Businesses and consumers must learn to fight back against cybercriminals that remain as eager to steal their identities as ever, the Australian Cyber Security Centre (ACSC) warned in kicking off the latest annual Stay Smart Online week.
Identity security can be dramatically improved, the organisation advised in promoting its theme of ‘Reverse the Threat’, through simple steps such as learning how to pick and ignore scam messages; setting social-media accounts to private so as to restrict the availability of personal information; and creating better passwords, which can be smoothly managed using any of a range of password managers.
Better consumers habits would provide follow-on benefits for the businesses where they work – which, recent figures confirm, are still struggling to normalise good security practices.
The average Australian employee is managing 66 different passwords, LogMeIn noted in its latest Global Password Security Report – which also noted that larger companies have an average of 25 passwords.
Businesses have been embracing multi factor authentication, the survey found, with Australian use of the technology increasing from 6 percent to 29 percent of businesses over the last months – a better figure that LastPass partly attributes to Australia’s notifiable data breaches (NDB) scheme, but still well behind the 57 percent figure globally.
“Australian businesses are starting to take greater control of their password security – a likely result of regulatory changes across the industry,” said LogMeIn’s APAC vice president Lindsay Brown.
“Unfortunately, MFA use alone cannot protect an organisation and overall security hygiene must be elevated if we’re to see better results in the next NDB report.”
Yet even increasingly worrying NDB statistics likely don’t reflect the full situation – with new figures from Chubb finding that 47 percent of Australian small and medium businesses (SMBs) aren’t even aware of their NDB reporting obligations.
Fully 49 percent of small businesses don’t have a formal data breach response plan – yet 79 percent believe they can overcome a breach by sophisticated hackers within 24 hours.
That’s a wide gulf between perception and reality – which is why cybersecurity consulting firm CQR Consulting offered a seven-point action plan to help businesses work with their employees to improve overall security practices.
Key steps include involving more than the IT department in establishing an incident management team; developing a comprehensive incident response plan that maps out specific steps to be followed and spans both IT and non-IT functions; ensuring the plan covers the entire supply chain; making use of third-party resources; undertaking staff education sessions; ongoing maintenance and training; and having a ‘plan B’ with steps to undertake if the initial incident response is not effective.
Being proactive about security was critical in “a world of technical abundance,” CQR Consulting CEO and co-founder Phil Kernick said. “We have more security products deployed on our devices, networks, servers and cloud platforms than at any point in human history.”
“Yet we haven’t solved the problem of cyber security – and in fact, it doesn’t look like we’ve even put a dent in it. Every day there is a new data breach, seemingly larger than the last. Every day organisations are compromised – so investing the time and resources to complete the job now will result in far less disruption and loss in the future.”