We are often told by Directors that the 'thing' that keeps them up at night is worrying about cyber security. Are they going to be the victim of a hack? How would they handle that? What is their IT system like? 

As we watch the Optus data breach play out, it is a good reminder that businesses should conduct regular health checks for cyber security. 

Below is a list of key things your business can do now.

A cyber security plan will enable a swift response to a cyber breach, such as a ransom, a business email compromise, or payment redirection fraud. If your business was hacked and issued a ransom, would you pay it? At which point would you move from a 'no' to a 'maybe'? 

• Conduct a security risk assessment
• Evaluate your technology
• Create a risk management plan
• Identify and document (electronically and in hardcopy) the escalation tree for the business with names and phone numbers 
• Know who you need to alert and when (if you are classed as Critical Infrastructure you have strict reporting periods) 

If your company had a data breach, what do you do? Who do you call? What investigation do you carry out before you tell your clients or do you tell them first and provide details later? 

• Review of data that is stored
• Develop a security policy
• Identify and document (electronically and in hardcopy) the escalation tree for the business with names and phone numbers
• How can the breach be contained, will external IT assistance be required and who can you call for urgent assistance 
• When will customers be notified? (consider the implications of the Notifiable Data breaches scheme) 

• Conduct regular penetration testing on your computer networks by third parties
• Conduct regular training to remind staff about how to identify, detect and respond to: 
  • a business email that is compromised
  • spam and phishing emails
• Conduct simulated testing