To print this article, all you need is to be registered or login on Mondaq.com.
Essential steps to protect against cybersecurity risks
and avoid financial distress.
A successful cybercrime attack can cause major damage to your
business, affecting your bottom line, as well as your business’
standing and consumer trust. The Department of Infrastructure,
Transport, Regional Development, Communications and the Arts has
reported on the cost of cybercrime to Australia, identifying that
33% of businesses experience a cybercrime, 60% of all targeted
attacks are on small and medium businesses and the average cost of
a cybercrime attack to a business is over $275,000. According to
the Australian Small Business and Family Enterprise Ombudsman over
60% of SME businesses don’t survive a cybercrime attack or data
breach. Consequently, it is imperative for company directors to
prioritise cybersecurity measures to protect their organisations
from these risks.
Company directors need to take ownership of cyber strategy and
ensure that policies and systems are implemented and reviewed on a
periodic basis to assess progress against success measures and in
response to cyber threats. Businesses are encouraged to implement
mitigation strategies to help protect themselves against various
cyber threats using protocols developed by the Australian Cyber
Security Centre called the Essential Eight. This article summarises
what businesses can do to fortify their defences and mitigate the
threat of cyber-attacks, ultimately safeguarding their financial
stability and avoiding insolvency.
Conduct a comprehensive cyber risk assessment:
Begin by assessing your business’s current cyber security
posture to identify potential vulnerabilities, analyse existing
security measures, and evaluate the financial, reputational, and
legal impact of a breach on your company’s health. This
assessment will serve as the foundation for developing an effective
cyber security strategy.
Develop a robust cybersecurity policy: Craft a
comprehensive cyber security policy tailored to your business
needs. This policy should establish guidelines for secure employee
behaviour, data handling protocols, incident response plans and
regular security awareness training. Ensure that the policy is
communicated to all employees and regularly reviewed and updated as
technology and threats evolve.
Implement strong access controls: Enforce
strict access controls to limit employee and external user
privileges and restrict administrative privileges. Employ a
principle of least privilege, granting access only to necessary
resources. Restrictions should be enforced on Microsoft Office
macros unless they have a specific business requirement, and if
Microsoft Office macros are required, they should be restricted to
only the specific applications required. Use multifactor
authentication for critical systems and regularly review and revoke
access for employees who leave the company.
Keep software and systems updated: Implement
operating system hardening to secure the system by removing or
disabling applications, user accounts and unnecessary features that
cyber attackers can infiltrate to gain access. Regularly update all
software, operating systems, and firmware to address
vulnerabilities and protect against known exploits. Enable
automatic updates whenever possible and maintain a rigorous patch
application operating system management process to mitigate the
risk of cyber-attacks leveraging outdated software.
Employ secure data backup procedures and recovery
systems: Implement regular data backups and store them
securely offline or in the cloud. Test data restoration processes
periodically to ensure backups are reliable and up to date. This
measure ensures business continuity in the event of a breach,
preventing critical data loss and reducing the impact on
operations.
Deploy firewalls and intrusion detection
systems: Install firewalls and intrusion detection systems
to monitor and filter incoming and outgoing network traffic.
Regularly review and update firewall configurations to reflect the
changing cyber threat landscape. Develop a robust application
control executing on your systems to provide a security approach to
protect against malicious code (known as malware). Intrusion
detection systems can provide real-time alerts of potential
security breaches, enabling swift response and cyber risk
mitigation.
Encrypt sensitive data: Implement encryption
mechanisms to protect sensitive data. Encryption ensures that even
if data is intercepted, it remains unreadable and unusable. This is
particularly crucial for important confidential client and personal
information and financial data.
Establish incident response and business continuity
plans: Develop and test incident response and business
continuity plan to effectively handle security breaches and
cyber-attacks. These plans should include steps for isolating
compromised systems, notifying stakeholders, engaging legal
counsel, and resuming normal business operations as quickly as
possible.
Regularly monitor and audit systems: Implement
continuous monitoring and regular security audits to detect and
address vulnerabilities promptly. Utilise automated security tools,
log analysis, and intrusion detection systems to proactively
identify threats and mitigate risks before they can cause
significant harm.
Foster a culture of cybersecurity awareness:
Educate and empower employees to recognise and respond to cyber
threats effectively. Conduct regular cybersecurity training
sessions to raise awareness about common attack vectors, phishing
scams and social engineering tactics. Encourage employees to report
suspicious activity promptly and promote a proactive security
culture.
The evolving cyber threat landscape demands proactive measures
from company directors to protect their businesses. By implementing
these crucial steps, organisations can bolster their defences,
reduce the risk of cybercrime attacks, safeguard their financial
stability, and avoid the perils of insolvency.
Contact us if you need assistance or advice in relation to your
cybersecurity risk assessments or policies. Cathro & Partners
are experts in providing compliance and advisory services that help
to create and to preserve business value. Cathro & Partners is
a boutique firm specialising in restructuring, turnaround,
insolvency, safe harbour, secured enforcement services and
pre-lending services.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.