Story image

Why Australian businesses should add cybersecurity to the end of financial year checklist

20 Jun 2018

Australian organisations should be looking at their ICT security as part of their planning process for the new financial year - and making sure they have adequate ICT security measures in place for networks, data and devices for the next 12 months and beyond.

Adelaide-based cybersecurity consultancy firm CQR has provided a quick checklist to help businesses sort their security.

Check your cover

A new financial year is a good time to review your various insurance policies. Determining whether your organisation would benefit from cyber liability cover should be part of the process. This is a form of cover designed to help organisations mitigate the frequently significant costs associated with recovering from a cyber related attack or security breach.

A niche product just a short time ago, cyber insurance has gone mainstream, in the wake of a tsunami of businesses of all stripes shifting their operations online and embracing social media as a means of communicating with customers.

A reputable broker can provide you with information about your cyber liability insurance options and assist you to secure cover which is suited to the size and scale of your organisation.

It’s important to note that cyber liability insurance should not be regarded as an alternative to implementing robust cyber security measures. In fact, businesses may struggle to get cover if they’re unable to demonstrate that they have reasonable measures in place. These may include implementing appropriate software tools, updating them regularly and training staff to reduce the likelihood of internal security breaches occurring.

Ramp up security education and training

Prevention is better than cure. When it comes to warding off cyber infiltrations and privacy breaches, ongoing education is the most effective pre-emptive action you can take.  

Now is a good time to put a training program in place to educate staff about day-to-day security practices that can help keep company and customer data out of the wrong hands.

Ensuring security awareness is ingrained in every employee takes time and training will only be effective if it’s a regular occurrence, not a one-off initiative or an afterthought to the induction process for new starters 

Understand your privacy reporting responsibilities

Experts estimate thousands of serious data breaches occur each month. There are stiff penalties for Australian businesses which fail to inform customers and the Office of the Information Commissioner if they experience or suspect one.

A serious data breach is any situation where personal information is compromised – think customer names, contact details or personal records. Penalties for not reporting breaches within 30 days can be as high as $1.8 million for serious or repeat offenders.

The introduction of new privacy laws on February 22 was expected to catch thousands of small businesses on the hop. If you’ve yet to review your privacy policy and develop a data breach response plan, now is a good time to get to grips with your reporting responsibilities and ensure you have it covered off.

Keep data safe in the cloud

If your business hasn’t moved some or all of its ICT activity to the cloud, it’s likely you’re assessing the business case for doing so and finding it a compelling one. Addressing data security implications is a vital part of this process. Having experts evaluate your technology, people and processes can help ensure applications are migrated smoothly and safely.

Fraud alert

While it’s not technically an IT risk, invoice fraud is a broader security issue. End of financial year is the peak season for it, as businesses look to close off their accounts and square up with suppliers, and experts say this year has seen an unprecedented level of activity.

Ensuring your account payable process is robust and you have checks in place to identify rogue invoices is a sensible addendum to your end-of-financial-year cyber security review.

Getting started

Sometimes the toughest thing about implementing a cyber-security strategy can be getting started. Start by acknowledging that cyber-security isn’t just an IT problem – it’s an enterprise-wide matter.

Staff from across the organisation will be the strongest line of defence in your campaign to protect company and customer data from privacy breaches and malicious activity. 

Input from employees in the finance, human resources and executive teams can help identify areas within the business which are especially vulnerable while a security audit by an external consultancy may flag any risks or gaps you’ve missed.

WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
AI helping businesses stay ahead of threats - LogRhythm
AI is being used to anticipate new threats and mediate and minimise the damage caused by breaches.