At this month’s Chamber Breakfast we had Paul De Araujo from NBN Australia present on Cyber Security.

A common misconception is that a cyberattack will never happen to your business because you are new or too small to be targeted, but that is untrue. Smaller businesses are more prone to data breaches and cyberattacks because there is a shortage of experienced professionals, smaller budgets, limited security awareness, old security measures, and failure in securing endpoints. 

We were lucky to hear from Paul De Araujo from nbn about the real threat of cyber security breaches and the impact of data ransoming on any size business, as well as how important it is for Australia’s national security, innovation, and prosperity that we keep our information safe, working as a nation to secure our networks and systems.

Paul joined nbn during COVID-19 in 2020 delivering security influence programs to protect nbn’s people and assets from personnel, physical and cyber security threats.

Prior to nbn, Paul served in local and international Corporate and Government roles in the IT industry for over 30 years, with experience in sales, marcomms, corporate social responsibility, compliance, and cyber safety/security roles. For over 19 years, Paul carved his career with Microsoft Australia and abroad.

Paul’s passion for keeping citizens safe in the digital world began as a founding member of the ThinkUKnow online safety and security program. In 2017, Paul joined the eSafety Commissioner in marketing and stakeholder capacity driving awareness of the office and its services to Citizens and delivering the annual Safer Internet Day campaign.

Questions to ask yourself:

  • Is your IT provider thinking about security for you?
  • Who is responsible for security culture in your organisation?
  • How business ready is your organisation to meet the risks Vs your own personal knowledge?
  • How educated are you about the risks and the level of risk tolerance within your organisation?
  • Do you have a list of people to call for assistance if and when something goes wrong?
  • Have you practiced what you would you do in the event of ransomware infection and demand?
  • Do you have a culture where its ok to question things that look suspicious, even when they appear to be from leaders? Create the right environment where junior staff are encouraged to verify and not fear being disparaged for being safe.
  • Do your 3rd party suppliers have a back door or portal to your systems? Are they secure? It is estimated that20% of cyber breaches occur due to a vulnerability in a third-party.

 Questions to ask your IT provider if you have outsourced your ITC

  • What IT are they using to secure your systems?
  • Are they keeping your systems up to date with patches? It’s not a do once job
  • Are they updating AV vigilantly? Also not a do once job
  • How they will they notify you in the event of a breach?
  • How will they handle a security incident?
  • What’s your plan for business continuity – Do you have backups in place? and a way to switch to manual processes?
  • Are they training your staff and securing your remote workers?
    • Printing at home
    • Conversations overheard by neighbours
    • BYPOD devices and unapproved could services
  • Are they considering vulnerabilities of IOT – from CCTV cameras to robots
  • Are they recommending MFA across the board? It increases the difficulty for cyber criminals to access your systems, especially with login credentials. 
  • How are they protecting your IP – What price do you put on it?
  • Should you be considering Cyber Insurance?
  • Should you pay a ransom?