In 2023, Business SA will be putting the big topics on the mind of business owners under the microscope.

Each month we will focus on specific issues and provide our members with useful content, informative events and practical support that will answer questions and provide direction.

In late 2022, cyber security moved from someone else’s problem to a personal intrusion for many, following two massive data breaches for Medibank and Optus.

What became the largest cyber-attacks on Australian businesses ever informed our focus during the month of February.

Over the past few weeks, we have been talking to our members about what they are doing to avert an attack on their business and providing them with useful tips to mitigate risks.

The wide-scale theft of sensitive customer data from Medibank and Optus impacted millions of Australians and undermined trust in two of our country’s most recognisable consumer brands, leaving many of our members asking the question: could it happen to my business?

If large corporate enterprises can be hacked, then it stands to reason smaller businesses, many with fewer organisational resources and IT capabilities, are also vulnerable to attack.

Given the Australian Cyber Security Centre reports that on average 164 cybercrime reports are made every day – roughly one every 10 minutes – it’s not a matter of if, but when, so business needs to be prepared.

The impact of a cyber-attack on a business can be significant, often resulting in serious legal, financial and reputational consequences. In some cases, cyber-attacks can threaten the very existence of the business.

One of the best frameworks for mitigating cyber threats is the ​Essential Eight, a set of practical guidelines developed by the Australian Cyber Security Centre.

The following eight steps detail actions businesses should take to avoid a cyber-attack:

1. Apply controls for your software applications
2. Patch your software applications
3. Restrict administrative privileges
4. Patch your operating systems
5. Secure your Microsoft Office Macro settings
6. ​‘Harden’ your software applications against exploitation
7. Use multi-factor authentication as standard
8. Make regular backups and store them securely.

In 2023, all businesses – irrespective of size – need to mitigate the risks associated with a cyber-attack and implement measures to secure their digital and information technology assets.

The ​Essential Eight provides a practical framework that business owners can follow to protect their systems and data. By following these guidelines, businesses can reduce their risk of cyber-attacks and protect their sensitive data from falling into the wrong hands.

Read the full detail of the Essential Eight.

The need for vigilance no longer sits solely at an operational level.

Company directors are now paying serious attention to the matter. In fact, cybercrime and data security now rank at the top of issues keeping directors awake at night according to the Australian Institute of Company Directors.

With financial regulators now seeking to hold to account companies who fail to address cyber risks and breaches with the focus and urgency deemed to be appropriate it is now a risk that boards are expected to manage through governance and policy.

The framework of five cybersecurity governance principles that the Australian Cyber Security Centre has developed for company directors can well apply to any business owner or manager looking to build cyber resilience:

• Set clear roles and responsibilities
• Develop, implement and evolve a comprehensive cyber strategy
• Embed cyber security in existing risk management practices
• Promote a culture of cyber resilience
• Plan for a significant cyber security incident.

The rapid digitalisation of business, the evolution in workplace flexibility and work-from-home arrangements have all created additional points of exposure to cyber risk.

If you need help with working through your cyber security plan, contact Business SA on 08 8300 0000.