Hunter business must get proactive about cybersecurity

Hunter business must get proactive about cybersecurity

The Hunter’s small and medium businesses are not immune to the threat of cybersecurity breaches. Arguably they are even more vulnerable due to complacency in believing that “it
won’t happen to me.”

For more aware businesses, the lack of resources and skills to defend against cyber attacks may be the most significant risk. Newcastle and the Hunter region are no strangers to public cyber breaches.

In 2020 Newcastle Grammar School made national headlines when hackers encrypted the school’s IT system and demanded a ransom of over $1M. Despite quick action by the school’s IT staff, their IT got so severely damaged that forensic investigators could not establish where or how the attack began. The school lost access to all its core systems, including student exams which had to be redone. The recovery took months.

The attack on Newcastle Grammar followed another high-profile breach at Newcastle City Council in 2019. An email phishing scam sent out fake invoices directing payments to dodgy
bank accounts. The cost to the city was over $250,000. Today NCC is hyper-vigilant about cyber security.

The price for apathy may be bankruptcy and liability

The Office of the Australian Information Commissioner (OAIC) released its Notifiable Data Breaches Report, which shows some surprising results. Despite growing cyber awareness,
notifiable breaches are up 6 per cent compared to last year. And human error increased by 43 per cent in the previous period to account for a large majority of cyber breaches.

Cyber attacks can be costly for small to medium businesses. According to the ASIC Annual Cyber Threat Report 2021, the average reported loss for SMEs was $42,341. Worryingly it
took the average company 23-50 days to recover from a successful attack, and more than 50 per cent of those businesses failed within months of a breach.

Adding to the burden, Hunter company directors may be liable for a cyber breach. Failure by a company to prevent, mitigate or respond to a cyber incident may result in violations of the
Corporations Act (2001). Failure to comply with notification obligations or repeat offences may attract a fine of $444,000.

What can Hunter Businesses do to increase cyber protection?

Our IT service provider, Nettko would advise that Hunter business must take a proactive approach to build cyber resilience.

An ad hoc approach of using antivirus tools may not be enough. Cyber criminals will exploit human behaviour or employees who work from home and have weak mobile security.

Businesses must treat cybersecurity as a strategic business issue, not an IT afterthought. Aligning your business goals with your IT goals must include cyber security planning, resilience, mitigation and response.

To take the pulse of digital vulnerability, we recommend that businesses quickly test the security of online assets like websites. Last month the Australian Strategic Policy Institute (ASPI) launched .auCheck.com.au, a tool that can assess your website, email or internet connection for vulnerabilities.

However, a better option would be to take a proactive approach with an audit of current cyber vulnerabilities and risks, then develop a cybersecurity plan suited to your business, risk profile and budget.

Nettko is offering readers and subscribers of Hunter Headline a free, no-obligation cyber security assessment to help them become cyber proactive and protect what is most important; their people, customers, data, privacy and livelihood.

Trending Articles

Advertise with us

Affordable and engaging advertising to a business community

Submit an article

Tell your story to the Hunter business community

Does your it business need a little help with its marketing?

Marketing strategies

This website uses cookies
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.