Technology is central to Australia’s economic growth.  While it brings significant opportunity for growth and efficiency, it also poses challenges for businesses to keep safe from cyber threats.

There is a widely held misconception that cybercrime only affects big business but in fact, cyber criminals are increasingly targeting smaller operations.  The following statistics are from the Australian Small Business and Family Enterprise Ombudsman (ASBFEO):

• Small business is the target of 43% of all cybercrimes.
• 22% of small businesses hit by cyber-attacks are so affected that they can’t continue operating.
• 33% of businesses with fewer than 100 employees don’t take proactive measures against cyber security breaches.
• Cybercrime costs the Australian economy more than $1 billion annually.

We are increasingly seeing instances of sophisticated cyber-attacks on our personal and business clients.  Consequently, ensuring our clients are aware of and prepared for such an event has become a priority for our advisors.

Cyber security starts at the top

Cyber security should not be thought of as simply an IT issue – it needs to be part of a business-wide strategy to be cyber safe.

The Australian Securities & Investments Commission (ASIC) considers that recognising and managing cyber risk is a crucial part of the role of an organisation’s directors and senior management.  To enable directors to do this, ASIC has published cyber security resources to help identify and manage risk.  We encourage all business owners to access this information to ensure they have appropriate safeguards in place.  You can access ASIC’s key questions for directors here.

Protecting yourself online

In February of 2017, the Australian Signals Directory revised their ‘Essential Eight’ list of technical strategies to mitigate cyber security incidents.  You can access the Essential Eight here.

In addition, the Australian Taxation Office (ATO) offers the following advice to individuals and businesses:

1. Ensure your passwords are strong, secure and changed often. A strong password contains a combination of upper case letters, lower case letters, numbers and characters.
2. Use multi-factor authentication where possible to put an additional layer of security on your accounts.
3. Promptly remove system access from people who no longer need it such as former employees or people who have changed positions and no longer require access.
4. Ensure all devices have the latest available security updates.
5. Do not use USBs or external hard drives from an unfamiliar source as they may contain malware which can infect your computer systems.
6. Use a spam filter on your email account.
7. Be wary of downloading attachments or opening email links.
8. Secure your wireless network and be careful when using public wireless networks.
9. Monitor your accounts (including bank accounts, digital portals and social media) for transactions or interactions you did not make.
10. Back up your systems regularly.

Protecting your business with cyber insurance

The flow-on effects from a cyber incident can be significant – financial loss through fraud or business interruption, remediation costs, litigation, and damage to your reputation.

Making sure your systems, processes and staff training are as robust as possible is your first line of defence.  Cyber insurance can then provide your business with an added layer of assurance in the event of a cyber incident by providing cover for many of the associated costs.

With respect to coverage, cyber insurance policies have nuances in policy wordings that, if not addressed, could have a substantial impact in the event of a claim.  It is therefore crucial to understand the level of coverage the policy provides and any exclusions.  To ensure you have the right level of coverage you’ll need a thorough understanding of the types of risk you’re exposed to as well as the financial impact an attack would have on your business.  You can then look for a policy that is a good fit for the level of risk and exposure which is unique to your business.

Further help

If you would like further information on this topic, or would like help choosing an insurance advisor, please contact a member of our team on 07 3831 1055 or [email protected]

DISCLAIMER: The information on this website and the links provided are for general information only and should not be taken as constituting professional advice from Hall Browns Accountants. You should consider seeking the appropriate legal, financial, or taxation advice to check how the website information relates to your unique circumstances.