Forum Discussion

klompy's avatar
klompy
Icon for Iress Contributor rankIress Contributor
8 months ago

What steps have you and your team taken to address cybersecurity risk?

Recent CoreData research suggests advice practices could lose at least 13% of business in the aftermath of a cybersecurity incident. In light of this alarming figure, I want to know what steps have you and your team taken to address cybersecurity risk?

I also encourage you to register for the upcoming webinar on February 29th at 9:00 am AEDT where fraser-jack and I will be looking at real-life stories of cyber breaches and what you can learn from them! Click here to register.

  • anne.graham's avatar
    anne.graham
    Icon for Advisely Index Top 10 rankAdvisely Index Top 10

    Hi klompy - our business undertook a cyber security audit by fraser-jack 's team last year and it was a very thorough process. We have implemented many of the recommendations made including ongoing staff training and awareness. The feedback from IT providers was interesting as they learned some things they didn't know about and are now spreading the word amongst their other business clients. My two biggest concerns in the business are looking after our team and the risk around cyber and to say we are vigilant is an understatement. 

    • klompy's avatar
      klompy
      Icon for Iress Contributor rankIress Contributor

      That's great feedback Anne!

      Making sure people (both team and clients!) keep cyber risks front of mind is such an important step! And doing the IT audit is so necessary.

      Has your team done or considered sharing any cyber tips/content with your clients?

      • anne.graham's avatar
        anne.graham
        Icon for Advisely Index Top 10 rankAdvisely Index Top 10

        Thanks klompy - we do share tips with clients, and they are often a result of the regular training we do which keeps things front of mind. We have clients now contacting us if they get a weird text or odd email - 100% it's spam or a bit suspicious. The hardest thing is to convince people not to email us their bank details or TFN!! We do use a portal but breaking old habits can be a challenge.

         

    • jenny.brown's avatar
      jenny.brown
      Icon for Advisely Team rankAdvisely Team

      Great feedback anne.graham we are about to meet with fraser-jack to discuss doing a cyber security audit ourselves.  Looking forward to what we need to implement to help our security score. Like you we are super vigilant, but unfortunately in today's world, you can't be too careful.

    • rainier.reyes's avatar
      rainier.reyes
      Icon for Advisely Team rankAdvisely Team

      Thanks for sharing this, fraser-jack ! The discrepancy between expectations around data breaches is super interesting - I wonder why advisers and clients are evidently misaligned on this issue?

    • jenny.brown's avatar
      jenny.brown
      Icon for Advisely Team rankAdvisely Team

      Now they are some scary stats fraser-jack which provide a telling story to ensure we don't ever have a data breach!

  • fraser-jack's avatar
    fraser-jack
    Icon for Advisely Partner rankAdvisely Partner

    It really is all about the conversations that your team has with your clients (and others) in forming good cyber habits. Your clients are a big part of the supply chain risk to any professional firm. I have heard so many stories that start with "my client's email was hacked and..."

  • fraser-jack's avatar
    fraser-jack
    Icon for Advisely Partner rankAdvisely Partner

    rainier.reyes, I would expect it's because we don't want anything bad happening to ourselves. But the evidence is scary for professional firms that could lose most of their business value overnight.

  • deladz's avatar
    deladz
    Icon for Advisely Board rankAdvisely Board

    We follow the usual IT processes and have 2FA on almost everything. We still feel very exposed and would love to hear more ideas on how we can be more protected!

  • deborah.kent's avatar
    deborah.kent
    Icon for Advisely Index Top 10 rankAdvisely Index Top 10

    klompy Back in 2020 we engaged an IT consultant to review our entire practice for security, this was especially important during Covid working remotely which we now do full time.  He put in place a number of security systems such as ESET, bitlocker and 2FA on most of our systems, he also does regular training with staff and reports on issues that happen in Cyber Crime so we are aware of issues that can happen, just last week he emailed us about a client that had the 2FA hacked !! he is super conservative and has protected us from making decisions on software that potentially could be an issue.  We just dont know this stuff so having an expert there on call is great and I recommend every practice should have one