So far, Australia has experienced several notable cyberattacks, e.g. Optus and the more significant Medicare hack. These incidents have raised concerns about the vulnerability of Australians to cyberattacks. Not surprisingly, the government intends to act. It seems these incidents as showing a need for enhanced customer data security and cyber security measures.
Firstly let us put my qualifications on this up. I have an ISO 27001 Certification,
which now allows me to be a Lead Auditor for computer systems security.
The Probability of Being Affected by a Cyber Attack
Quit high. Most computer systems today have experienced cyber-attacks. These attacks will continue. Want to see some, look in the spam filter of your email address for samples.
Also, most of us have had our personal information compromised due to hacks. I was involved in the Optus data breach recently, a co-worker was hit by the medicare hack.
Overall it is almost certain you will be affected.
Proposed Changes to Australia's Cyber Security Laws
We know that the security of customer information will be one of the main focuses of the proposed changes. Count on more significant penalties and enforcement.
Although the implications of the changes for small and medium-sized businesses have yet to be released, security experts I asked feel that they will likely be based on the Australian Cyber Security Centre's Small Business Cyber Security Guide here.
> Supported windows system. Currently, you need the latest version of Windows 10 or Windows 11.
> That you run updated software applications. This may be a real problem, as many of us run old software versions.
> Update security software. Windows defender is free and quite good.
> Regular backup of your business information. We have a free online backup procedure. Also, it would be best if you were using USB sticks.
> Password security needs to be set up and used. In a breach, you must justify why the person had access to that information. They want access restricted where possible. This is so that employees and others do not accidentally or maliciously get hold of personal customer information.
Now your computer and its POS System can be set to allow security settings based on an employee's role in the business. This approach gives you control over who has access to your information. We suggest you put this in place if it is not.
> Training in cyber security
Cyber security training for your staff is needed. Fortunately, this training takes little time because most people now practice cyber-security practices. Simple procedures, like not clicking on suspicious emails, can be helpful, not divulging passwords and preventing unauthorised individuals from accessing your computers. Once you do it, write it in your diary, so you have a record of what you have done.
I am checking into this now to see if I can find a suitable course for our clients to look into.
Ransomware
This deserves its own section. One proposed change that is raising concern is the government is thinking of prohibiting businesses from paying for ransomware. The idea here is to discourage ransomware attacks by stopping funding criminal activities. It has no chance of working as most ransomware comes from overseas, although it may reduce it somewhat.
If ransomware attacks your business, please advise us ASAP. This is to see what can be done. It must be done immediately as ransomware people will give you only a little time to act.
Be aware that, often, even after paying the ransom, people cannot retrieve their information. That hurts because they have lost their data and now the ransom money too.
Summing up
Everyone will need to pay more attention to computer security now, the proposed changes to cyber security laws make it more urgent. In Australia today, a slap of the wrist by the courts now is a few 100,000 dollars if they like you.