Ask a mentor – cybersecurity for business
Cybersecurity is the tools and techniques applied to IT data and systems to protect them from breaches and attacks while safeguarding sensitive data and intellectual property. Cybersecurity should be a priority for all business owners.
By prioritising cybersecurity, a business can develop trust amongst customers and partners and grow resilience in an ever-increasing digital business world.
Learn more about cybersecurity for business from our Mentoring for Growth (M4G) mentors:
Watch our cybersecurity for business webinar where M4G mentors provide information, tips and resources to help you understand cybersecurity, its associated risks as well as solutions that can protect you and your business.
Graham Caddies—M4G mentor since 2009
Graham's top 3 tips for cybersecurity
- Understanding what technology and data systems you have now and how critical they are to your business and what the impact would be if they were compromised, failed or were inaccessible.
- Understand what your key legislative obligations are especially in records and personal information (i.e. staff, customers etc.).
- When purchasing and installing technology and digital programs, ask the right questions of the supplier to ensure you are protected under legislation. Get them to provide in writing what they do to ensure their system fulfills legislative requirements and meets your requirements.
The Australian Cyber Security Centre (ACSC) website is a good starting point for gaining information, guidance and templates.
Be very careful of generic advice, systems and templates. It is critical they are customised to reflect your business and its context. Consider formally engaging a reputable and experienced digital/cybersecurity business to work with you in this area.
Connect with Graham on LinkedIn.
John Hale—M4G mentor since 2017
John's top 3 tips for cybersecurity
- Educate your employees about cybersecurity best practices.
- Implement strong password policies that require complex passwords and regular password changes.
- Update software and back-up your data and system software regularly. Rotate backups with a secure off-site location.
Cyber threats are constantly evolving, with attackers finding new ways to exploit vulnerabilities. Businesses must stay informed about the latest trends and techniques to effectively counter these threats.
Rotating offsite backups, ongoing education of staff and hiding the firm's IP Wi-Fi address from the world has always saved the day for my clients.
Keep looking for the weakest link in your security and improve it.
Connect with John on LinkedIn.
Brian Kenny—M4G mentor since 2021
Brian's top 3 tips for cybersecurity
- Download security updates without delay.
- Fully research the downsides of 'chatbots' before you engage with them. Read the small print. Everybody should frequently change their passwords. Every employee needs to understand the basics.
- If you don't understand it, talk to a specialist. Do not be put-off by costs, examine the benefits.
Without good cyber-security, a business leaves themselves open to hacking that can not only cost a lot of money, but it can also cause needless stress in the workplace. There may also be legal implications.
- No sharing of passwords.
- No generic passwords (e.g. Cartherine1234, Maddy1234).
- If in doubt about a link sent via email or text message don't click, ask and discuss with your team first.
Connect with Brian on LinkedIn.
Angie Martin—M4G mentor since 2021
Angie's top 3 tips for cybersecurity
- Keep your hardware and software up to date.
- Use a secure file-sharing solution with your team.
- Don't be lazy with your passwords.
Understanding cybersecurity is crucial for businesses due to the increasingly digital landscape and the potential risks posed by cyber threats. Here is why:
Protection of sensitive data
Businesses handle a vast amount of sensitive data, including customer information, financial records and intellectual property. Failure to secure this data can lead to data breaches, financial loss and reputation damage.
Legal and regulatory compliance
Many industries are subject to strict data protection regulations such as General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS). Failing to comply with these regulations can result in significant fines and legal consequences.
A data breach can severely damage a company's reputation and erode customer trust. Rebuilding trust after a breach can be difficult and expensive.
Cyberattacks can lead to financial losses through theft of funds, business disruption and recovery costs. Additionally, insurance premiums may increase after a cyber incident.
Cyberattacks can disrupt business operations, leading to downtime, loss of productivity and potential revenue loss. Having robust cybersecurity measures in place ensures business continuity.
