An Australian Financial Services company has been fined $750,000 for not having adequate cyber security systems in place to stop a major security breach.
If you are worried about the security in your business, then give Qbit a call and chat to one of our experts for a no obligation chat about cyber security in your business.
We will unpack what cyber defences they had missing and what they should have had in place.
1. Poor password practices including sharing of passwords between employees, use of default passwords, passwords and other security details being held in easily accessible places or being known by third parties.
- every user should have a unique password known only by them
- every user should have Multi-Factor Authentication enabled
- passwords need to be complex, 10 characters with numbers, letters and symbols
- companies should have passwords vault for all non windows passwords.
2. No backup system in place or backups not being performed
- Servers need to be backed up at least daily
- Microsoft 365 needs to be backed up
- Backups need to be secure so that cannot be altered
- Backups need to be off site.
- Need to understand how quickly you can recover from a disaster and if that suits your business in 2022
3. No filtering or quarantining of emails;
4. Computer systems which did not have up-to-date antivirus software installed and operating;
- Anti-Virus that is remotely monitored is a basic requirement and it is hard to believe any company did not have this
There are some other basics for workstations, Managing Windows Updates - Qbit Agent pushes updates to workstations daily to ensure they stay as up to date as possible.
The full judgement can be found here https://download.asic.gov.au/media/zhodijpp/22-104mr-2022-fca-496.pdf
Call Qbit today for a Cyber Security Audit