Story image

If you only keep one New Year’s resolution, protect your business

28 Jan 2019

Article by Webroot senior information security analyst Dan Slattery.

Despite the introduction of global regulations like the General Data Protection Regulation (GDPR) in Europe Australia’s Notifiable Data Breaches (NDB) legislation, cybercrime remains a huge threat to businesses of all sizes. 

It’s only a matter of time before a major breach with profound impact occurs. Breaches weren’t limited to any particular industry, either, 2018 saw high-profile data breaches in  everything from healthcare to social media; from Cathay Pacific to Google Plus.

Yet it’s small to medium businesses (SMBs) that are particularly vulnerable, given they make up the vast majority of all businesses, coupled with their high rate of internet usage. 

Over in Australia, cybersecurity costs the economy approximately $1 billion every year and is on the rise, yet Their SMBs are remarkably overconfident about their cybersecurity strategies.

A survey of SMBs from 451 Research found that over the past two years, 71% of respondents experienced a breach or attack that resulted in operational disruption, reputational damage, significant financial losses or regulatory penalties. 

Given the high failure rate of small businesses, avoiding these unnecessary disruptions should be an SMB’s top priority. According to Webroot’s SMB Cybersecurity Preparedness report, Australian mid-sized businesses estimate a cyber attack would cost on average $994,025 – a huge loss for any business.

Yet nearly half (49%) of those SMBs surveyed said cybersecurity was a low priority, and 90% said they already had appropriate security technologies in place. 

All businesses, no matter the size, could benefit from a risk profile evaluation. Every business has different risk factors. If you don’t have the expertise, a Managed Service Provider (MSP) can assess your security infrastructure and work with you to develop a plan for ongoing risk mitigation. 

Given the proliferation of breaches recently (and they’re just the ones that have been reported!), businesses should plan for the worst. Develop a data breach response plan that includes security experts to call and a communications response plan to notify customers, staff, and the public. Make sure you are regularly backing up your data with hard data and offline versions. 

Some additional pieces of advice for business owners to ensure they’re prepared and complaint include:

Know your data - Know what personal data your organisation has, where it’s stored, and in what systems. Regularly schedule audits and allocate resources for this work.

Delete - Make sure any data you do not need is deleted securely. There are legal requirements for maintaining certain types of data, but when data retention is not required, disposing of it helps reduce risk. 

Communicate - With any process change, effective communication is essential. Proper internal communications with employees and external communications with suppliers will help make them aware of changes and give them time to amend their own processes. Regular security awareness training is also a vital method of ensuring the team internally are able to identify security threats.

Assess - When auditing personal data processes in relation to the NDB scheme, consider if a privacy impact assessment is required. 

Comply - If there is a security breach within your organisation, follow your country’s regulations. Under these regulations, it’s essential to be transparent and inform affected individuals within the specified timeline.   

Implementing these steps could ensure small and medium businesses do indeed have a Happy New Year. 

GoCardless to double A/NZ team by end of year
With a successful E round of investment and continuing organic growth globally, the debit network platform company aims to expand its local presence.
NZ’s Maori innovators are on the rise
“More iwi investors need to recognise that these sectors will provide the high-value jobs our children need."
Phone ringing? This biohack wants you to bite down and ChewIt
So your phone’s ringing, but instead of swiping right or pushing a Bluetooth button you bite down on a tiny piece of tech that sits in your mouth.
How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Time's up, tax dodgers: Multinational tech firms may soon pay their dues
Multinational tech and digital services firms may no longer have a free tax pass to operate in New Zealand. 
Spark’s new IoT network reaches 98% of New Zealand
Spark is the first company to confirm the nationwide completion of a Cat-M1 network in New Zealand.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.