According to the Cost of Cybercrime Study published by Accenture, a leading international professional services company specialising in information technology, 43% of all cyber-attacks are aimed at small businesses, with only 14% of small businesses prepared to defend themselves. Cyber attacks disrupt day-to-day operations and can cause significant damage to IT assets and your business reputation, especially when the sensitive personal data of individuals is stolen. In 2020-2021 the Australian Signals Directorate received one report every eight minutes and reported a total of $33 billion in losses for Australian businesses as a result of cybercrime. Attacks often come from ransomware, where criminals typically lock up the business’s data that they have targeted, demanding payment to unlock it or publicly release the data. A typical example of how these attacks occur is through email phishing, where emails are sent to employees that appear to come from trusted sources. Once opened, the email will ask for the employee’s credentials and malware is then downloaded into the system. Another example of how this occurs is through remote desktop protocols that enable employees to log in to a business’s IT systems remotely. Cybercriminals regularly take over systems when system users ignore password security and integrity. When preparing to defend and protect your business, a solid starting point is:
  1. Consult with your IT provider about solutions to manage and monitor breaches.
  2. In your HR Employee Handbook, have policies to address working at home safely, risk checklists, and a technology policy specifying your expectations for how employees use your information systems. Password requirements, rules around the downloading of data, the introduction of new software on your company devices and reporting of lost and stolen devices are some of the must-haves for your policy.
No business wants to be in the unfortunate position of being required to make a data breach report to the Office of the Australian Information Commissioner. Along with implementing your policy, its requirements should be reinforced through training and educating your employees on how to be responsible for protecting your business’s information systems and what things they should look out for. If you need support to create a technology policy and advice on how best to implement the policy with your employees, please get in touch with us on 1300 287 360 or email