At Mangano IT, Secure by Design is our philosophy, however as technology integrates into more of our life at work and home, the cyber-attack surface area becomes greater.
People remain the biggest risk to cyber security, cyber criminals use social engineering to gain unauthorised access to systems or data by manipulating a person by creating a sense of urgency or desire to help. They may impersonate a trusted source to trick you into clicking links or revealing information over email, the phone, or even in person.
Small to medium business owners and managers experience high rates of all types of cybercrime. You can learn more about the different crimes, victim types and risks from the Australian Institute of Criminology’s Cybercrime in Australia 2023 report.
In financial year 2022-2023, over 90 per cent of the incidents that the Australian Signals Directorate responded to involved ransomware or other forms of extortion or restriction to systems, files, or accounts. 30% of Australia’s cybercrime reports are from Queensland and the average cost for a medium sized business for a cyber security event was $97,203. You can read more about cybercrime statistics in the 2022-2023 ASD Cyber Threat report.
How can you protect your business from cyber threats?
- While no single strategy is guaranteed to protect against all cybercrime or threats, the Australian Signals Directorate recommends implementing a baseline mitigation, known as the Essential Eight. Having the Essential Eight in place makes it much harder for cyber criminals or bad actors to compromise your business systems. You can learn more about this from the Australian Signals Directorate Essential Eight website.
- Raise awareness of cyber security with your business and what to look out for or what to do in case of a cyber security event. Regularly discussing and raising awareness with your team about cyber security can improve your business’ security posture.
- Develop an Incident Response Plan (IRP) for your business, an IRP outlines the business steps and processes to be followed in the event of a cyber incident to minimise damage, recover quickly, and maintain business continuity. If you have an IRP already, please share this with Mangano IT so we can follow this in case of an incident. If you don’t have an IRP and would like to develop one, you can reach out to our Sales Team and we can work with you to create the right-fit IRP.
- Consider investing in Cyber Insurance. Just like car insurance, cyber insurance can provide assurance and security of the right business support during, and after a cyber security incident. Mangano IT has cyber insurance, but it is worth noting that our insurance doesn’t cover our customers. You can view the cyber insurance checklist from our provider, this may help you understand your security posture and if you need insurance.
- Understand your security posture. Mangano IT can perform security assessments, gap analysis, and implement any technical remediation required, including enforcing phishing resistant Multi-Factor Authentication (MFA) and making your technology Essential Eight compliant. We can also provide phishing simulation and training with reporting, giving you additional visibility of risks in your business.
- Consider having a dedicated Security Operations Centre (SOC) providing Security Information and Event Management (SIEM) services. At Mangano IT, we believe these niche services should be handled with the expertise of a dedicated team, and we work with a dedicated partner to deliver a SOC that provides real-time monitoring, analysis and response to cyber security events.
Cybercrimes to look out for
As a trusted ICT partner, Mangano IT holds many keys; and cyber criminals may impersonate us to get to your customers’ data. Below are a couple of activities we do to ensure our customers’ cyber safety:
- We will never contact individuals asking for password credentials. We also take measures to ensure sharing of credentials is made through disparate methods to provide additional security.
- We will never request a change in bank/payment details via email alone. Should you ever receive an email from your suppliers or customers requesting a change of bank details, we recommend treating this with caution and make contact through a different channel to check the validity of the request.
Your business and the people within it are also at risk of impersonation, we encourage you to also reach out to your customers and suppliers to let them know what to expect when working with you.
Here’s to a cyber safe and prosperous 2024!