Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?
Estimated reading time is 3 minutes.
Estimated reading time is 3 minutes.
There are many accounts you rely on as a part of everyday business. Protecting them from being compromised by a cyber-criminal must be a business priority.
Accounts such as email and social media may contain critical business information that is very attractive to cyber-criminals. This includes:
If a cyber-criminal gains access to your accounts, they could:
Unauthorised access to your business information via a compromised email account or cloud storage could constitute a data breach. If your business experiences a data breach, you may have to report it to the Office of Australian Information Commissioner (OAIC) under the Notifiable Data Breach Scheme, and inform all your customers whose information might have been affected.
An incident like this can damage a business’ reputation and customer trust.
A simple solution to protect your email and cloud storage accounts from being compromised is by using multi- factor authentication (MFA).
MFA is an added layer of security designed to confirm your identity when logging into an online service. You will only be able to access an account after providing two or more pieces of evidence proving your identity.
Using MFA makes your accounts much harder to break into than if you were only using a password. Even if a criminal does obtain your password, they will still have to get past at least one other barrier to access your account.
MFA is also referred to as ‘two factor authentication’ or ‘2FA’. These terms are interchangeable.
This refers to something that only you know, like your password or PIN. Systems that use 1 factor authentication only require a username (such as an email address) and a password in order to access them.
This refers to something you know (password), plus something you have.
Systems that use 2 factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) in order to access them.
This is something you know, plus something you have, plus something you are (unique biometric input, such as a fingerprint scan to unlock your smart phone).
Systems that use 3 factor authentication require a username and a password, a one-time password or code, and a fingerprint/some other unique biometric that identifies you.
There’s many different ways to set up MFA on your accounts. Here’s some common ones:
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats.
ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying and address illegal online content.
The Attorney-General’s Department website provides helpful information and resources about your rights and protections regarding identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.
IDCare is Australia and New Zealand’s not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes. It is a free service for all Australians.
Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?
Empower your employees to help manage your online security risks
Protecting valuable business data from cyber crime is everyone’s business.
Learn how to protect your website against online attacks.
You’ll now be redirected from NAB to an external site.
NAB doesn’t accept responsibility for the operation of the website you’re being redirected to.