Cybercrime rates in Australia have surged, with online attacks averaging out to one every six minutes, according to the Australian Signals Directorate. For organisations, one of the most common attacks is email compromise, which involves manipulating individuals into unauthorised financial transactions or the disclosure of sensitive company data.
The rise in cyber incidents translates into significant financial impacts, with costs varying depending on the size of the business. For example, small businesses are facing costs of over AUD46,000 for each cybercrime incident, medium-sized businesses are looking at an average expense of AUD97,000, and large enterprises are dealing with losses around AUD71,000 per incident.
It’s clear there is a pressing need for enhanced cyber hygiene practices among organisations. But what is cyber hygiene?
“Cyber hygiene refers to the practice and steps that companies take to maintain system health and improve online security, helping to protect the business from digital threats, such as malware, hacking, and phishing,” said TeamViewer CISO Robert Haist. “These practices are often part of a routine to ensure the safety of identity, data, and networks.”
Effective cyber hygiene involves a series of proactive measures, including:
- Tracking hardware and software in real time: Organisations should establish systems to continuously monitor all hardware and software assets. Using radio frequency identification and barcode systems can provide accurate, instant tracking essential for managing bring-your-own-device policies and pinpointing vulnerabilities effectively. Additionally, some companies use advanced software to maintain real-time visibility of their IT infrastructure, providing efficient management and quick response to potential issues.
- Automating software patching: It’s vital for businesses to implement automated systems that detect and apply patches to software vulnerabilities promptly. This measure is crucial in guarding against cyberattacks targeting outdated software. By using a unified platform for efficient and secure management of all IT devices, such as the TeamViewer and Ivanti platform, organisations can use remote monitoring and management capabilities as well as Ivanti’s leading mobile device management functions to provide comprehensive security, compliance, and management features.
- Setting up regular data backups: Automated backup solutions are crucial in protecting organisations against data loss from various threats, including ransomware attacks. This strategy ensures operational continuity and mitigates the impact of potential data breaches.
- Implementing access control: Limiting access to sensitive information based on job roles is essential. Companies can streamline the management of user permissions through automated tools, effectively reducing the risk of a data leak or unauthorised access. It can also promptly remove employees access when they leave the organisation or change roles to maintain organisation security and confidentiality.
- Enforcing strong password policies: Business leaders should encourage the use of complex passwords and mandate regular updates. Employing password managers can assist in generating and securely storing strong passwords, reducing the likelihood of security breaches.
- Adding additional verification steps beyond passwords, such as biometric scans or one-time codes, can significantly enhance security measures. MFA introduces an extra layer of security, making unauthorised access considerably more difficult.
- Implementing a zero trust architecture: Businesses should adopt a zero trust approach by never trusting any access request by default, regardless of its origin. They should continuously verify user identities, apply strict access controls, and enforce the principle of least privilege. This ensures that each access request is authenticated and authorised to minimise the risk of data breaches and unauthorised access.
- Choosing suitable cybersecurity solutions: Organisations need to invest in advanced cybersecurity tools that offer proactive threat detection and automated remediation. Ensuring compatibility with the existing IT infrastructure and alignment with recognised cybersecurity frameworks, like the Essential Eight, ISO 27001, and National Institute of Standards and Technology guidelines, can enhance the effectiveness of cybersecurity strategies.
“Cyber incidents have a tangible impact, disrupting operations and imposing significant financial burdens on companies,”” said Haist. “The foundation of effective defence involves having a strong understanding of the basics: ensuring software is up to date, employing strong passwords, and remaining vigilant about the latest digital security threats.”
“Equally critical is leveraging advanced remote access and support solutions that offer secure connectivity and control,” he added. “These tools are essential for maintaining operational continuity, safeguarding sensitive data, and ensuring that teams can respond quickly to any security challenges that arise. By integrating such solutions into their cyber hygiene practices, businesses can proactively confront and mitigate cyber risks, ensuring a secure and resilient digital environment.”
