Cybersecurity is not just a ‘big business’ issue

  • The lack of silos in SMEs provide a perfect foundation for setting the strategy for cybersecurity.
  • Due to resourcing limitations SMEs may be challenged in allocating someone who can convert strategy into practical application.
  • The Australian Government has formulated the ‘essential eight’ cyber mitigation strategies that actively help to prevent the effect of some of the most common cybersecurity incidents.

Computer Internet Security

Cybersecurity risk affects us all, whether we have taken the time to consider it or not, and independent of whether we have had the foresight to develop a plan to deal with it.

Every time we use the myriad devices now embedded in our daily routines, and we set about creating, sharing and relying on the information that is most important to us, we introduce risk. The risk of accidental or deliberate misuse of information, or the risk of misconfiguration or compromise to technology. This risk, in turn, affects our credibility. The credibility of our brand, our information and of the reliability of the service that we are providing.

This is not just the stuff of blockbuster movies designed to invoke fear (although as a cybersecurity enthusiast I am certainly a fan of the Mr Robot TV series and encourage you to take a look). This is an issue that is playing out every day in homes and in businesses all over Australia and not just the big end of town. In fact, it is the small to medium enterprise operators who are potentially most at risk, as even a small mistake like clicking on a link in an email that a staff member thinks is from a colleague but isn’t, can have business ending consequences.

So how can we collectively build cyber resilience into all Australian businesses and level the playing field while trying to bring a considered or proportionate view to that age old equation; cash versus reward. In this article, I explore the key elements of a cybersecurity strategy from an SME perspective, and explore whether establishing a dedicated attempt at cybersecurity risk management is possible without the big teams and big budgets.

This article is exclusive to Governance Institute members and subscribers.

To read the full article…

or Become a member