Why you may be more vulnerable to Cyber Attack than you think

Digital adoption is at an all-time high.

In the last year alone, we’ve seen a shift towards digital first operating models. There has been widespread adoption of flexible working arrangements (working from home), and businesses needing to head online to access Government support programs (i.e. Job Keeper, or cash boosts). More sensitive information is sent electronically than ever before:

Internally
Business-2-Government,
Business-2-Business or
Business-2-Consumer

Because change happened so quickly, you may find your own security controls and measures are out of date and may be more vulnerable to cyber threats than you realise. In 2020 alone, cyber-crimes directly affected almost one in three Australians and cost Australian businesses around $29 billion*.

The race to go digital has encouraged cyber-criminals to test the sturdiness of business’ digital entry points. They use a variety of techniques to identify cyber security vulnerabilities. No-one is 100 % safe.

Impact of Cyber-Security Issues

Until recently, cyber-security has been the domain of IT security teams. But in 2021, it must be a company-wide effort to keep your business safe and secure.

According to Australian research*, a new cyber-crime is reported every 10-minutes, with 1 in 3 of those being identify fraud.

*source: Cyber.gov.au /ACSC-Annual-Cyber-Threat-Report-2019-20.pdf

If you do have a cyber-threat the impact will vary. But you can expect:

Your business will be interrupted

you may need to cease trade
your day-to-day operations and productivity will suffer
providing services to your customers may not be possible

To suffer some kind of financial loss

financial transactions may not be recovered
loss of business, employee productivity and stock
insurance premiums may be impacted

Your reputation will take a hit

long-term reputational damage
IP may be lost/shared

The human factor

Often the biggest threat can be within your own business itself. How your employees interact online may unwittingly put your business at risk. Sophisticated phishing attacks that appear legitimate may open the door to cyber-crime. Everyone in your business needs to understand cyber risk is real. There's a need to invest in cyber security training so employees understand the the role they play in protecting your company and information from attack.

Cyber Security Measures

Cyber Security is another layer in your company wide risk management policy. It’s recognition that everyone has a role to play in keeping your business safe and protecting customer information. At SuperChoice, we manage risk by focusing on two main areas. 1. Security Policies (guide how we operate) 2. Security Controls (guide how and what we monitor)

Tips for managing your business risk

It's time to explore what's happening in your business. We've put some DIY tips below to give you a guide, but it would be worthwhile chatting to a security expert and risk manager to understand your true risks.

1.Assess your cyber risk profile a) Identify the Risk The first step is to identify where your business may be at risk.

- Review your business processes to understand where you may be vulnerable. - Develop a cyber plan to fill the gaps and improve your position. - Implement change, b) Manage the risk SuperChoice has documented policies and security procedures in place that guide how we operate and monitor risks. It means we’ve thought through how information gets to us, moves through us, or how it’s shared with other parties. Being a Digital Service Provider (DSP), we follow Australian Government guidelines and protocols, and are ISO 27001 certified for Superannuation and Single Touch Payroll. But it’s not enough to have protocols in place. You need to actively manage and check everyone is adhering to them.

Areas to cover in a risk management include (but not limited to) - standard operating environment (SOE) - email security - identity verification - data transfer - safe websites - spam filters - payment limits - firewalls and anti-virus software You may also want to consider Cyber Insurance policies that can help protect you (and your customers) from financial loss.

2. Know your partner’s approach to security It's a good idea to understand what key partners (who are part of your online eco-system), do, to minimise the cyber-security risk. What security controls do they have in place to minimise any risk to you?

Regularly review partner and provider security policies so you don’t unknowingly put yourself at risk.

We have annual audits, security reviews and supplier reviews on top of regular monitoring and stress tests to make sure our security partners are safe.

If you’d like to know more about SuperChoice security policies get in touch with your account manager. The Gateway Network Governance Body (GNGB) recommends you ask your suppliers and partners how they handle cyber security risks, what they do to keep your information private and to understand their in-built security features.

3. Train your team in Cyber Security and National Privacy Principles With training and support, your team can recognise a threat and will know how they should handle it. It’s important your team understands how they can impact the security of your company, what they need to do to protect your information and how to engage online. Everyone inside SuperChoice completes our Security Awareness Training and has an annual refresher. 4. Manage Passwords and User Access You'd think most people know about how to best set up a password by now, but you’d be surprised how many people use the same passwords over and over again or have a really basic combination such as 1234! It comes as no surprise that these are easily hacked. From a company policy point a view, you can put measures in place to avoid passwords being compromised: - changed every 3 months - can’t re-use the same password - 8-10 character password with varying combinations - use a password generator It’s also a good idea to check in on your user permissions and who has access to what. As a SuperChoice customer you can view and manage this at a custodian level. The most common cyber incidents across the superannuation ecosystem

75% Member data used to commit fraud. 72% Cyber incidents resulting from a third party/related party being compromised. 71% Loss/theft of personally identifiable information, resulting in a privacy breach. 64% System disruptions that affect business operations.

Percentage of survey respondents who advised these incidents occur often and sometimes.

5. Always have a back-up In the event of a cyber-attack you want to make sure you back-up your data and keep a copy offsite. That way, if you are held to ransom, you still have data intact. It’s also sensible to include, what you would do if you had a cyber- attack?, into your business continuation plans and work through potential threats and worst case scenarios so if it does happen you know what to do.

The time to act is now

In the modern digital world, the threat of Cyber Security attacks is a constant. As a DSP we’re on high alert - doing everything we can to prevent a successful cyber-attack. While there is no way of knowing if a cyber-attack may happen to you, it’s a smart business risk management approach to take steps to ensure that you have done what you can to mitigate the likelihood of a successful attack. Risks are evolving, attacks are getting more sophisticated.

Across the digital eco-system that we all operate within, it’s time to recognise that all businesses have a role to play in bolstering our collective cyber security.