Is your data really protected?

Data protection, a term that as a business owner you may find yourself hearing often. You may also find yourself asking what does it really mean and will it actually affect me?

At a recent business breakfast, CT’s Managing Director, Adam Centorrino spoke to a number of small to medium-sized business owners about the importance of safeguarding their business against potential data threats. With 242 data breaches recorded in the first quarter of 2018 by Australian organisations, plus a number of businesses potentially unaware they have been attacked, it leaves a sizeable need for cyber safety measures to improve.

While small to medium-sized businesses may consider themselves to be least at risk, the reality is they are heavily targeted.

Larger sized organisations are more likely to invest in cybersecurity measures, ensuring they are better prepared in the event of a cyberattack. A large number of small to medium-sized businesses don’t see its importance and this often leads them to be the most at risk.

In 2018, data breach laws changed to ensure any business that has been hacked must alert the Office of the Australian Information Commissioner (OAIC) and, any clients who may have been affected. While many organisations may not realise it, any data leaked could prove catastrophic to their business.

Facebook announced a data breach affecting 29 million users in late 2018, where cyber attackers stole data from 29 million Facebook accounts that included profile personal details such as contact details, birth dates, employer and education history.

Leaving many users feeling vulnerable and unable to trust the social media platform, Facebook has had to step back and reassess their cybersecurity levels.

Many business owners may ask how data breaches occur. While there are a number of methods, it may come as a surprise that human error accounts for the largest percentage of attacks.

Examples of human error include using dictionary passwords, opening uncensored emails or using your laptop on an unsafe network. Other data hacking techniques include phishing attacks, brute force attacks and internal organisation threats.

When an attacker successfully acquires your data, there are a number of ways they may utilise the data they access. This includes Cryptolocker, where attackers will “lock” your data away and require you to pay a certain amount to recover your data.

Other attackers may hack your data and utilise your resources for their own benefit. For example, you may not be aware you’ve been targeted, but attackers are working on your network.

Your server may be running 24/7 and leaves you with no need to consider anything is wrong. The reality is a server remains to run at 80%-90%, while an attacker uses some of the capacity to their own advantage.

For example, there have been cases of cyber attackers using a network to mine bitcoins. The good news is, you can protect yourself!

There are a number of procedures that can be put in place to ensure your organisation is ready if targeted by an attacker. Two-factor authentication is a widely used way to add a second level of security to your online data. This requires a user to successfully access two or more pieces of evidence before entering into any personal accounts or online platforms.

A degree of human intelligence is also necessary when navigating online. This identifies the need for any user to be aware of online behaviour that may be a potential risk. For example, exerting a high degree of caution when opening any unusual emails and/or being sure to make secure payments online.

To finish, the final question on many customer’s lips is if they get hit by ransom, should they pay?