Supply chain security
Many businesses are interconnected through supply chains. Weaknesses in one company's cybersecurity can expose the entire supply chain to risks.
Intellectual property protection
Companies invest heavily in research and development. Cyberattacks can lead to theft of intellectual property, harming a business's competitive edge.
Employees are often the first line of defence against cyber threats. Proper training and awareness programs can help employees identify and prevent potential security risks.
Innovation and growth
As businesses rely more on digital technologies, understanding cybersecurity becomes essential for innovation and growth. Protecting new technologies and digital initiatives is crucial for sustained success.
The interconnected nature of the modern business world means that cyber threats can come from anywhere. Understanding cybersecurity helps businesses anticipate and mitigate these threats.
Connect with Angie on LinkedIn.
Miranda Mears—M4G mentor since 2023
Miranda's top 3 tips for cybersecurity
- Understand what it is you are protecting.
- Embed cybersecurity into your organisation in the same way you do your workplace health and safety.
- Keep abreast of the threat landscape – there is a common misconception that it's all about hackers sitting in dark rooms.
- Essential eight – Australian Cyber Security Centre
- Small business cyber security – Australian Cyber Security Centre
- Scamwatch – Australian Government
- Office of the Australian Information Commissioner (OAIC)
- Payment Card Industry (PCI) – Data Security Standard
- Defence Industry Security Program – Department of Defence
- ISO standards – ISO/IEC 27001 Information security management systems
- ISO standards – ISO 31000 Risk management
Cyber threats are a real and growing risk for businesses of all sizes. Investing in robust cybersecurity measures is not just a matter of protection; it's a fundamental aspect of responsible business management that safeguards data, operations, reputation and customer trust. Increasingly there will be an emphasis on the government for business owners and directors to demonstrate their fiduciary responsibilities.
Connect with Miranda on LinkedIn.
Mark Metzeling—M4G mentor since 2021
Mark's top 3 tips for cybersecurity
- Have a data breach response plan in place.
- Ensure your employees are all trained to recognise cyber threats and how to deal with them.
- When you are engaging SAAS (software as a service) providers, ensure there are sufficient safeguards in place to hold the SAAS provider accountable for any incidents that affect your business.
It's not a matter of if, but when. So you need to know how to deal with a cyber security incident.
Connect with Mark on LinkedIn.
Paul Russell—M4G mentor since 2021
Paul's top 3 tips for cybersecurity
- Understand your current cyber maturity level – do an assessment.
- Implement anti-virus software and strong security measures to protect sensitive data and digital assets/databases etc.
- Automatically install software updates and patches on all business devices.
A cyber-attack on your business can shut your business down for days or weeks, and in some cases result in closure. Not only can it seriously impact on your business, but it can also have negative impacts on your customers and suppliers.
The Australian Cyber Security Centre (ACSC) reports that the incidence and costs of cyber-attacks on Australian small-to-medium enterprises (SMEs) is on the rise.
A cybercrime was reported every 7 minutes on average in 2021–22.
The average cost of responding to a business email compromise incident was $64,000. The incidence of ransomware is also on the rise (although most SMEs are not required to report such incidents). Ransomware attacks rose by 75% over 2019–20.
150,000 to 200,000 small office/home office routers in Australian homes and small businesses are vulnerable to compromise.
Email phishing, invoice fraud, online banking and online shopping are key vulnerabilities for SMEs.
Ultimately the responsibility stops with the business owner(s) to ensure they are cyber resilient. They need to have a good understanding of their business's current cyber posture (or position) to address any vulnerabilities. Doing a basic cyber assessment (such as on the ACSC website) will be a starting point on the journey.
Apart from implementing strong security measures, do not overlook the importance of engaging and training your employees (and possibly contractors in your supply chain). Depending on your position, it may also be prudent to talk to your insurers about cyber insurance (beware premiums are on the rise).
Connect with Paul on LinkedIn.
- Last reviewed: 15 Sep 2023
- Last updated: 23 Oct 2023