Cyber attacks now occur every eight minutes in Australia, and according to the IT company Upguard, if you‘re an Australian business, there’s a 30% chance you will suffer a data breach. Furthermore, the average cost of a data breach in Australia in 2020 was $3.35 million per breach, an increase of 9.8% year on year… and the costs keep rising. All of this makes it imperative that you do everything possible to protect all connected products within your organisation. To do this, it is essential to take a multi-layered approach including: Regularly backup your system, Ensure all software and apps are up-to-date, Segment your network, Formally assess and test the security of your network on a regular basis (consider an external provider), Educate your team. With 82% of breaches involving human error, training your employees on data security is imperative. But this is not a ‘set and forget’ situation. Only regular training will ensure they remain cognisant of the increasing risks of a data breach and vigilant when it comes to security protection. Training should be ongoing to ensure employees remain aware of: Current national and international threats / hacks /phishing they may be exposed to and fooled by, The need to check the legitimacy of every sender’s email addresses before responding, The importance of checking any reply email addresses or links within emails received before responding or activating, The need to protect both soft and hard copy confidential files from intruders who may use the information to hack your system, Your company’s communication policy in relation to advising of changes to confidential or high-risk information, such as bank account, address, payroll system details etc. To mitigate risks significant changes should be communicated by phone, in person or by hard copy – and staff, stakeholders, clients and suppliers should be aware that this is your company policy. Enforce stringent password security among staff: Use two factor authentication on emails, Regularly change passwords, Keep passwords confidential and ensure they cannot be found, i.e. don’t leave passwords or personal details on post-it notes attached to the computer or on devices that are not password protected. Don’t Take a Risk To ensure your staff are consciously applying your company’s data security policies, conduct regular and random tests. Act as a hacker, sending phishing emails that invite your employees to click a suspicious link or reply to an unknown email address. If an employee responds or clicks the link, you’ll know they need extra training to upskill and/or remind them of company policy. Stretched for Time to Manage Security? Establishing policies, implementing training, and updating systems takes time. At the Ayers Group (a People2.0 company), we can free you up to focus on essentials like data security, by taking care of all the admin and migration processes associated with engaging and managing staff and contractors – all from one easy platform that integrates with your existing software. Contact an expert from the Ayers Group today. References www.skynews.com.au/australia-news/politics/albanese-government-admits-optus-hack-shouldnt-have-occurred-as-it-looks-to-increase-22-million-fines-for-data-privacy/news-story/31405bba30bd2447a6fcc712f5670c45 www.upguard.com/blog/australian-data-breach-stats https://www.ibm.com/blogs/ibm-anz/the-rising-cost-of-a-data-breach-in-2020/