Month: June 2023

The latest cybercrime statistics make for sobering reading, with a 75 per cent rise in ransomware attacks in the 2021/2022 financial year and up to 200,000 vulnerable routers in Australian homes and small businesses.

The Australian Cyber Security Centre’s (ACSC) most recent annual report states medium-sized businesses with between 20 and 199 employees are the most at risk of attack, with the average cost of an attack for a business of this size being $88,407.

While the risk of cyberattack remains high, there any many preventative measures businesses can put in place to reduce the risk of attack and, should one happen, reduce its severity.

1. Make a plan 

Your approach to cyber security should have a clearly articulated strategy that’s regularly revisited. This should guide the actions taken by the business to ensure it adopts the latest cyber risk mitigation techniques. ACSC recommends adopting eight security controls to help prevent attacks. This framework is useful for directing a business’s actions around cyber security. 

The controls include taking away unnecessary network administration privileges from employees who don’t need them and putting in place multi-factor authentication for access the network. These are described in more detail below.

2. Secure the business’ internet connections

Make sure all the points at which the business connects to the public internet, such as remote desktop applications, file sharing software and webmail are secure and not vulnerable to penetration by hackers. It pays to work alongside an experienced IT professional through this step.

3. Safeguard all devices

All the common tools your team uses to connect back to the business such as their laptops, tablets and smart phones also need to be secured to ensure they are not a back door through which criminals can enter a business and exploit its weaknesses.

4. Configure automatic updates for software

The business should be fully protected for viruses and spam through the protections of a suite of leading anti-virus anti-spam (AVAS) software solutions and intrusion detection systems. Make sure any patches and updates are automatically installed so you’re protected from emerging threats.

5. Automate back ups

Like software updates, data should be automatically and regularly backed up offsite to a system of servers not connected to the business. That way, if criminals do infiltrate the system, they cannot access back-ups through it and delete them. This means in the event of an attack, the business can be up and running in no time, having accessed the most recent back-up. These systems should also be regularly tested, well before an attack occurs.

6. Implement multi-factor authentication

It should be nearly impossible for criminals to get into a system if it has the right protocols in place. These can include, but are not limited to, multi-factor authentication and mandatory regular password updates. As a minimum, passwords should include a mix of lettering, numbers, symbols and cases. Passphrases are even better than passwords, as they can be harder to crack yet easier to remember.

7. Audit third parties

Criminals can gain access to your system through external parties such as suppliers if they can access your systems remotely. Regularly audit their cyber security protocols to identify and fix and insecurities through which hackers and scammers could access your business.

8. Train staff quarterly

Cyber security training should be a routine aspect of staff professional development. At least each quarter, train staff about the latest threats and run simulations to identify staff who are at risk of opening phishing emails.

9. Respond immediately to threats 

Make sure to put protocols in place, so in the event of an attack, you can lockdown the system and stop criminals misusing it further.

10. Put in place a cyber insurance policy

Cyber policies can help businesses recover from an attack by paying for associated costs and helping to mitigate the effects.

If you’re a small business owner, a good team is possibly your biggest asset, but it can be tricky to stay abreast of the rules around employing staff. 

These rules changed again recently, following the passing of the Fair Work Legislation Amendment (Secure Jobs, Better Pay) Act 2022.

So, what’s new, and how could it affect your business?

Flexible working

For starters, employees’ right to request flexible work arrangements has been strengthened.

That puts the onus on business owners to try to accommodate them, offer other reasonable alternatives or demonstrate why requests aren’t possible, according to McCabes Lawyers Principal Tim McDonald.

“If there’s no agreement, the employer can be taken to the Fair Work Commission, and it can make a ruling as to whether it’s reasonable for the employer to agree to those requests,” McDonald says.

KEEPING IT QUIET

Requiring employees to keep their remuneration details confidential – a common provision in employment contracts historically – is no longer permissible.

Revised pay secrecy provisions mean it’s now up to the individual employee to decide whether they want to share. 

As well as updating employment policies and contracts to reflect the change, business owners may need to consider how they’ll handle any conflict that may arise should an employee learn they’re being paid less than a co-worker in a similar role.

“That could be an issue in a small business if you’ve got people on different remuneration, and it’s made known to other employees,” McDonald says.

Strengthened sexual discrimination and harassment legislation

While sexual discrimination and harassment in the workplace were already unlawful, employers will now have to take more proactive measures to prevent and eliminate it.

“On a day-to-day basis, it’s going to have to be treated more like occupational health and safety,” McDonald explains. 

“In the same way employers have to think about the health and safety risks that ensue when people are put in certain situations, they’ll have to consider what risk there might be of sexual harassment, on a work trip or at an industry function, for example.” 

fixed-term contract restrictions

Repeatedly employing individuals on fixed-term contracts, in lieu of offering them permanent work has also been outlawed. Under the new provisions, it’s ‘one and done’.

“For some small businesses, taking on a permanent employee can sometimes be a big commitment, and they’ve been more comfortable maintaining fixed term arrangements which don’t carry an ongoing obligation,” McDonald notes. 

“But the government’s view was that it was unfair that employees had no remedy, if successive fixed terms contracts were brought to an end, so those circumstances have been restricted.”

seeking professional advice

The Secure Jobs, Better Pay amendment represents the biggest change to employment law since the introduction of the Fair Work Act, and there’s a lot that business owners need to be across.

Human resources management is one of the most complex aspects of owning a business and the cost of getting it wrong can have monumental financial implications for business owners, notes Jess Gleeson, Strategy and Compliance Manager at HR consultancy Now Actually.

Taking advice can help ensure you don’t inadvertently fall foul of the new provisions. 

“Determining what needs to be done can feel overwhelming, but you don’t need to do it alone – there are professionals who can assist you,” Gleeson says.

cover for employment-related claims

Ensuring you’re compliant with legislation and have appropriate insurance in place will help protect your enterprise. 

Employment practices liability cover can help mitigate the risk of employee claims related to discrimination, unfair dismissal and harassment.