Story image

Why Australian businesses should add cybersecurity to the end of financial year checklist

20 Jun 2018

Australian organisations should be looking at their ICT security as part of their planning process for the new financial year - and making sure they have adequate ICT security measures in place for networks, data and devices for the next 12 months and beyond.

Adelaide-based cybersecurity consultancy firm CQR has provided a quick checklist to help businesses sort their security.

Check your cover

A new financial year is a good time to review your various insurance policies. Determining whether your organisation would benefit from cyber liability cover should be part of the process. This is a form of cover designed to help organisations mitigate the frequently significant costs associated with recovering from a cyber related attack or security breach.

A niche product just a short time ago, cyber insurance has gone mainstream, in the wake of a tsunami of businesses of all stripes shifting their operations online and embracing social media as a means of communicating with customers.

A reputable broker can provide you with information about your cyber liability insurance options and assist you to secure cover which is suited to the size and scale of your organisation.

It’s important to note that cyber liability insurance should not be regarded as an alternative to implementing robust cyber security measures. In fact, businesses may struggle to get cover if they’re unable to demonstrate that they have reasonable measures in place. These may include implementing appropriate software tools, updating them regularly and training staff to reduce the likelihood of internal security breaches occurring.

Ramp up security education and training

Prevention is better than cure. When it comes to warding off cyber infiltrations and privacy breaches, ongoing education is the most effective pre-emptive action you can take.  

Now is a good time to put a training program in place to educate staff about day-to-day security practices that can help keep company and customer data out of the wrong hands.

Ensuring security awareness is ingrained in every employee takes time and training will only be effective if it’s a regular occurrence, not a one-off initiative or an afterthought to the induction process for new starters 

Understand your privacy reporting responsibilities

Experts estimate thousands of serious data breaches occur each month. There are stiff penalties for Australian businesses which fail to inform customers and the Office of the Information Commissioner if they experience or suspect one.

A serious data breach is any situation where personal information is compromised – think customer names, contact details or personal records. Penalties for not reporting breaches within 30 days can be as high as $1.8 million for serious or repeat offenders.

The introduction of new privacy laws on February 22 was expected to catch thousands of small businesses on the hop. If you’ve yet to review your privacy policy and develop a data breach response plan, now is a good time to get to grips with your reporting responsibilities and ensure you have it covered off.

Keep data safe in the cloud

If your business hasn’t moved some or all of its ICT activity to the cloud, it’s likely you’re assessing the business case for doing so and finding it a compelling one. Addressing data security implications is a vital part of this process. Having experts evaluate your technology, people and processes can help ensure applications are migrated smoothly and safely.

Fraud alert

While it’s not technically an IT risk, invoice fraud is a broader security issue. End of financial year is the peak season for it, as businesses look to close off their accounts and square up with suppliers, and experts say this year has seen an unprecedented level of activity.

Ensuring your account payable process is robust and you have checks in place to identify rogue invoices is a sensible addendum to your end-of-financial-year cyber security review.

Getting started

Sometimes the toughest thing about implementing a cyber-security strategy can be getting started. Start by acknowledging that cyber-security isn’t just an IT problem – it’s an enterprise-wide matter.

Staff from across the organisation will be the strongest line of defence in your campaign to protect company and customer data from privacy breaches and malicious activity. 

Input from employees in the finance, human resources and executive teams can help identify areas within the business which are especially vulnerable while a security audit by an external consultancy may flag any risks or gaps you’ve missed.

Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.