Last year's report by the Australian Cyber Security Centre (ACSC) revealed that they received 59,806 cybercrime reports in the year ending 30th June 2020, and responded to 2,266 security incidents. And these are only the reported attacks. In 2019 alone, Australian businesses lost over AU$634 million in reported cybercrime scams. Some estimates suggest that the overall annual cost to industry could be as much as AU$29 billion.
Furthermore, a 2020 annual report released by IBM showed that data breaches are costing businesses an average of AU$3.35 million per breach. This includes not only direct financial losses, but a significant amount of time taken to rectify the problem and a loss of company reputation when you become a cybercrime victim.
In other blogs, we've looked at the most common types of cybercrime, primarily phishing and ransomware. We've emphasised the necessity of cybersecurity training and awareness, deploying technological tools to improve your security and the need to maintain a constant backup of your data. These are basic precautions that every business should adopt as a general rule for preventing cybercrime.
With the massive increase in cyber attacks and the ever-evolving cunning of hackers, it also makes good business sense to set up a more detailed and comprehensive plan for disaster preparedness. We sometimes call this Triple P, or PPP, and it stands for Policy, Protocol and Procedure. These three Ps determine what you'll do if you suffer a data breach and, more importantly, what you should do to prevent this from happening. Everything in your PPP should be as detailed and accurate as possible, so that there's no room for doubt.
Your Policy should be a detailed instruction manual, issued to every member of your staff. It should lay out required employee behaviours for achieving the best possible cybersecurity in your company, such as multi-factor authentication and password managers. It should also set out how you want your business to combat any kind of cyber attack, and how to minimise its impact.
You might ask all your employees to sign the policy, to show that they've read it and are fully committed to carrying it out. This avoids the possibility of anyone claiming not to have known about the policy if the worst happens and you get breached.
Your Protocol is a detailed written plan, which lays out the exact procedures that your employees (and yourself) must follow if you are targeted by a cyber attack.
As part of these Procedures, you should include:
Who to tell if anyone suspects a data breach or cyber attack
What that person should do, step by step, to try and block an attack
What everyone else should do if an attack is suspected
What to do about lost or stolen devices, and how to wipe them remotely
This might sound complex, and it may be completely new to you. If you’re not too tech-savvy you might feel overwhelmed, not only by the threat of cybercrime but about getting the PPP right – and relying on your staff to follow it.
However, it is critical for the proper protection of your business, and at One Technology we're always happy to help you. Give us a call today to find out more.