OVERSIGHT OR OVERLOOKED? How Secure is Your Personal Information at Work?
An Open Letter to Employers and Employees of Australian SME Businesses.
I fear it's only a matter of time until your sensitive personal information is in the hands of criminals.
I’ve been on the road the last few months talking to heaps of business leaders about cybersecurity, and every time I do, I ask who thinks it’s relevant to their business. Nine out of ten don’t raise their hand. This blows my mind, because according to the Australian bureau of statistics, 20% of SMEs got hit last year alone and experts reckon this year will be worse. We’re not talking hypotheticals; we’re in the danger zone.
He's my biggest bugbear: many SME business leaders think if you’re not storing credit card info, you’re not a target. That’s bullshit. Cybercriminals know you have something way more valuable than customer credit card numbers; the real gold is your employees' personal info. We're talking everything from their medical history to their home address - stuff that can’t just be cancelled and reissued.
Take the Yakult breach in December 2023, for example. What got leaked? Passports, driver's licenses, medical assessments, employment certificates, salary details, and performance reviews. Real people, just like you, had their entire identities thrown out there on the dark web. It’s not an 'if' or a 'maybe' - it happened, and it was a disaster.
I reckon our unique Australian culture is somewhat to blame for our apathy - "She'll be right, mate". Yeah-Nah, she won't! Every breach has consequences from direct loss to customer and supplier sentiment. Then there's legal consequences - especially if your turnover is more than $3 million. If you get hacked, ASIC isn’t just going after your business - they’re coming for the directors personally. Fines, gaol time... it’s all on the table. Oh, and before you say it - ASIC Chair Joe Longo was pretty clear that relying on 'Managed Services' isn't a get-out-of-gaol card. Get hacked - it's on you!
So, what do we do? It’s pretty simple: Assume your company WILL get hacked; then act on that basis. Thomas Knudsen, Chairman of Toll Group (who got ransomed twice in 5 months in 2020), put it fairly succinctly - "it's not a question of if you will be hit by a cyberattack, it's when it will happen to you. And then the question becomes how impactful will it be."
So do yourself a favour -
Business Owners: Stop and really think about the data you have. Saying you’ve got nothing of value is not just naive; it’s dangerously complacent. You’ve got to step up your cybersecurity game now.
Employees: Get in your bosses' ears. Ask them how they’re protecting your information. Make them show you they’re taking it seriously because it’s your identity that’s on the line.
Everyone Reading This: Share this! Get it into the hands of every SME owner and worker you know. We need a full-on grassroots push to turn this ship around.
We can’t afford to sit back and think it won’t happen to us. The numbers don’t lie, and the risks are too high. Let’s get our heads out of the sand and start protecting what matters most.
And if you're looking for no-bullshit, honest advice on how to implement a cost-effective cybersecurity plan that will actually work for your unique business, please reach out. I'm here to help.
