SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Four steps organisations can take to improve cybersecurity awareness
Thu, 19th Oct 2023

October is Cybersecurity Awareness Month, and there’s no better time for businesses to review and strengthen their online defences.

The message is clear: companies must adapt, empower, and educate. As the cyber landscape evolves, so must an organisation’s defences. Modern cyber threats have expanded beyond technical and system vulnerabilities. Today’s cyberattackers capitalise on human mistakes as their primary breach points, which means businesses should focus on building a resilient cybersecurity ecosystem through continuous staff awareness.

This Cybersecurity Awareness Month, companies should consider taking four steps to protect their digital assets:

1. Use secure passwords

While it might seem basic, the use of strong, complex passwords remains a foundational principle of cybersecurity. The days of using “password” and “12345” as sufficient passwords are gone. Relying on simple passwords in 2023 is like using a twig as a barricade. An approach like this only benefits cybercriminals. To enhance security, organisations should remind their employees to avoid using readily available information, such as birthdays or pet names, when creating passwords. Additionally, they should not use the same password for multiple accounts; if one is compromised, all could be at risk.

2. Embrace multi-factor authentication (MFA)

Given the increasing number of stolen passwords on the dark web, it’s clear that a strong password alone isn’t always foolproof. MFA offers an additional security layer, asking users to provide two or more verification methods. This could be a code from a mobile or email, a physical hardware key, or even biometric data like fingerprints. With MFA, even if a password falls into the wrong hands, cybercriminals still face significant hurdles before accessing that information.

3. Stay alert to phishing attacks

Cybercriminals are continually refining their phishing strategies, targeting the most vulnerable point in any company: its people. Spear phishing, particularly, has seen a rise, where tailored emails deceive users into thinking they’re genuine. The best defence against phishing is awareness. Organisations should equip their employees with the knowledge to spot these fraudulent attempts, be it a slight change in a sender’s address, misplaced logos, or unusual requests. It’s also important for business leaders to instruct their employees that if they ever receive an email that claims to be from an institution they trust, always verify its authenticity by contacting the institution directly through trusted communication channels. Never impulsively click on links or download attachments.

4. Regularly update software

An often overlooked but crucial step is consistently updating software. Contrary to popular belief, software updates don’t just introduce new, exciting features; they also strengthen an organisation’s digital defences. Vulnerabilities are regularly discovered, and updates serve as patches to mend these weak points. From smartphones to desktop applications, fostering a culture of regular updates shields companies from potential cyber threats that exploit known software vulnerabilities.

Cybercrime is on the rise, impacting large and small businesses alike. The technology used daily keeps changing, and so do the threats. With cyber attackers getting smarter and using more advanced tools, it’s up to everyone in an organisation, no matter their role, to stay informed and act safely online. This month reminds all employees about the importance of staying on their toes, learning about online dangers, and doing their part to keep their company safe.