many businesses adding that they’re not experts in cybersecurity. Covering the basics doesn’t require a specialized skillset or a large financial expenditure. There are four pillars of cybersecurity that every company should cover; securing people, securing communications, securing data (note: this was inadvertently missing from our last article), and securing technology.
Securing People
As noted above, the primary cause of cybersecurity breaches begins with phishing, credential harvesting, scams, and fraud- all due to direct interaction with people. Training employees to look for anything out of the ordinary and taking precautionary steps helps reduce the risk of exposure. Employees trained properly become your human firewall and first line of defense.
Securing Communications
Using technology to secure your inbound email and other communications works in concert with securing your people to reduce the initial attack surface. Products such as Trustifi can also help businesses secure outbound email traffic which is the main source of cyberactivity. Intercepting and misrepresenting emails in transit to recipients are ways cybercriminals deliver malware and harvest business and employee information. Protecting confidential information such as invoices, contracts, etc is especially important.
Securing Data
As our businesses grow and we’re on the move more, the flexibility of having our data up to date and accessible everywhere increases. Platforms like Office 365 and Google allow us to work collaboratively and provide us with that mobility and some extraordinary powerful tooling. SharePoint, office applications, OneDrive and email everywhere is important in today’s business world. In addition to protecting access, securing data means the ability to back it up and retrieve it if lost. These platforms offer limited and complex backup options which spells trouble if you need it now and it’s vanished. There are however some very good cloud-to-cloud solutions to secure your data and give peace of mind.
Securing Technology
Securing PC’s, laptops and other mobile devices is the last line of defense. Should something slip through your people and communications layers, having next generation Anti-virus technology on those devices is critical. Reliance on the off the-shelf brands that we’ve long known is not going to stop many of the advanced malware and attack methods. You need something built for a business environment.
All or any combination of the pillars mentioned here will go a long way to establishing reliable, resilient cybersecurity as the key to defending your business. Carefully selecting the right products and combinations is important, and the good news is that many of the technologies cost about the price of a coffee per month. A small price to pay for a big sense of relief.