Following on from our recent article around data security and how safe is your business, we’ve collected some facts from the experts at a recent Toowoomba Chamber of Commerce event on cyber security where expert special guests working in the cyber risk and security area imparted their wisdom.
Let's start with the cold, hard facts:
- In FY21-22 the Australian Cyber Security Centre (ASCS) received over 76,0000 reports, a 13 percent increase on the year before.
- Payment redirection through business email compromise is the cyber risk associate with the greatest loss. The median loss per incident for small business was $39,000, medium business $88,000 and for large businesses $62,000.
- Ransomware attacks occur every 11 seconds and in 2022 the “market” was $20billion.
Source: Scam Watch (wwww.scamwatch.com.au) and the Australian Cyber Security Centre (cyber.gov.au).
As highlighted in our recent article, the greatest risk areas are:
- Business email compromise
- Phishing
- False billing
- Malware and ransomware attacks
How to prepare yourself in the cyber risk arena:
- Put a value on your information, what is it worth to your business? Also, what is the cost of a breach to your business from a recovery, and PR/client trust perspective?
- Identify possible controls and put them in place, making sure you understand what each control does. For example:
- An in-depth training program around cyber risk for your team, people are your biggest risk to cyber security simply by not understanding.
- Requiring your Accounts Team to phone all new suppliers, and suppliers who have changed bank details, to confirm the account information verbally on a phone number listed outside of email or an invoice.
- Get a cyber insurance policy in place.
- Prepare a manual response plan that is readily available in hard copy if your system is compromised. Include things like client contact details so you can advise anyone that may have been affected as part of your cyber incident.
Where to start?
- Use the Australian Government Cyber Security Assessment Tool which will take approximately 20 minutes to complete.
- Take a look at the Australian Cyber Security Centre’s resources for small and medium businesses including step-by-step guides on all key areas of cyber security in common language, as well as their Quick Wins guides.
- Sign-up to the ACSC Alerts and Scam Watch Alerts to be informed about the latest in cyber security alerts and advice.
- Educate your people around cyber risks to protect both your business and them personally. The ASCS has some great free tools to get you started including a 5-minute “Think you can spot a scam” quiz.
What to do if you have been a victim of cyber crime
If you find yourself at ransom for your data, it is essential that you seek quality legal advice in the first instance to ensure you are compliant with the Anti Money Laundering and Counter-Terrorism Financing Act 2006.
You can also seek support from agencies in this area, including iDcare. It is a not-for-profit providing national identity and cyber security support in Australia and New Zealand assisting individuals and businesses that have been a victim of cyber crime, as well as providing preventive tools via their website.
It’s important to understand the risks associated with cyber crime and take steps to protect yourself and your business, enlisting the assistance of professionals where needed. Equally important is to not allow the fear of cyber crime to leave a dark cloud over the possibilities that technology presents us, and future generations, with and to remain in awe of what it can enable for our society to thrive.
If you have any concerns about your cyber security and risk, contact your Business Advisor today and together we can take steps to prepare you and your business.