PRESS RELEASE: Protecting yourself against cybercrime

Cybercrime is a growing threat to individuals, businesses and governments around the world. As a financial services firm, we at Capital Partners always take the threat of cybercrime very seriously and encourage people to be rigorous with their security.
In this article we explore the scale of this risk and some of the ways you can protect yourself and your business, and we get some practical advice from a cyber security professional.
The more reliant we become on networked technology, the more exposed we are to the risk of cybercrime. Today, there are over 30 billion internet-connected devices on the planet, each a potential point of attack. Globally, the costs of cybercrime are staggering – projected at $US5.2 trillion over the next five years. The World Economic Forum currently ranks cybersecurity as the sixth most significant worldwide economic risk.
At a personal level, the impact on businesses and individuals can be devastating. So how great is the risk and what can you do to protect yourself?
Who is at risk?
Brian Smith is CEO of Slipstream Cyber, an online security specialist that helps businesses prevent and recover from cyberattacks. He says that almost everyone is at risk of cybercrime.
“Hackers are willing to take money from anyone, even if they’re not particularly likely targets – from physiotherapy practices, to not-for-profits,” Smith says.
Wealthy individuals and finance-related businesses are particularly at risk: “If you’re an individual or a business involved with shifting money around, or you’re holding a lot of sensitive data, then there is a particular risk.”
These attacks tend to move in waves, expanding rapidly through groups of interconnected people and businesses. “Last year, we responded to a particularly advanced malware-based attack,” says Smith. “The virus initially moved through the Victorian hospital network and found its way into local government, then targeted smaller businesses.”
How cyberattacks occur
Smith cautions that attackers often watch their targets for lengthy periods to identify their points of weakness before they strike. This means that people with a public profile or who are associated with a high profile organisation may be exposed to greater risk. “They’re very good at doing reconnaissance,” Smith says. “For example, they can estimate someone’s capacity and inclination to pay a ransom.”
A ransomware attack will encrypt an organisation’s or individual’s files, in order to demand a ransom for their release. Hackers may also break into an organisation’s email system to understand their transactions. This enables them to either issue invoices with false account information, or pretend to be a supplier to redirect payments.
“Once hackers get into the system to steal funds, they can be reputationally quite damaging as well as financially,” says Smith. “They can destroy relationships.”
Another common type of breach is data theft, where hackers scrape out information from emails and contact lists – often to launch further attacks against other people.
Smith warns that hackers often combine different types of attacks.
“Sometimes they start out with data theft, move into a fraud phase, and then perpetrate a ransomware attack. It’s also common for an attacker to breach an organisation to sell their data on the dark web, so that different threat actors will attack the same victim.”
The impact of cybercrime
The most immediate impact of a cyberattack tends to be the loss of private information, which may result in identity theft. For the business or individual that has been targeted, there is also likely to be a financial fallout, with funds being stolen, re-directed to hackers, or used to pay off a ransom.
According to a recent report, the average cost of cybercrime to a business in Australia is around $276,000. But depending on the nature of the intrusion, the impact can be far greater.
“We’ve worked on several cases where our clients lost in excess of a million dollars through misdirected transactions or extortion,” says Smith. “For small businesses, this kind of scale can be truly devastating.”
As well as direct financial impacts, cybercrime also causes immense disruption to individuals and businesses, as well as ongoing emotional distress. “The inconvenience and suffering cannot be underestimated,” Smith says. “You can have a lot of complicated decisions to make very quickly. So there are monetary impacts, but it can also be very time consuming and psychologically quite harmful.”
What to look out for
In addition to being vigilant about your own interactions with the digital world, you should also demand good practices from the companies you deal with. Smith recommends asking service providers some searching questions to determine how seriously they take cyber security, especially if they handle or invest funds on your behalf:
• What is your privacy policy? As a starting point, an organisation’s privacy policy can reveal a great deal about their attitude towards cybersecurity. “You can tell the difference between a well-considered privacy policy and one that’s hastily put together or non-existent,” Smith says.
• How do you secure your business and client information? The policy documents should describe in detail how they secure data and who is responsible. “Look for words like encryption, multifactor authentication, password management, backups, and monitoring,” says Smith.
• Have you tested the security of your applications? A penetration test mimics the way a hacker might break into an application, such as financial planning or accounting software. “Anything handling financial or health information should be subjected to regular penetration testing,” Smith says.

7 cybersecurity tips for business owners
If you’re the owner of a small business, cyber security should be a top priority. Here are 7 steps Smith suggests for keeping your business safe.
1. Make someone accountable. “It should be everyone’s responsibility, but one person needs to be given the mandate to become knowledgeable about cybersecurity.”
2. Use the available resources. “The Australian government has a program where businesses can go to briefings about the latest threats and connect to resources.”
3. Draw up a budget. “A reasonable investment is somewhere between 10 to 20% of your total IT spend – depending on your risk profile, the threat and consequences of breach.”
4. Develop an action plan. “Start to have some policies and procedures to underpin that commitment – and translate into expectations about the right sort of conduct.”
5. Call in the experts. “Engage a professional managed service provider who is specialised in delivering security – and bring in technical people to get the right technology in place.”
6. Create a response plan. “Plan incident response coordination – including stakeholder identification and engagement, clear communication and delegated responsibilities.”
7. Get cyber insurance cover. “The difference between a business failing or not failing as a result of a cyberattack comes down to whether they had insurance or not.”

At Capital Partners we are constantly looking to strengthen our cyber security, stay vigilant and protect our client’s important information. For us, this task is made much easier when those people we are working with are also vigilant in protecting themselves. We highly recommend speaking to an expert if you are unsure of your business or personal security.