Cyber security advice for Australian startups and small businesses that are using remote working

Some, if not all, of your business and its operations involve digital and/or internet connected tools and processes. Having the means to manage cyber risks in your organisation, and ensure your suppliers and partners are not exposing you to unnecessary cyber risk, is always important.

Finding the time and resource to do it can be challenging, but even more so during a crisis.  When you have staff working remotely, it’s critical that you protect your organisation and people from cyber attack.

This is because it reduces cost and manages risk to reputation if you are compromised. In a crisis, it also ensures that as your organisation recovers, you’re ready to grow in ways that are more trusted and assured.

Here’s advice on how to go about securing your remote working from AustCyber – the Australian Cyber Security Growth Network.

Securing your digital footprint

There are a range of cyber security and IT related things your business should be working to have in place, regardless of operating circumstances. These become more important if you have a distributed workforce, including team members working from home.

  • Have business continuity plans and incident response procedures written down and know who you’ll switch to if your internet and/or cloud service provider experiences outages.
  • Turn on automatic updates for your operating system (e.g. Microsoft Windows) to ensure as much malicious software is blocked.
  • Ensure our business and all staff have updated the apps used by your business to the latest versions (should be done regularly).
  • Ensure you have a procedure in place for regular backups of data and systems.
  • Implement Multi Factor Authentication (MFA) as mandatory practice including, where possible, replacing the use of platforms/software that do not have an option for MFA.

It can be challenging for small businesses that don’t have technical support or the expertise within the team to get these things done and done well. Australia has great cyber security companies who specialise in this area – known as Managed Security Services Providers or MSSPs.

Which Australian cyber security providers can you work with?

A selection of companies who already have SME customers are listed below, but you can also search for MSSPs through your favourite browser.

  • CyberCX – a group of 13 MSSPs that span Australia and New Zealand.
  • KineticIT – is an MSSP with offices nationally and in New Zealand.
  • ParaFlare – provide real-time managed detection of cyber attacks and incident response.
  • Red Piranha – a national MSSP providing services from Australia into Asia.
  • Triskele Labs – provide a security team as a service, as well as other key services to ensure you have holistic management of cyber risks.

A great way to check if your MSSP is ensuring they’ve configured the security of your software and IT infrastructure appropriately, is to ask them if they are using Detexian – an Australian cyber security company that has developed a tool to monitor unauthorised changes in software configurations and systems access.

More broadly, it is important to have a good understanding of your digital assets and how well protected they are from malicious interference, including access management and protecting your website. You can speak to your MSSP about this – and there are Australian companies who specialise in these areas, including for small business needs:

  • Assetnote – provide a software solution that automatically maps your external assets and monitors them for changes and security issues to help prevent serious breaches.
  • Cogito Group – provide a range of solutions and services including security assessments, identity management and authentication.
  • Ionize – provide a range of services including accredited security assessments and guided implementation of actions to improve your organisation’s cyber security.
  • Kasada – provide a software solution that prevents malicious automated attacks on your website and other digital infrastructure.
  • Hactive.io – provide accredited security assessments. In addition to a wide range of other services, they also offer a software solution that continuously tests your digital infrastructure for vulnerability to attack.
  • RightCrowd – provide advanced physical access management which also integrates tracking of your digital assets to know whether they are on or offsite.
  • If you’re a company involved in sending and receiving volumes of information/data like a medical centre, accountancy or legal firm, consider putting in place practices that clearly communicate between staff and clients/customers the level of sensitivity around information.
  • JanusNET is an Australian company that provides an online tool that marks your documents and emails with the right classification, like ‘commercial in confidence’ and helps to prevent data loss.

Enabling your team to support the security of your organisation’s digital footprint

Ensure staff understand how to connect remotely to company infrastructure securely. Use a reputable VPN. Require staff to be using it whenever possible and keep it updated. It should be used at home and in all public places.

Help staff to ensure they have changed the default password on their home router. Use a reputable password manager. If possible, have a company-wide licence so you can monitor usage and require staff to use it at all times.

If you can, take the opportunity to go password free and up your ante on MFA at the same time. A highly innovative Australian company providing technology to support this is Forticode.

If in doubt, don’t click! Ensure your business has a basic understanding of the what and how of cyber security, including being alert to scams and malicious links in emails (phishing).

Stay aware of the latest COVID-19 scams. Report it if you’ve received an SMS or email you think is a scam to Scamwatch to verify what you’re seeing is real or malicious.

Use Australian company Mailguard to stop malicious emails reaching your team in the first place through their software that integrates with your email software.