Every year, cyber fraud costs Australian businesses $33 billion dollars. And that’s only the self-reported losses – losses that are unreported could be double this amount. It’s hard to say what is the true cost to the business owner. Leaked customer details, hijacking of websites, stealing client payment information, lack of trust in your business by your customers – these are all costs that are difficult to estimate. Being victim to cybercrime can be as simple as using new software that isn’t secure or neglecting to update a patch in existing programs.
There is no excuse for ignoring cybersecurity – the regulator has made this very clear. The Australian Competition & Consumer Commission and Office of the Australian Information Commissioner (OAIC) regulate online safety, cybersecurity and privacy. In Australia, fines of up to $1.8m can be issued to small businesses for failing to ensure privacy and safety of customer data, or for breaches of cybersecurity regulations.
Cybersecurity Can Be Easily Managed if We Recognise Two Important Facts
1. Your business is growing and changing
2. Cybersecurity must be managed on an ongoing basis – it is not set and forgotten about
Due to the impacts of COVID 19, there has been a greater change to business operating models than ever before. Employees working from home, updating payment systems for eCommerce and video conferencing are just some of the adaptations that businesses have made for pandemic conditions. While technology has been able to quickly adapt to our needs in these areas, this has meant that rapid change has left businesses vulnerable.
If you think about all the changes you’ve adopted and made over the last three years, your business probably looks very different from pre-pandemic times.
How Often Should You Conduct a Cybersecurity Audit?
Let’s ask a few questions to make that decision.
When Did You Last Conduct a Cybersecurity Audit?
If the answer is “never”, then you could book in today and start with a clean slate. Don’t panic, Techwell can help you with an introductory audit that will quickly identify any areas of concern and give you peace of mind that your business is secure and compliant.
If you’ve had an audit two years or more ago, then it’s time to book in again. Think about the amount of change your business has undergone in that time – it’s prudent to have a careful look at what you’re using now and how you can maximise the effectiveness of your current security measures. Consider how much change you’ve undergone, and what you’re doing differently now than you were two years ago.
What if your last audit was twelve months ago – do you need to be audited every year?
The short answer is yes, and here are the reasons:
Consider the amount of change that your business has faced in the last year. If you sat down and wrote a list of all the systems you’ve upgraded and new software you’ve installed, how long is that list? Don’t be surprised if it’s quite long! There may be numerous new software from “Google Hangouts” to “Square” and “Zoom”, that you have needed to keep your business running in the new world, and sometimes you have likely been picking these up on the fly to keep things moving!
How often do you upgrade systems and install patches? And whose responsibility is that?
Ideally, systems should be updated regularly (whenever the latest upgrade is available) and patches installed on a frequent basis. It’s important to ensure that you are tracking these updates and they are being conducted regularly and that this is a responsibility that your business takes seriously.
Who is responsible for this? Is there a regular program to manage these updates at a time that does not disrupt everyday business? Audits are a useful way to check how updates are being managed, what gaps there are in your current software processes and how these can be managed more effectively.
How many new staff members have joined lately?
With many businesses turning over staff, it’s important to ensure that you have staff training so that employees are aware of what to do in the case of spam, phishing or fraudulent communications. These types of attacks are extremely frequent and can be very convincing to the untrained eye.
Cybercriminals are incredibly sophisticated they are master criminals and run entire businesses aiming to defraud people and steal data. Unless staff are aware of what to look for, it’s likely that they could easily fall for these kinds of tricks. Audits will usually look at what staff training is required, and whether your business is vulnerable to these sorts of attacks.
How many staff have left your business and have you terminated their access properly?
A very common practice is to forget to switch off user accounts and deactivate access when a staff member leaves. With all the careful tracking of handing over any company property and making final payments and hosting leaving parties and so on, user access is often the last thing considered.
While these staff members may never realise or use their old accounts and passwords, not closing off this access leaves businesses open to misuse of these old access points. Your audit will identify if these termination processes are being conducted effectively and whether there are any vulnerabilities.
Contact Our Cybersecurity Team Today!
It’s important to know that a cybersecurity audit is for you and your business’ benefit. It’s not a punishment, you’re not going to receive a lecture on what you haven’t done. Techwell is your friend and coach and will help you ensure that your business is protecting itself and strengthening the systems and precautions that you already have in place. Cybersecurity is our specialisation, and we’re here to help you.
Even if you are a company that prides itself on keeping up to date with the latest regulations and security procedures, an outside opinion can often lead to real insight that you may not have considered. Techwell has the expertise to audit all types of businesses, and having completed a cybersecurity audit will give you real peace of mind in today’s fast-moving environment.