Like it or not, these days we all have to come to terms with a new and very real threat: cyberattack. There’s not a single business owner I’m aware of who hasn’t been either a victim themselves or known someone who has, simply because of a naive trust in the internet of things.
Picture this: some neighbours of mine, a lovely older couple, recently received a knock on their door from a convincing con artist disguised in tradesmen’s overalls. He claimed he was there to fix their roof on the premise that it was in urgent need of repair. He then persuaded the lady to go out and withdraw $800 dollars from her bank account. When she returned home, her discovered her whole house robbed, including her most valuable and last remaining jewels. She was shattered, never to trust again.
Sadly, this degree of vulgarity is not just anecdotal – it’s today’s norm. In a 2018 report by PricewaterhouseCoopers, it was revealed than more than half of Australian companies have been affected.
It could very well be happening to you right now. You could be liaising with a fake ‘supplier’ that baits you with something that looks legitimate but is ultimately a poker ‘bluff’ – an email saying something like “We’ve been hacked and defrauded, so we’ve decided to change our bank details, please make your payment to our new bank account…” – so you go ahead with payment, and before you know it, the money is gone and you have no way of getting it back. This is just human error – but it happens more often than many people realise. In fact, 36% of data breaches occur this way.
Cybercrime is happening so often that our Federal Police can’t even keep up with it. It’s no longer a passing trend, and it’s not just hitting big business – small business is particularly vulnerable as their IT systems are comparatively weak, with only basic security measures in place, and they are often least able to withstand interruptions to operation. In fact, recent research by US telco giant Verizon showed that small business makes up 58% of businesses affected.
Not just an IT problem
This is an ongoing issue you must pay attention to – even if you outsource your IT!
It’s not just an IT problem, it affects every area of your business – so make being cyber aware part of regular weekly communication with all staff. Put it on every agenda in your monthly management meetings and in every staff induction. And don’t forget to include it in discussions with your broker.
Reporting a breach is now law
The impact of data breach rarely stops at your backdoor. A vast majority of Australian small businesses hold valuable data belonging to other parties such as clients, suppliers and staff.
In a move to offer these parties greater protection and remediation in case of breach, the Australian government introduced the Notifiable Data Breaches Scheme, an amendment to the Privacy Act 1988. Taking effect in February 2018, the Scheme requires any breach
causing a leak of personal information that could be harmful be reported to the Information Commissioner. In this situation, there are very specific steps you must take, so make sure you seek professional guidance.
Most commonly, the situations where you would be required to report a breach are:
- When you are the victim of a malicious cyberattack, such as ransomware and malware
- When you accidently share personal, confidential information with unauthorised parties
It can be complex to understand these issues and take appropriate remediate action – so make sure you assess your business’ susceptibility to this risk – again, seeking professional help is recommended.