Losing data to online hackers can cost your business dearly. Big or small, Australian businesses need to take preventative measures to protect themselves and their customers from cyber threats.

While there are personal measures we can all take, such as managing passwords and avoiding public Wi-Fi use, companies need to take a bigger-picture approach to cyber security.

1. Your staff are your greatest risk

You may be surprised to learn that the biggest threats to your business comes from the inside. We’re not just talking about the Edward Snowdons of the world, purposely stealing information from you. Most incidents are accidental and can be avoided through user education and awareness training. Make sure your staff are aware of cyber security risks and be clear about what is – and isn’t – acceptable behaviour within your company’s systems.

2. Mobile work is a reality

If you don’t have a mobile working policy, you should. Conduct a device audit and compile an inventory list. Agree on baseline security requirements for all devices, including mobiles and tablets. Don’t forget to train your staff on your new policies!

3. Manage user privileges

Limit the number of people who have wholescale access to your accounts by restricting user privileges according to their work requirements. You can also monitor user activity—don’t forget to control who has access to the user activity logs, too.

4. Prepare to respond and recover

Being ready to manage risks when they occur is a sure sign your business can bounce back from the brink of disaster. The worst scenarios can and do happen to good businesses. Have a technology risk management and disaster recovery plan in place. Have a secure back-up system.

5. Knowledge is power

Your systems and networks need to be continuously monitored for anomalies. Unusual activity can indicate an attack. Monitoring your systems carefully and continually will help you identify a risk before more damage is done.

6. Patch early, patch often

New threats are emerging all the time. Apply up-to-date security patches as they become available.

7. Secure your network from intruders

Protect your network from internal and external intruders by securing your network perimeter, filtering out unauthorised access, and monitoring and testing security controls.

8. Detect and defend yourself from malware

Use anti-malware defences wherever you can. Search for malware incidents across your whole organisation and take action when you detect them. Remember your staff are your biggest risk and ensure everyone treats suspicious attachments and hyperlinks with the caution they deserve.

9. Ask for help

If this all sounds too hard and too complex, you can ask an expert to conduct an IT security audit on your business. A good techie can identify any gaps in your security, guide you through the steps you need to take, and answer any questions you have. Of course, you can always outsource technology risk management altogether so you can get on with your day-to-day business. After all, it’s what we do.