Cyber incidents are on the rise, and are becoming more difficult and expensive to defend. Cyber attacks are no longer just the concern of large multinationals or government organisations – the impact on small- to medium-sized businesses can be significant.
There are some sobering statistics around just how many businesses are affected:
In an 18-month period (January 2015-June 2016), there were 1,095 cyber attacks on Australian government organisations that required an operational response from the Australian Cyber Security Centre. In the same timeframe, 14,804 reported incidents affected Australian businesses. To give further weight to this number, it is widely acknowledged that cyber security incidents across Australia’s private sector are undetected or unreported.
In fact, last year’s BDO Cyber Security Survey found that 47 per cent of small- to medium-sized businesses experienced a cyber incident in 2016.
Cyber crime can disable business systems by holding data to ransom, exposing financial details and enabling identity theft by accessing personal information. The impacts on business range from financial loss through fraud or paying ransoms, to lost business, damaged reputation, and even litigation.
Cyber security is the latest component of risk management that businesses cannot afford to ignore.
BDO is mindful that business owners want to feel empowered rather than overwhelmed at this information, so we have developed three basic steps to becoming cyber-secure, which we will address across three articles, in three weeks.
The first step we discuss this week, is to be prepared. Assume your business will be subjected to a cyber incident – how prepared are you for this?
Understand what is at stake.
- What kinds of cyber incidents have happened to other businesses in your industry?
- What are the digital assets in your business that you cannot operate without?
- What third-party service providers does your business rely upon, and how big is their risk exposure?
- Risk advisers can assist with investigating the answers to these questions.
Look at your technology.
- Do you have email and web filtering and scanning software?
- Do you use firewalls and encryption of your data?
- Do you have secure back-ups of your data?
There is a wide range of technology tools and services available.
Train your staff.
- Are your staff trained in recognising phishing emails and phone scams?
- Do they know how to identify if a breach has occurred?
- Do they know what to do if a breach has occurred?
Cyber awareness training can address cyber criminals’ tactics, and help plan your cyber response.
Did you know you can insure against cyber incidents? 18 per cent of respondents in the 2016 BDO Cyber Security Survey did not know cyber insurance was available.
BDO is working with Cyber Plus to deliver a suite of cyber security insurance services to help businesses mitigate their cyber security risks.
Next week we address ‘Step 2: Financial protection against cyber incidents with cyber insurance’.
Until next week’s instalment, you can find out more about our cyber security insurance services for business, or contact me.