Step 1: People

Having robust processes and up-to-date technology is part of the cyber security puzzle, but there's another crucial piece that shouldn't be underestimated – the human element.

Successful cyber attacks typically involve a business owner or one of their employees being tricked into opening a phishing email, purporting to be from, say, a financial institution. Or being duped into downloading a virus.

It's important to build a culture of cyber security where every employee has a role to play and where cyber vigilance is baked into your way of working.

Raise general awareness

The people in your business – ranging from the most senior partner to the most junior intern – may not be aware of how prevalent cyber crime is and how vulnerable finance industry SMEs are.

So, the first step is to raise awareness. This can be done by:

convening an informal group chat
sending an all-employee email
running a ‘security week’ with fun security games and quizzes
arranging an offsite cyber security training day
making cyber security training part of the induction process for any new hire.

Identify specific threats

Cyber criminals are incredibly enterprising and they’re constantly developing ingenious ways to extract money or data from their victims.

While it’s difficult to educate yourself about all the cyber threats out there – from phishing, smishing and whaling, to ransomware and business email compromise – it pays to stay across current scams to better protect yourself, your business, and your clients.

To help mitigate the risk of falling foul to these types of scams, and potential financial and reputational damage that can result, you can keep up-to-date with the latest cyber scams at the Australian Competition and Consumer Commission (ACCC) Scamwatch website.

Have a communications plan in place and share information about the latest scams via email, articles on your intranet or in regular cyber security catch-ups.

Create a cyber security-conscious culture

While it's impossible to create business processes that allow employees to recognise and deflect every conceivable cyber attack, you can create a 'safety culture' that prioritises cyber security.

What does such a culture look like in practice? It’s one where employees, among other things:

Change their passwords frequently and avoid using public wi-fi networks wherever possible.
Use work equipment rather than unsecured personal devices when working with sensitive data.
Query payment and order requests that seem unusual.
Have a ‘don’t just click on that’ mentality where they are suspicious of emails from unknown senders.
Don’t download software from unconfirmed developers and websites.
See cyber security as their responsibility, not just what the IT team does.

Senior leaders' special responsibility

Senior leaders need to be especially focused on cyber security for two reasons.

The rest of the workforce is only likely to take cyber security seriously if they see those at the ‘pointy end’ of the organisation doing so.

Governments around the world are now looking to reduce cyber crime by strengthening cybersecurity regulation such as imposing cybersecurity governance standards for larger businesses.

It's not hard to imagine accounting firms being held to a similar standard in the near future.

Rather than waiting for that day to arrive, why not be proactive and immediately start educating your firm’s workforce about the very real danger posed by cyber crime?

Stay aware of new threats

Check the Australian Cyber Security Centre website regularly

ACSC website