Cyber attacks and data breaches can lead to more than just reputational damage; there are potentially sizeable financial losses to consider.
The Australian Signals Directorate (ASD) annual Cyber Threat Report 2022-23 revealed the cost of cybercrime is up 14% year-on-year. On average, an incident cost medium-sized Australian businesses $97,200.
Penalties can also apply if the breach isn’t reported to those affected or the Office of the Australian Information Commissioner (OAIC).
So, how should you go about prioritising cyber safety?
Start by taking stock of your current cyber safety measures. A good starting point is to review your software stack. Moving towards fewer applications by investing in more integrated solutions is a great way to minimise risks.
Our research shows high-performance advice firms are also driving better efficiencies by streamlining their software platforms down to one. This can also save money as it means holding fewer subscriptions.
Ask yourself, do you:
- Have an incident response plan to mitigate the impact of a breach?
- Have a clear understanding of your assets and their value to your business?
- Regularly update your software to the latest product versions?
- Implement two factor authentication (2FA)?
- Backup critical data regularly and test recovery procedures?
- Use firewalls, intrusion detection and encryption?
- Leverage cloud-based services wherever possible?
Set up the right training
Running a training course is a practical way you can help in the fight against cybercrime.
With an eye on budgets, a program could be built in-house. It could look at avoiding phishing email scams, managing online passwords and enabling multi-factor authentication.
Selin Ertac, principal consultant at Tangelo Advice Consulting, says practice owners should ensure staff don’t store any client information on personal email addresses as this can expose the business to unnecessary risk: “Ensure there’s a ‘whole team’ approach. Everyone in the business should be aware of the cyber plan and what’s expected of them if an incident arises.”
Some cyber insurance providers offer help with incident response planning and other security measures as part of their service.
A recent report found companies with cyber insurance had fewer breaches and quicker detection processes than those without cover.
If you run a practice, cyber insurance should be on your radar.
Policies can potentially cover data breaches, legal fees and business interruption. But their scope and the sums insured will vary. It’s worth taking the time to find the appropriate level of cover for your needs.
More cyber safety information
If you’re concerned about a potential cyber breach, you can report any incidents to the Australian Cyber Security Centre.
If you aren’t already across it, the 2023-2030 Australian Cyber Security Strategy outlines government plans to protect companies and individuals from future cyber threats.
The Australian Cyber Security Centre offers independent advice from well-regarded sources.
Advisely Team