IMC Queensland Chapter - Forum meeting – 10 June 2021

“Cyber Security Essentials for Small Business & Management Consultants”

Author – Catherine Lee

The Queensland Chapter welcomed members to a networking and development event at the historic Baedeker Cellar Bar in Fortitude Valley on Thursday 10 June. The evening was well attended, both in person and for the online webinar.

Guest Speaker, Tony Barnes (CEO Cyber Partners), gave a fascinating and helpful presentation about Cyber Security for Small Businesses and Management Consultants – How safe is your business? We all went away with a lot to think about!

As our reliance on technology has grown, cyber security has become an increasingly vital consideration for governments, corporations and businesses – as well as private citizens. It is defined as measures to protect critical business systems, software, devices and data communications networks against malicious cyber-attacks. The goal of these measures is to protect data confidentiality, integrity, availability and human safety.

Tony explained that the biggest global cyber-security threat currently involves ransomware, the use of which has reached epidemic proportions. Ransomware is a type of malware that can “infect” an organisation’s digital infrastructure via an email link, free software, drive-by (unintended) download or remote desktop protocol. Once the ransomware is installed, attackers can use it to destroy backups, steal credentials, and threaten to publicly expose victims. Stolen data can be leaked (often to other criminals) and used to threaten customers. Commonly, cybercriminals will demand payment of a ransom to restore data.

It is an issue that is projected to cost organisations globally $20 billion in 2021. While attacks on government organisations and large corporations attract the most media attention, ransomware is a growing threat for small businesses, too – it is estimated that 55% of targeted businesses will end up paying the hackers a ransom.

Given the scale of the problem, it is important that even small businesses have a plan in place to deal with a malware attack. Tony recommends a four-step process to follow:

  1. Respond – undertake your documented Ransomware Triage and Recovery Process (you’ve got one of those, right?)
  2. Recover – After immediate triage, disconnection and isolation (hopefully) of infected systems, go to your backups and restore your data.
  3. Investigate – Do the forensic discovery process to establish the source of the infection and put in place controls to prevent future security failures.
  4. Negotiate – Controversially, you may need to negotiate with the hackers to get encryption keys or to reduce the ransom.

But as with most things in life and business, prevention is better than cure. Tony outlined the four lines of defence to guard against ransomware attacks:

  1. Security software – keep anti-virus and security software up to date and install recommended security patches
  2. Backups – Keep your data backed up in three locations
  3. Data and credential theft prevention – Using tools such as two-factor authentication
  4. Users – It is important to train all staff about their role in preventing cyber-security breaches. There’s free training available at www.cyberpartners.com.au/cyberfi

If you need to improve your business’s cybersecurity but aren’t sure where to start, Tony recommends a Cyber Security Framework designed for small business called Cyber Essentials. It has been produced by the UK Government and is available here at https://www.ncsc.gov.uk/cyberessentials/overview. You can also assess your own risks using Cyber Partners’ Rapid Cyber assessment platform at www.cybefi.com.

Catherine Lee MIMC

IMC Qld Chapter Secretary and Director, Lethbridge Piper & Associates