Story image

If you only keep one New Year’s resolution, protect your business

28 Jan 2019

Article by Webroot senior information security analyst Dan Slattery.

Despite the introduction of global regulations like the General Data Protection Regulation (GDPR) in Europe Australia’s Notifiable Data Breaches (NDB) legislation, cybercrime remains a huge threat to businesses of all sizes. 

It’s only a matter of time before a major breach with profound impact occurs. Breaches weren’t limited to any particular industry, either, 2018 saw high-profile data breaches in  everything from healthcare to social media; from Cathay Pacific to Google Plus.

Yet it’s small to medium businesses (SMBs) that are particularly vulnerable, given they make up the vast majority of all businesses, coupled with their high rate of internet usage. 

Over in Australia, cybersecurity costs the economy approximately $1 billion every year and is on the rise, yet Their SMBs are remarkably overconfident about their cybersecurity strategies.

A survey of SMBs from 451 Research found that over the past two years, 71% of respondents experienced a breach or attack that resulted in operational disruption, reputational damage, significant financial losses or regulatory penalties. 

Given the high failure rate of small businesses, avoiding these unnecessary disruptions should be an SMB’s top priority. According to Webroot’s SMB Cybersecurity Preparedness report, Australian mid-sized businesses estimate a cyber attack would cost on average $994,025 – a huge loss for any business.

Yet nearly half (49%) of those SMBs surveyed said cybersecurity was a low priority, and 90% said they already had appropriate security technologies in place. 

All businesses, no matter the size, could benefit from a risk profile evaluation. Every business has different risk factors. If you don’t have the expertise, a Managed Service Provider (MSP) can assess your security infrastructure and work with you to develop a plan for ongoing risk mitigation. 

Given the proliferation of breaches recently (and they’re just the ones that have been reported!), businesses should plan for the worst. Develop a data breach response plan that includes security experts to call and a communications response plan to notify customers, staff, and the public. Make sure you are regularly backing up your data with hard data and offline versions. 

Some additional pieces of advice for business owners to ensure they’re prepared and complaint include:

Know your data - Know what personal data your organisation has, where it’s stored, and in what systems. Regularly schedule audits and allocate resources for this work.

Delete - Make sure any data you do not need is deleted securely. There are legal requirements for maintaining certain types of data, but when data retention is not required, disposing of it helps reduce risk. 

Communicate - With any process change, effective communication is essential. Proper internal communications with employees and external communications with suppliers will help make them aware of changes and give them time to amend their own processes. Regular security awareness training is also a vital method of ensuring the team internally are able to identify security threats.

Assess - When auditing personal data processes in relation to the NDB scheme, consider if a privacy impact assessment is required. 

Comply - If there is a security breach within your organisation, follow your country’s regulations. Under these regulations, it’s essential to be transparent and inform affected individuals within the specified timeline.   

Implementing these steps could ensure small and medium businesses do indeed have a Happy New Year. 

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Hands-on review: The ruggedly tough CAT S61 smartphone
The driveway beckoned me, so I dropped the phone several times.  Back in the study, close examination has failed to reveal a single scratch.
How printing solutions can help save the planet
Y Soft has identified five key ways organisations can become more economical and reduce their environmental impact.
Is NZ’s tech industry starting to mature?
Technology is New Zealand’s fastest growing and third biggest industry.
How Kiwibank aims to enable greater digital inclusion
"Online tools can offer a more convenient and cheaper customer experience, but there can be barriers to usage."
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Inland Revenue to shut down services later this week
“There’s never an ideal time to shut down the tax system but we’re confident the changes will make any inconvenience worthwhile.”
NZ managers prefer intuition to big data, Massey study finds
Many senior managers in New Zealand businesses have an inherent distrust of big data, opting instead to rely on their own intuition.