The news has been full of one successful and high impact cyber-attack after another in large companies and organisations.
Small businesses though have not escaped. They’ve become a common target and having anti-virus software is insufficient. Criminals no longer need to have hacker level skills to commit cybercrimes.
Types of cyber security attacks
Be alert to who uses your devices as physical cyber-attacks can still use hardware, external storage devices, and other devices to infect, damage or otherwise compromise digital systems.
Online and digital cyber security attacks can also include ransomware attacks, BOTS, malware threats, compromised email and identify theft, as well as phishing and fake website scams.
The most common data breaches start with a phishing attack and an estimated 40% of ransomware attacks start through user interaction with unsolicited email.
These types of social engineering attacks are often used to steal user data, including login credentials and credit card numbers. It occurs when a cyber-criminal tricks a victim into opening an email, instant message or text message.
Once users click on a link or open an attachment their device can easily be infected.
What can general practices do to improve your cyber security?
Cyber security is everyone’s responsibility and all practice staff should be on the lookout for cyber-attacks. Here are some steps you can take to protect your practice and patients’ data:
- Secure your networks with strong authentication methods. Using aging security authentication options is a key vulnerability for cyber criminals to access online devices.
- Ensure anti-virus software is installed on all online devices and updated automatically with the latest virus protection definitions.
- Wherever possible, implement multi-factor authentication on your online accounts. Get added verification with codes sent to your phone by SMS or from an authenticator app preventing unauthorised access.
- Keep software and operating systems updated with the latest versions and set software to run regular checks for security patches.
- Train your staff on cyber security awareness. Technology is only a small part of cyber security and the best defence is having staff who are cyber security aware.
- Never leave devices unattended without first locking the screen with password protection.
- Regularly review the quality of access codes and wherever possible use a passphrase instead of a password. Use a random mix of unrelated words to create unpredictable and stronger passphrases.
- Secure and limit the availability of administrative accounts that have full access to systems and services. Those with administrator access need to take additional precautionary security measures including compulsory multi-factor authentication.
- Never respond to unexpected phone calls, emails or text messages. Scammers impersonate government and business to convince people to act. If you aren’t sure, do your own research and make contact using publicly listed contact details for the organisation.
- Protect your business with Cyber Insurance tailored to your needs and keep it active.
The Australian Cyber Security Centre contains useful resources including tools and quizzes for those looking to improve cyber security.