Too many SME’s are falling into the trap of thinking they do not need cybersecurity strategies because of their size and relatively low attractiveness to hackers when compared to larger businesses.
However, Teddington Legal Founder Mark Gardiner agues, SME’s arguably need it more because their owners have more to lose.
“SME’s are very vulnerable because it is often their skin in the game, and they are wrapped up personally in their businesses and its finances. This means when, not if, they are hit by a cybersecurity incident, potentially their whole world can fall apart around them.”
This week some of Australia’s largest brands including Cadbury and possibly Qantas, were hit by a global ransomware attack. According to a recent study by Telstra, cybercrime is on a worrying trend of Australia, doubling in 2016 with more companies detecting security incidents within their organisations.
Gardiner says with changes to the Privacy Act, Australia businesses need to establish mandated breach reporting procedures so that if personal information is disclosed, that breach is notified to the Office of the Australian Information Commissioner.
“It is going to change how we respond to breaches and the value attached to individual privacy, which can result in class actions.”
The starting point for any SME wanting to understand their vulnerability to a cybersecurity threat is understanding first what is personal information.
The Office of the Australian Information Commissioner is interested in any business with more than $3million in turnover which holds sensitive information such as health or political details.
According to Gardiner, there is no industry that is particularly prone to cyber security threats. “Shopping histories, preferences, website searches, most of us are oblivious to the amount of history we have.”
Common failings are at an individual level and include how easy passwords are to break, laptops which are not encrypted when people take them home and individuals inadvertently posting information and content they shouldn’t.
“The worst thing an individual can do is hide something rather than report the breach itself. That said, the best approach is to work with a law firm to not have a problem in the first place.”
Teddington is a metropolitan multi-lingual boutique law firm specialising in the provision of legal solutions and advice to businesses and their owners. It disrupts the traditional law firm model by creating a new business model of inclusion, diversity and efficiency. Teddington uses its knowledge of the law to help build businesses, to connect the commercially minded and the legally precise to develop their ideal business. This approach provides a strong contrast to the individualistic and competitive culture of the traditional law firm.