Essential steps to protect against cybersecurity risks and avoid financial distress.
A successful cybercrime attack can cause major damage to your business, affecting your bottom line, as well as your business' standing and consumer trust. The Department of Infrastructure, Transport, Regional Development, Communications and the Arts has reported on the cost of cybercrime to Australia, identifying that 33% of businesses experience a cybercrime, 60% of all targeted attacks are on small and medium businesses and the average cost of a cybercrime attack to a business is over $275,000. According to the Australian Small Business and Family Enterprise Ombudsman over 60% of SME businesses don’t survive a cybercrime attack or data breach. Consequently, it is imperative for company directors to prioritise cybersecurity measures to protect their organisations from these risks.
Company directors need to take ownership of cyber strategy and ensure that policies and systems are implemented and reviewed on a periodic basis to assess progress against success measures and in response to cyber threats. Businesses are encouraged to implement mitigation strategies to help protect themselves against various cyber threats using protocols developed by the Australian Cyber Security Centre called the Essential Eight. This article summarises what businesses can do to fortify their defences and mitigate the threat of cyber-attacks, ultimately safeguarding their financial stability and avoiding insolvency.
Conduct a comprehensive cyber risk assessment: Begin by assessing your business's current cyber security posture to identify potential vulnerabilities, analyse existing security measures, and evaluate the financial, reputational, and legal impact of a breach on your company's health. This assessment will serve as the foundation for developing an effective cyber security strategy.
Develop a robust cybersecurity policy: Craft a comprehensive cyber security policy tailored to your business needs. This policy should establish guidelines for secure employee behaviour, data handling protocols, incident response plans and regular security awareness training. Ensure that the policy is communicated to all employees and regularly reviewed and updated as technology and threats evolve.
Implement strong access controls: Enforce strict access controls to limit employee and external user privileges and restrict administrative privileges. Employ a principle of least privilege, granting access only to necessary resources. Restrictions should be enforced on Microsoft Office macros unless they have a specific business requirement, and if Microsoft Office macros are required, they should be restricted to only the specific applications required. Use multifactor authentication for critical systems and regularly review and revoke access for employees who leave the company.
Keep software and systems updated: Implement operating system hardening to secure the system by removing or disabling applications, user accounts and unnecessary features that cyber attackers can infiltrate to gain access. Regularly update all software, operating systems, and firmware to address vulnerabilities and protect against known exploits. Enable automatic updates whenever possible and maintain a rigorous patch application operating system management process to mitigate the risk of cyber-attacks leveraging outdated software.
Employ secure data backup procedures and recovery systems: Implement regular data backups and store them securely offline or in the cloud. Test data restoration processes periodically to ensure backups are reliable and up to date. This measure ensures business continuity in the event of a breach, preventing critical data loss and reducing the impact on operations.
Deploy firewalls and intrusion detection systems: Install firewalls and intrusion detection systems to monitor and filter incoming and outgoing network traffic. Regularly review and update firewall configurations to reflect the changing cyber threat landscape. Develop a robust application control executing on your systems to provide a security approach to protect against malicious code (known as malware). Intrusion detection systems can provide real-time alerts of potential security breaches, enabling swift response and cyber risk mitigation.
Encrypt sensitive data: Implement encryption mechanisms to protect sensitive data. Encryption ensures that even if data is intercepted, it remains unreadable and unusable. This is particularly crucial for important confidential client and personal information and financial data.
Establish incident response and business continuity plans: Develop and test incident response and business continuity plan to effectively handle security breaches and cyber-attacks. These plans should include steps for isolating compromised systems, notifying stakeholders, engaging legal counsel, and resuming normal business operations as quickly as possible.
Regularly monitor and audit systems: Implement continuous monitoring and regular security audits to detect and address vulnerabilities promptly. Utilise automated security tools, log analysis, and intrusion detection systems to proactively identify threats and mitigate risks before they can cause significant harm.
Foster a culture of cybersecurity awareness: Educate and empower employees to recognise and respond to cyber threats effectively. Conduct regular cybersecurity training sessions to raise awareness about common attack vectors, phishing scams and social engineering tactics. Encourage employees to report suspicious activity promptly and promote a proactive security culture.
The evolving cyber threat landscape demands proactive measures from company directors to protect their businesses. By implementing these crucial steps, organisations can bolster their defences, reduce the risk of cybercrime attacks, safeguard their financial stability, and avoid the perils of insolvency.
Contact us if you need assistance or advice in relation to your cybersecurity risk assessments or policies. Cathro & Partners are experts in providing compliance and advisory services that help to create and to preserve business value. Cathro & Partners is a boutique firm specialising in restructuring, turnaround, insolvency, safe harbour, secured enforcement services and pre-lending services.
John Laird leads the Cathro & Partners Government Advisory division. For more information, please contact:
John Laird, Cathro & Partners
Ph: 02 9189 1718
Further information can be found at:
The Australian Cyber Security Centre provides numerous cyber threat protection guides including a guide for small business and the Essential Eight Guide at: Home | Cyber.gov.au
The Australian Securities & Investments Commission provides guidance on good practices for businesses to operate highly adaptive and responsive cyber resilience processes at; Cyber resilience good practices | ASIC
The Cost of Cybercrime to Australia:
If you need to report a cyber incident visit the Australian Cyber Security Centre website or call the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371)