Businesses keep falling for these cyber security risks time and time again

| May 31, 2021

Cybersecurity is never out of the headlines for long, with Air India, US fuel pipeline Colonial, and even Australia’s own channel Nine all hit with breaches in the past few months alone. Every story is a stark warning to businesses big or small that cybersecurity must be high on your agenda. If not, your company is at serious risk of becoming the next big breach.

Despite all this, cybersecurity is often pushed to the bottom of the to-do list, always competing with the never-ending demands of running a business. Plus, in many cases, businesses aren’t even aware of the risks they face.

A recent survey conducted by the Australian Cyber Security Centre found that small to medium-sized businesses (SMBs) who outsourced their IT security believe they are better protected than they really are, and that one in five SMBs did not even know what the term ‘phishing’ meant.

So, what are the risks that businesses continue to fall for? Why do we keep making the same mistakes, time and time again? The first and most obvious stumbling block is passwords. Most businesses are aware that changing their passwords regularly is a smart move, but a large number fail to put that knowledge into practice.

Passwords should be rotated at the very least every 60 days, although every 30 days is even better. To make them even harder to guess, passwords should be at least eight to 10 characters long, have at least one number, one capital letter, and one special character, such as one of the following: ‘!@#$)’.

Without the right practices in place, businesses are at serious risk of having their business emails compromised, which is a very common and persistent threat to organisations big or small. When hackers gain access to your actual email ID, they can sit and watch all the communications to and from your account, get familiarised with your communication style, and figure out who you are dealing with and making payments to.

Cybercriminals are then able to wreak havoc. Imagine the scenario: the hacker sends an email using a fake lookalike URL from the CEO to the actual legitimate email ID of the CFO asking for some funds to be transferred urgently to a specific bank account. The CFO trusts that the email is legitimate and performs the transfer.

In order to better secure themselves from such a scenario, multi-factor authentication (MFA) is a great option for all businesses, adding an extra layer of security by using two or more pieces of evidence to log in to a single location. Some common examples of MFA include an SMS message, phone call, or authenticator app to verify a browser login.

The best way to deal with cyberattacks uses a combination of processes, people training and technology. Constant training, awareness and process flows are the best way to help internal and external staff spot any anomalies – and avoid becoming the next big news story.