Management Liability for Not-for-Profit Organisations
Australia has about 60,000 registered not-for-profit organisations, according to the Australian Charities and Not-for-Profits Commission (ACNC).
Two-thirds of Australian small-to-medium-sized enterprises (SME) go out of business after a cyber attack or data breach. That’s according to the latest figures from the Australian Small Business and Family Enterprise Ombudsman.
Often, small business owners think they’re too small to be targeted, but they face the same threats as larger organisations. Six out of 10 targeted attacks zero in on SMEs, says the ombudsman.
Here are four reasons hacker numbers are escalating for this vulnerable cohort of businesses.
Once-off staff training about cyber security is not enough, as these issues continually evolve. According to the Forgetting Curve Theory, it’s normal to forget information that we don’t revise. Spaced repetition to revisit the learning helps it stick, even better if it involves meaningful material.
Aim to pace your employees through refresher training at least once every four to six months. Regular training also helps you identify their knowledge and skills gaps, so be sure to test them so you can continuously improve the content and delivery.
Check this free online learning hub from the Australian Cyber Security Centre (ASCS). The centre also has a useful Small Business Cyber Security Guide. It’s worth the investment of time because human error leads to 95% of cyber security breaches, says the World Economic Forum.
SMEs tend to lean on their IT team – if they have one – to deal with cyber security. However, the ACSC says SMEs face significant barriers to implementing good cyber security practices, including:
For example, a small NSW business that has just a two-person IT team had struggled for over a year to get all staff set up multi-factor authentication for logging onto computers. Thanks to the business owner finally directing staff to do so, everyone has signed up. So, check in with your IT team if they need extra support for cyber security.
Ensure your IT and operations teams work seamlessly together to identify any anomalies on your network. What might begin as a glitch could be overlooked in your IT ticketing system. (Hackers lurk in your system on average for 11 days before detection). Having a dedicated response team across your organisation makes cyber security everyone’s business.
Even if you have robust firewall and high-end security software for your servers and website, hackers may still enter through novel ways. Aim to keep a step ahead by regularly updating your software.
Enabling automatic updates is a useful strategy. However, this may mean disrupting your operations at times, so another way is to schedule updates to happen after hours. Check your software if it allows you to turn on or off update reminders. Impress upon your staff on how to install updates on their devices and remind them.
Consider storing your key files, such as income statements and budget reports, off your server. And be sure to back up your data if it’s connected to a server or not.
The average cyber attack costs an SME $275,000. Does your business have the financial resources to recover from such an attack? The hefty costs include paying experts to advise you on responding to phishing incidents, ransomware, or other cyber threats.
There may also be fines and legal costs to pay for third-date breaches. You will also need a crisis management advisor to help rebuild your business reputation.
A worthwhile safeguard to help protect your business is cyber liability insurance. It gives some peace of mind to you as well as to your suppliers and customers. Your coverage may generally include cover for expenses and restoration costs relating to the following:
Reach out to us to bolster your risk management approach to cyber security, including with appropriate cover.
Article Supplied by OneAffiniti
Photo by Avigator on Unsplash