Top 5 Tips for Protecting Your Business Online with Tannhauser

Michael Woods founded Tannhauser to help improve Australia’s sovereign cybersecurity capability and to establish WA as a recognised hub for innovation and technology.

Taking his global cybersecurity experience and background working in Financial Services and Consulting, Michael hopes to elevate business risk discussions so individuals up to large businesses have the skills and knowledge to make the best cybersecurity decisions and investments.

Michael is passionate about small and medium businesses having the knowledge and skill to operate online with world class cyber security embedded into their practices.

Here, Michael shares his top 5 tips for protecting your business online and ensuring resilience in the face of a cyber incident

Michael’s Top 5 Tips for Protecting Your Business
 

1. Invest in your staff with specific cyber security training for their role

   This is not the boring annual compliance training for cyber security everyone clicks through quickly to get to the questions at the end. The purpose of annual compliance training is to capture positive affirmation that staff have read and understood the policies and procedures. We all read the policies and procedures in detail right? A more direct and cost effective approach to training is to start with understanding your core functions (how your business makes money). Think about what scenarios could negatively impact the services your business provides from a people, process and technology perspective. The learning outcomes will be far greater when staff understand the potential scenarios where they can fall foul or other impacts to your operations. Key concept is to teach staff “what to do” not “what not to do”. Make training fun, engaging and specific to the individual’s role in your business. Story telling and gamification provides more engagement than a phishing test. Don’t assume everyone in your business has the same level of understanding around cyber risks. Your best defence against a cyber-attack is your staff. Help them understand the risks in their day to day role, they are your most valuable asset in your defence, invest accordingly.

   
   

2. Know who you call in a Cyber Security Emergency

   Time is of the essence when a cyber incident occurs. The longer you take to recover and get back to business as usual the larger the impact to your bottom line. Start your business relationship with a cyber security provider prior to when you are in a time of crisis. Get to know your cyber security providers and understand how they can help your business when you need it most. Write down your quick response approach to typical scenarios and walk them through to see if they need to be improved. The key outcome is preparedness so when the inevitable cyber incident does occur you can bounce back quickly and it’s not a major impact or inconvenience to your business. The biggest misconception is to think you won’t be a target or have nothing of value.

   
   

3. Turn on Multi-factor Authentication for ALL Web Applications

   Passwords are easily compromised and scares me how many people I talk to who only use a single password for everything. Once that password is lost or stolen criminals can gain access to all your applications you access over the Internet. Cyber security works on the principle of a layered security approach which is why Multi-factor authentication was introduced due to the inherent flaws in using a single password only. This is incredibly important to confirm at least all web accessible applications have this enabled for yourself, your team and any third party who has access to your applications or data (i.e. website provider).

   
   

4. Backups are not the only solution

   The potential impacts to your business from a cyber security perspective are much wider than purely an availability issue that can be addressed by backup media. Don’t get me wrong a correctly designed back-up approach can save your business a great deal; however, when an invoice is authorised and paid to a criminal’s bank account the backup tape won’t be much use. Consider recovery and resilience solutions for the different aspects of your business. For large financial transactions always reconfirm payment instructions out-of-band from the original communication mechanism (i.e. if instructions were provided over email pick-up the phone and call them)

   
   

5. If it sounds too good to be true, it probably is

   We all need to establish safer clicking and browsing habits. If you are not expecting an email from someone or the attachments and links appear untrustworthy your gut instinct is normally on the money. Keep your system’s security patches, antivirus up to date and consider using a virtual private network (VPN) when browsing. Trusted client and partner email accounts can be compromised which may lead you into a false sense of security when an email appears from their account. Rely on your business awareness and understanding of the relationship to determine the veracity of the request, when in doubt it never hurts to pick up the phone.

Final words, if all of this seems too complex and difficult to understand and detracts from your core business, identify a trusted advisor who is experienced and seasoned in cyber security matters. Be careful of technology providers masquerading as cyber security professionals, there are different skill sets required and conflicting priorities to consider to ensure your business continues to succeed. 

If you would like to get in touch with Michael or the Tannhauser team, you can either check out the website or connect via LinkedIn.