The first line of defence
According to the Telstra Cyber Security Report 2018, 60 per cent of respondents experienced a business interruption due to a security breach over the past year. Traditionally we have believed that only the biggest targets need to worry about serious cyber risks, but a swathe of cottage industry hackers and hacktivist groups have shown that any business can be a target – no matter how big or small – and therefore every business should be protected. Adding even more importance to this issue is the fact that businesses have recently added requirements to report data breaches under the Federal Government’s Privacy Act 2018.
As customers invest more of their money and personal information into businesses, the threat shifts from protecting not only your data but protecting everyone else’s data as well. If your business were compromised tomorrow, who would you need to tell about the breach? And how exposed would you be to legal action?
For this reason, executives and business managers need to be involved in cyber security discussions from the outset, and be aware of the risks to their company data, as well as the data of customers and other parties working with the business like contractors and suppliers.
Smaller businesses are now being seen as easier targets, or as gateways to access larger corporations through supplier lists or personal data. To this end, having an action plan that lays out the steps needed in the event of a breach could make sure your business is prepared and knows the steps of escalation from capturing the breach, to resolving the issue and locking down the data.
Investing in tomorrow
As businesses grow, the IT and cyber security needs change. As small businesses become medium businesses, the risks to internal data and business security shift and the scale of a breach can grow exponentially.
A greater media focus on cyber security and hacking over the past year has changed the way that larger organisations are investing in security. But for smaller businesses who can’t afford large IT teams, building established relationships with trusted providers instead can be a solid first step, as it provides experts as required, rather than at a full-time cost.
Open lines of communication
Smaller businesses are looking more and more to the kinds of services that solve the lack of access to Chief Information Officers or Chief Information Security Officers. These services allow businesses that don’t necessarily have access to senior IT personnel to work with industry experts who can help them plan security.
Many organisations still operate under the assumption that they won’t have an issue but, according to the 2018 Security Report, estimates suggest that in the past year at least two out of five small-to-medium businesses will have been targeted.
While planning is critical to success in the security space, ensuring all staff are practiced and prepared to communicate vital information when it’s needed can ensure that normal services are returned as efficiently as possible.
Ideally, every business should have a cyber response plan that maps out who the key stakeholders are in your organisation and outlines who needs to know what and when.
The planning and development phase of security can have a huge effect on how protected your business is. From involving business leaders early, to investing smartly and watching like-minded businesses, there are a multitude of measures available to keep your data safe.
Originally published April 10th 2016. Updated March 28th 2019.