Heading into this year, growing Australian consumer confidence started hinting at the first signs of economic recovery from the COVID-19 pandemic. This optimisim comes as welcome relief to businesses after an incredibly difficult year. Nonetheless, we must expect varying degrees of disruption this year and prepare and protect Australian businesses to bounce back no matter what the event. To protect business continuity in the face of increasingly advanced attacks, champion cyber resilient practices and invest smartly a multilayered cybersecurity approach, keeping the below insights in mind.
Employee overconfidence must be addressed
A report published this past fall found that 1 in 5 Australians (20%) have received phishing emails specifically related to COVID-19. 1 in 3 (33%) respondents reported being more concerned about phishing now than they were at the beginning of 2020.
Despite the growing concern, many Australians remain overconfident in their ability to spot phishing scams. The same report found that while 2 in 3 (66%) Australian workers say they know enough to keep themselves and their personal data safe from cyberattacks, 61% click emails from unknown senders regularly.
In today’s distributed work environment, security leaders must understand and reiterate often how cyber resilience supports overall business resilience. Here are a few ways to reinforce strong security habits among your workforce:
Ensure work and personal devices are separate
The aforementioned report found that 1 in 4 (25%) Australians use their personal devices for work. An additional 12% use their work devices for personal matters, while a whopping 43% do both. With so many employees working outside of traditional office settings, it can be difficult to enforce proper boundaries. However, by ensuring workers have clear distinctions between work and personal time, devices, and obligations, businesses can reduce the amount of uncertainty that can ultimately lead to phishing related breaches.
Promote cyber knowledge and regular training
Despite many Australians claiming they know how to spot a phishing scam, 1 in 5 admit they have clicked on a phishing link this year, with 10% stating they didn’t report the incident to IT. To help employees develop better cybersecurity habits, as well as a healthy dose of skepticism, companies must invest significantly in regular training and education, including phishing simulations so employees don’t fall victim to related scams. There is plenty of room for improvement here as only 27% of Australian workers say their companies increased cybersecurity training during the pandemic.
Incorporate cyber resilience into company culture
A culture of cyber resilience recognises that everyone – not just IT – has a role in keeping their company protected. When businesses internalise a culture of cyber awareness and resilience, they are better prepared and better positioned to experience growth.
In addition to regular employee training, businesses can reinforce a cyber resilient culture by publishing regular communications on security topics in the form of emails, social media posts, and interactive videos. These communications should highlight real-world threats employees need to watch out for in their work and personal lives, and industry news about other businesses that were adversely affected by attacks to consistently highlight the importance of proper cybersecurity practices.
Update software and systems regularly
Hackers often exploit security vulnerabilities in older software versions and operating systems. Regularly updating software and systems is particularly important as staff continue to work from home and have less day-to-day contact with IT. With Aussies increasing the amount of time spent working from home, IT teams don’t always have the same degree of control over how and when company laptops and software are updated, meaning the responsibility of ensuring the latest software updates lies more with the employee now than ever before.
Back up data and make sure employees can access and retrieve data no matter where they are
Even though the pandemic has brought a new reliance on cloud and collaboration services, unfortunately, 68% of Aussies don’t back up their data regularly. More shocking still is that the report found a whopping 35% have needed to recover files since the pandemic began. It is important to remember that looking after data is critical for business continuity. We recommend storing one backup in the cloud and one locally, or in other words “hybrid backup.” It allows businesses the ability to recover from a wide range of disaster scenarios.
When considering the distuptions and stressors faced by Australian workers in 2020, it is important that companies do all they can to prevent and prepare for data breaches and cyber attacks. The best thing any Australian business can do is foster a culture of cyber resilience that gives workforces the confidence, tools and training to ensure cyber aware and informed decisions are made every day, by all employees.