Large scale data breaches have had a significant presence in our newsfeeds recently with millions of Australians having their data stolen in the past year.
The Australian Federal Government has announced they are planning to overhaul the current national cyber security laws and establish new strategy and a dedicated office to manage government emergency responses to large scale cyber hacks such as those that occurred with Optus and Medibank in 2022.
Presently, the government is unable to step in and the police can only assist after a breach has already taken place. Ultimately, businesses are responsible for managing their own data and taking appropriate security measures to protect it.
Small businesses in Australia, with an annual turnover of $3 million or less per annum, could soon also be legally obligated to protect their customers personal information and comply with the Privacy Act if a proposed reform to the current legislation passes. This could mean that small businesses that store customer data on cloud platforms housed outside of Australia may have to make software and hardware changes to comply.
There are a number of basic ways businesses can protect their IT systems from unauthorised access, attack, or damage and secure their information against vulnerabilities to protect their own and customers confidentiality and integrity.
Use strong passwords
Strong passwords usually consist of the following features: long length, complexity (such as special characters, numbers, upper- and lower-case letters), uniqueness (not using the same password for more than one account), and regular updates. There are a number of tools, such as password managers, generators, and multi-factor authentication, that can assist with password security.
Sybiz introduced even more password capability in
Sybiz Vision 23, allowing System administrators to set warnings in Sybiz Vision to advise users that their chosen password is insecure, inappropriate for their requirements or has been breached in some format online. Passwords can also be constrained to use certain types of characters, and a minimum length enforced for more secure passwords company wide.
System administrators can also now request all users change their password on their next login. This is especially useful if there has been a security issue within the business, or if you are setting up password constraints for the first time.
Stay up to date with the latest software versions
Applying updates or fixes and patches to software and keeping up to date with operating systems not only gives your employees access to the latest features and technology, it also helps reduce the risk of security breaches to your business data.
Software companies often learn about or check for vulnerabilities in their software and provide their users with updates to remedy them very promptly. Having automated updates or being able to quickly apply these patches could keep your data secure for longer.
Utilise PoLP
The Principle of Least Privilege (PoLP) entails limiting access of individual users on your systems solely to what they require to fulfil their role. For example, in Sybiz Vision,
security rights can be customised to allow end users to perform only tasks that relate directly to their job function. Ensuring only certain people have access to certain accounts and systems, businesses can reduce their risk of accidental or intentional damage, access, and breach.
SSL and TLS
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are widely used protocols for encrypting data in transit (data moving from one location to another) over a network. SSL and TLS are commonly used for encrypting web traffic (HTTPS), email, and other types of internet communication.
Sybiz enforces the use of HTTPS encryption with our Web API in Sybiz Vision, and it is highly recommended for use with
Employee Self Service (ESS) in Sybiz Visipay. If you are unsure if you are using this protection for ESS, your Sybiz Business Partner can help with configuring this for you.
Make use of a cyber security consultant
If you do not employ an IT or Systems Administrator on staff with the right skills, having a cyber security consultant review your current systems and data security practices could be an important preventative measure to take. Staff can be educated about phishing emails and certain risks, but hacks can occur in a multitude of ways, some of which have nothing to do with user interaction or error.
Cyber security specialists can assist with a multitude of data encryption, network segmentation, firewalls, VPNs, anti-virus (anti-malware) software, and disaster recovery planning if a hack were to occur.