Image portraying computer code with system protected message

Optus & Medibank Cyber Attacks – A Lesson for Small Business

The recent Optus and Medibank cyberattacks are all over the news, and for good reason, it’s a very serious matter.

Whilst the exact nature of how the compromises occurred is not exactly public, its obvious they have caused significant financial and reputational loss to both organisations.

Medibank alone has seen $1.6 billion wiped off it’s stock value and are expecting $35 million in directly related costs without taking into account compensation and remediation.

The lesson of course is that cyber breaches are costly, very costly.

Small Business Cyber Attacks

We’ve just spoken about cyber attacks on the big end of town, but what about small business?

The news isn’t good, every business is being probed and tested for compromise opportunities.

Every server and computer connected to the internet is a valuable target. Every mail account is an opportunity. In our local area, there are regular accounts of losses in the tens of thousand and those are the ones we hear about!

There are more, too embarrassed to tell anyone they have been compromised and stolen from.

What is at risk from a cyber attack?

  • Your data.
  • Your customer’s data.
  • Your business.
  • Your reputation.

Currently any business with a turnover of $3m per annum must notify the Privacy Commissioner if customer data is exposed.

If they don’t, heavy fines can apply. There are hundreds of Northern Rivers Enterprises that meet this turnover threshold.

The federal government are putting the responsibility firmly on the business to protect customer data. These obligations are outlined in the Privacy Act and we expect the legislation around cyber security to get tighter.

Its time to get informed and budget for cyber-security.

Where are the cyber attacks actually coming from?

Cyber threat actors are located all over the globe. If you are connected to the internet, you are connected to these threats.

Traditionally, regional Australia has been complacent around cybersecurity issues, feeling protected by our physical isolation from city locations and the world stage.

Remember, whilst it takes 2 hours to drive from Byron Bay to Brisbane it takes less than 300 milliseconds for data to travel to London and back.

The digital world is on your doorstep.

How to minimise your risk of cyber attack

So now you understand! The threat is real, constant and you need to take responsibility for it.

These are some simple steps you can take to move forward on protecting your business:

  • Have an I.T. policy, privacy policy and data breach plan.
  • Become aware of potential cyber security threats and talk to staff about it.
  • Implement mail security on all your mail accounts.
  • Ensure all computers and laptops have managed anti-virus & security installed.
  • Enable two factor authentication on all accounts.
  • Consider a managed security device where internet enters your business.
  • Test your mail account vulnerabilities with threat training.
  • Audit your I.T. processes.
  • Identify what private customer data you hold and the impact if it leaks.
  • Review and update software, hardware and operating systems.
  • Implement onsite and cloud backup of all critical servers and PCs
  • Have a documented plan on how to keep operating after a significant breach.
  • Evaluate cyber-security insurance.

Need help?

It’s a daunting but essential step for all small business.

You owe it to yourself, your customers and your business success to elevate cyber-security as a front runner in your core decision making.

Cicom® are helping small business mitigate the threats and navigate the global security environment with a suite of world class security tools.

Call Cicom® 1300 324266 today or drop your contact details in the form here and we will be in touch.

Got questions? We have answers.

Feel free to give us a call or use the form below to get in touch.

Please let us know what's on your mind. Have a question for us? Ask away.
This field is for validation purposes and should be left unchanged.