Protecting your business against cybercrime

In a previous blog post, we wrote about the new Notifiable Data Breaches scheme applying to businesses with a turnover of more than $3M from February 2018. The scheme requires affected businesses to notify clients and the Australian Information Commissioner of all data breaches likely to cause harm to an individual, for example, unauthorised access to personal or financial information of a client of the business.

In this post we want to provide some guidance on how to protect your business against potential data breaches in the first place.

We have all seen reports in the media about how ‘cybercrime’ has become a popular activity of organised crime gangs, including the use of ‘ransomware’ and ‘malware’, operating to either hold a computer’s content to ransom or steal passwords without trace.

All it can take is one click of the wrong email link, or the opening of an infected email attachment, and your IT security can be breached.

The Australian Criminal Intelligence Commission provide the following tips to avoid being a victim of cybercrime:

  • Be on the lookout for email scams (e.g. avoid opening suspicious or unsolicited messages with attachments and links to other websites)
  • Secure your computer and mobile (e.g. use a firewall to block unauthorised access, use up-to-date anti-virus and anti-spyware software, use strong passwords, and do not use the same password on different sites)
  • Stay safe on social media (e.g. think carefully about how much information you share on social media sites, and who is able to see it; review your privacy settings on each different social media platform you use)
  • Exercise caution when shopping online (e.g. always use a secure payment method and never send bank or credit card details in an email)
  • Keep your personal information protected (e.g. be cautious about requests for your personal information over the internet, phone and in person, be alert for any unusual bank transactions or missing mail)

Further details can be found here: https://www.acorn.gov.au/protect-and-prevent

Cyber Insurance

In addition to these measures, businesses should consider taking out cyber insurance to cover against the costs of dealing with a data breach, business losses as a result of the breach, and notifications to affected parties. There are now many insurance providers offering cyber insurance in the Australian market.

Staff Training

All businesses should educate their staff on cybercrime and, in particular, how to identify and avoid interacting with malicious emails. In conjunction with our IT providers Strategic Group, Allworths uses a provider called ‘KnowBe4’ to provide cybersecurity awareness training to our staff.

In addition, KnowBe4 also sends periodic test emails to our team in the same format as typical malicious emails. If a team member clicks on the links or opens the attachments in the fake emails, the results are reported to us so that the person in question can be provided with further training on how to avoid exposing the firm to a potential data breach.

With around one third of the data breaches notified to the Office of the Information Commission for the June quarter being a result of employees clicking on ‘dodgy’ emails, if you are in business, it is vital to train staff on how to avoid falling victim to cyber criminals.

Further information on KnowBe4 can be found here: https://www.knowbe4.com/

Further Reading from Allworths

The Notifiable Data Breach Scheme and the Importance of Keeping Personal Info Private

Allworths
Allworths

Related posts

September 29, 2022

120% deduction for skills training and technology costs

Read more
September 29, 2022

Acquiring collectibles in your SMSF

Read more
September 29, 2022

How to sell your business

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *