4 Essential Questions Every Business Owner Must Ask to Boost Cyber Resilience
Highlights
- Brought to you by ADITS, the newest ACS Professional Partner and sponsor of our Springfield Cyber Security Breakfast, hear from Adam Cliffe, Managing Director of SEQ on the 4 essential questions to gauge cyber security maturity and resilience.
More than $98 million was lost to business email compromise (BEC) in just one financial year. In the same period, over 24 million malicious domain requests were blocked by the government. Cyber threats and incidents continue to increase and evolve – how do you keep up?
You must keep reinforcing your cyber security. Here are the vital questions to ask as a guide for your business, then take the next step at the end of this article.
Q1: How does my business handle data, where is it, and who has access to it?
Many businesses could not answer this question and that is a huge problem. Why? Because data management and governance are critical to keeping your business protected.
Ensuring the security and integrity of your business data depends on how you handle it, including:
· How you collect the data
· Where you store it
· How it can be accessed
· Who are allowed to access it
· How it is used
The lack of clear data management guidelines can expose your business to:
· Increased risk of data breaches
· Compliance violations
· Operational disruptions
· Legal liabilities
· Reputational damage
You can avoid those with good data governance and data management – which can also improve the quality, reliability, and usability of your data for decision making and innovation.
Q2: What training have we provided our team to counter cyber threats?
Your people can be your leading partners in warding off cyber threats, or they can be the biggest risk to your security. In general, human error causes 95% of data breaches. To avoid that in your business, equip your people with the right knowledge and skills.
The cyber security principles published by the Australian Signals Directorate (ASD) recommends that personnel “are provided with ongoing cyber security awareness training.” (Protect principles P13)
Without proper cyber security training, you will remain vulnerable to threats like phishing attacks, ransomware, data breaches, and identity theft. On the other hand, providing your employees with comprehensive cyber security training on a regular basis can help them to:
· Significantly reduce their risk
· Learn to identify potential threats
· Understand the tactics used by cyber criminals
· Effectively implement your cyber security strategies
· Contribute to your cyber security posture
· Foster a business culture of cyber awareness
Q3: Is our cyber security strategy reactive or proactive?
You will hear this again: It’s easier and less costly to prevent a cyber threat than to deal with a cyber-attack.
Why? Here’s a comparison:
PROACTIVE CYBER SECURITY |
REACTIVE CYBER SECURITY |
INVESTMENT: You invest to prevent cyber-attacks. |
COSTLY EXPENSES: You pay for the consequences of cyber-attacks – in actual losses, direct costs, potential loss of income, legal expenses, remediation, and related costs. |
PREVENT NOW: Implements security controls and protective measures |
REPAIR LATER: Involves investigating, remediating, and recovering from a cyber-attack |
STREAMLINED: Ongoing planning and preparation do not have to impact your regular operations |
DISRUPTIVE: Downtime can be highly disruptive, often involving stoppage or slowdown of operations |
EFFECTIVE: The best way to protect your organisation from cyber threats |
IMPRACTICAL: Totally ineffective in preventing cyber-attacks |
You might say, “But our MSP is on top of it anyway.” Are you sure that cyber security services are specifically included in the services you’re getting from them?
The general misconception is that Managed IT includes security – but by default it does not. You need a proactive cyber security solution, such as CyberShield. This will help you in:
· Protecting your IT infrastructure and data
· Preventing cyber-attacks and breaches
· Complying with regulatory requirements
· Building trust among stakeholders
· Ensuring business continuity and reducing downtime
· Minimising possible losses, liabilities, and damage
Finally, and most importantly…
Q4: If we were hacked tomorrow, what would be the consequences?
What were the consequences of cyber incidents that happened in Australia in the past months? The Optus data breach in September 2022 exposed the personal data of 10 million customers. When Woolworths’ CRM was hacked a month later, the information of 2.2 million customers were affected. However, it goes beyond that for most victims, as shown below:
BUSINESS |
INCIDENT |
CONSEQUENCES |
Cyber Extortion via a Data Breach (Nov 2022) |
Exposed data of more than 4 million people Class action $1.7 billion drop in market value of shares Decrease in sales Reputational damage |
|
Data breach (Mar 2023) |
Exposed the personal data of 14 million customers Overall loss of $98 million in just 6 months, including $53 million in actual expenses Reputational damage |
|
Data breach (Mar 2023) |
Up to $2.5 million in related costs Share prices dropped by 12% Reputational damage |
So, don't just think about the financial cost of a cyber-attack. There is also business disruption (with immediate effect on sales) plus the lingering negative impact on business reputation, which could affect even future financial performance.
Are you ready to face such consequences?
Cyber Security Experts are Ready to Help
To avoid the impact of any cyber-attack, the best thing to do is to reduce the risk of cyber threats. Answering the questions above are a good initial exercise to assess your readiness. To boost your business’ cyber resilience, you must take the next steps to ensure you’re prepared and can recover from cyber threats.
Start by reading “8 Simple Steps to Bolster Cyber Security For Your Business ASAP”.
ADITS also offers a free consultation with our cybersecurity specialists.
To expand QLD cybersecurity horizons, we invited members and guests to attend our recent event, Cyber Security & Keeping Springfield City Safe. This breakfast event happened on Thursday 26th October 2023 and was presented by ACS, the association for Australia’s technology professionals, sponsored by ADITS, and supported by Springfield City Group. Read more about the event here.
Meet the Author, Adam Cliffe
Adam Cliffe is the Managing Director of SEQ at ADITS, a Technology Solutions Provider in South-East QLD. He has over 15 years of experience in the IT sector, working with various industries such as healthcare, nonprofits, law, and engineering. He is passionate about technology and people, and strives to create strong relationships, teamwork, and community involvement. He has expertise in implementing strategic IT platforms and leading dynamic teams across different locations.