How successful B2B scaleup founders prepare for crisis
In this week’s episode of Platform Diaries, the conversation surrounding cyber security has been ignited in recent years by the COVID-19 pandemic, with Australians facing the harsh reality that their data is not safe. The message is coming from all angles, be it a 60 Minutes episode, or an internal email from an IT team warning employees to not buy their CEO gift cards.
While some may label this as merely fear-mongering, a recent study by Software Advice revealed that 4 out of 10 Aussie businesses (41%) have experienced a ransomware attack. This same study revealed that a quarter (27%) of these businesses have paid between AU$30,001 and $60,000 for the ransom.
“The proliferation of ransomware means that people can sit in their homes and send out attacks. It is easier and done at an industrial scale,” my guest today, Grant Chisnell, explains.
But you might be thinking “what has this got to do with my up-and-coming B2B platform?”. Well, Grant believes that it has everything to do with you and your business.
Grant is a Crisis Exercise Facilitator, author, and podcaster who empowers leaders to manage risk proactively and respond with confidence in a crisis. He is attempting to curb the rampant cyber security attacks occurring to businesses in Australia through his work at Left of Boom.
He stresses that small to medium size enterprises should be seriously thinking about the risk of cyber-attacks.
“One reason you are at risk is that you are a soft target.”
Grant explains that although you may think that as a developing business with few clients, you’re able to fly under the radar of people who commit nefarious acts. However, the opposite is true. As a smaller business, these people are aware that your security is less stringent.
“The second reason is that you’ve got more to lose. Your whole businesses’ reputation is at stake, as well as your whole livelihood if something goes wrong,” Grant tells me.
Grant also mentions that risk and crisis need to be considered so that when you want to expand and get involved with bigger clients, they will be imposing constraints on you.
“This is called third-party risk. What it really means is that no enterprise is an island. The interdependencies that exist between providers means that the threat exists wherever you are in the ecosystem.”
While the conversations surrounding such crises are quite foreboding, Grant does believe a large and important sector of Australian businesses are doing it well.
“Regulated industries, the ones that are above an approximately $3 million, or the ones that are connected to government or critical infrastructure like banks are generally more resilient to this type of threat.”
Grant offers that the industries doing this well focus on cyber prevention loss quite closely.
On the flip side, there are mistakes being made. Grant knows that ignorance by businesses - believing that it won’t happen to them - is one of the key mistakes platform owners can make.
“The second biggest mistake we see is not fronting up when an attack does occur. The last thing you want to do is make a situation worse by not informing the right people to take the right precautions quickly.”
While it can be tempting to use the car-insurance logic of refusing to admit fault, Grant asserts that this is not a great option in the crisis management playbook.
“We have a methodology called the four A’s. These are to acknowledge the situation you are dealing with, apologise to stakeholders if you have done something wrong, assure your stakeholders you are taking the right precautions and finally: act. If you’re making promises and assurances, you need to follow through.”
As the intention of this episode is not to instill fear into all platform owners, but to bring awareness to the potential for cyber attacks, I ask Grant what steps we should all be taking to protect our businesses, clients, data, and platforms.
“The starting point is to think about what means the most to you, and what is really your purpose as an organisation. That really defines what you need to protect and if that is critical data that you're holding on behalf of the client.”
Grant asserts that this simplifies the process as security becomes like “protecting the crown jewels”.
Naturally, the second part is considering the measures to protect said jewels.
Grant directs people searching for information to head to the Australian Cyber Security Centre (ACSC), based within the Australian Signals Directorate (ASD). They have great tips for organisations looking to protect their businesses.
To also quell some of the concerns that may be growing among platform owners, Grant and his team also help people struggling to navigate a crisis. Grant is a believer that prevention is better than a cure, but he and the Left of Boom team have also spent time with businesses when things do go wrong - aka right of boom.
“We’ve worked on something like 12 events in the last three years, ranging from a product recall to outages, to global cyberattacks and then natural disasters. We’re really proud of the fact that we're able to come in during those situations to help organisations really resolve whatever it is they are dealing with.”
Is your platform secure? Or perhaps your current mentality is "it won't happen to me". Putting in place measures to curb the risk of cyber attacks is one way to go from start-up to scale-up, and ensure your hard work isn't taken as ransom.