You Can’t Afford To Be Complacent About Cyber Security
You Can’t Afford To Be Complacent About Cyber Security
Back in 1999 I worked with a number of companies performing Y2K Audits for SME businesses and now I find that we are facing an even bigger threat. According
to Damian Seaton of Cyber Audit Team who was
speaking to us at our Chamber of Commerce, breakfast last week discussing the very real threat we ALL face in business through Cyber Security. Damian
comes with credentials that are most impressive with 15 years in Law Enforcement as a Senior Detective in London’s Metropolitan Police specialist crime
units, where he was responsible for investigating some of the UK’s most complex and serious crimes as we as a wealth of knowledge and experience during
the past 25 years. He has been involved in areas such as ICT (Information Communication Technology), Cybersecurity, Computer Forensics, Big Data Analytics,
GRC (Governance, Risk & Compliance), Legislative Compliance, Stakeholder Engagement, Organisational Enhancement and BPM (Business Process Management).
To give some perspective, the value of Global Drug Trade in 2017 is estimated at US$500 Billion but Cyber Crime has been estimated at US$3 Trillion. In
Australia alone it is estimated that in 2017 it was worth AU$17 Billion or 1% of our national GDP. These are staggering figures and as opposed to this
merely sensationalising a trivial matter, we should all be very aware of just how vulnerable we are.
The Australian Cyber Security Centre is quoted as saying that “90% of businesses faced some form of breach in 2017, over 58% were alerted by external parties
(and angry customers) before detecting the breach themselves”. The average cost of Cyber attack to Australia is $1.9M according to the Webroot Report
Cyber Security has now been listed as the number one threat to Global Business and the Global Economy, ahead of Global warming and terrorism. Just think
about that for a moment…
So how easy is it to breach your data systems? This video launched by Cifas, the UK’s leading fraud prevention service, which has also released new figures
showing a 52% rise in young identity fraud victims in the UK.
So why should you be concerned?
Well apart from the obvious cost to your business there now exists in Australia legislation under amendments to the Privacy Act known as the Notifiable
Data Breach Scheme that became effective as of 22nd February this year requiring the reporting of any data breach within 30 days of detection.
Penalties of up to $420K for each Director of the company and $2.1M for the business can apply. Similar legislation will become law in the EU as of
the 25th May 2018 with even much heavier fines and more strict reporting requirements. The EU legislation can apply to some Australian based
businesses. All company Directors and CEO’s must make themselves aware of their responsibilities.
A Cyber Breach is not about being hacked but also covers things such as destruction of data, unauthorised access to client and financial data including
the copying of such data, loss of mobile devices containing personal data files, to name just a few.
You Aren’t Immune Because Your Small Business
The greatest misbelief and reason for complacency within small business particularly is because of the view that “I’m too small to worry about and no one
would want my data”. These automated robots don’t care who or what you are. They simply look for system weaknesses and install viruses, malware, ransomware,
botnets etc. and it is these pieces of code that generate all the problems for not just you but also most likely, your client list.
As company CEO’s, Directors or business owners you have a fiducial responsibility to ensure you protect the data your business holds and if you don’t the
relevant agencies will tell you to do so under their terms and you won’t want that to happen.
So what should You Do About Cyber Security in Your Business?
Firstly, understand your responsibilities and then your level of expose. You must then take the appropriate steps to ensure your systems and data are protected
and have systems in place to detect any attempts to penetrate your systems.
If a data breach does occur you need to respond immediately to the relevant authorities and take whatever measures you need to rectify the problem and
inform those effected.
Unfortunately, Australian businesses and the public are far too relaxed about it all. Whether it the fault of poor understanding, sensationalisation in
the press leading to disbelief or just plain laziness, we all need to be more mindful of how we ensure not just our personal information but also how
we ensure the protection of the information of others who have trusted us in business to hold their confidential details.
If you would like to know more about Damian Seaton visit his website at www.cyberauditteam.com . You may also download their brochure “Cybersecurity –
Is Your Business Adequately Protected and Prepared for a Cyber Attack?”
Please also find below links to the relevant legislation for your reference:
Mandatory Notifiable Data Breach (NDB) legislation, effective from 22 February 2018- https://www.oaic.gov.au/engage-with-us/consultations/notifiable-data-breaches/
The information contained in this article are only ‘extracts’ of more in-depth information. On their own, and without accompanying commentary, they are incomplete and should not be wholly relied upon in their current format. In relation to the legislation, I would encourage you to visit the relevant government websites sites for more detailed information.
Written by: Greg Tomkins