
I don’t mean to be mean, but are you treating your business security like it is someone else’s problem? Ie “It’s techies stuff. It’s got nothing to do with me.”
Then by being completely unaware run your business in such a way that creates opportunity for your client’s data, your employee’s data and your own data to be compromised which could have devastating consequences for all these people including your business?
Ignorant to the consequences?
Cyber security is one of the biggest threats to Australian SME businesses in 2019, yet so many business owners simply think that because they have their free or Norton or Trend Micro anti virus installed and simply renew their subscription every year, they are covered
Wrong!
Cyber Ignorance through lack of awareness and lack of preparation or even worse…
Putting other people’s most valuable data at risk without understanding the major impact that can have on people’s lives is running a business “Mr Bean” like.
Each time I present to group of accountants, lawyers, real estate agents or architects I see the glazed over looks in the crowd and sometimes the Mr Bean like smirk that demonstrates this all has nothing to do with me as I have an IT guy handling it who has some knowledge but not a specialist in his field.
Even worse when the horror stories are shared there is blank faces that stare back at me and I know whilst they are shocked they believe it could not happen to me.
When a Professional Services based business gets hit with cyber-attack here are the cold hard facts that may make you think twice about becoming more vigilant with your cyber security.
FACT: ACCOUNTANTS ARE COMMITTING BREACHES
“Speaking on the ATO’s Tax Time Cyber Security webinar- get rid of leading” ATO Chief Information Security Officer, Jamie Norton said there were a number of breaches ranging from insider threats to software intrusions that have led to serious consequences for accounting firms.
In one instance last year, a cyber-criminal remotely authenticated to one of the accounting firm’s internet facing servers that was running a remote desktop protocol by forcefully bypassing the accounting username and password as they were weak.
In doing so, the cyber-criminal was able to access client payroll data, change payroll bank details, lodge fraudulent tax return amendments, and access and rollover SMSF account balances to another superannuation account.
“Once the attackers did have access to a very insecure way of providing access to an organisation by using weak usernames and passwords, they were about to create a lot of havoc, do a lot of fraudulent activity and get a lot of money out of the organisations,” said Australian Cyber Security Centre (ACSC) director, Nathan Morelli.
“It really means that everyone is a potential target, that you’ve got to make that assumption in your organisation that your data is invaluable, that you need to protect it and that you should be prepared that an event will happen and who you need to contact , who you need to engage to restore your business in those situations.”
https://www.accountantsdaily.com.au July 24, 2018

FACT: LAWYERS ARE NOT INVESTING IN CYBER SECURITY TRAINING
A third of law firms in Australia are not investing in cybersecurity training.
The insight came from a study conducted by GlobalX and the Australian Legal Practice Management Association (ALPMA). The research also showed that a minority of legal professionals are confident that their firms can tackle a cyber-attack.
“Lawyers and conveyancers host a vast amount of personally identifiable information (PII), which heightens their risk of cyber-attacks in an increasingly digitised world. The research shows 79% of legal professionals are concerned about cybersecurity, but only 21% are confident that their firm can handle a cyber-attack,” said Peter Maloney, GlobalX CEO.
“We see both obsolete and new technology as a major cause of breaches. In 2018 there have been an unprecedented volume of cybersecurity breaches involving a property transaction whereby a consumer has lost the funds to settle a property transaction. Legal firms cannot simply rely on a software vendor; they must wrap their technology investments in advanced proactive and reactive monitoring software and extensive staff training. It is clear that the lack of investment in regular cybersecurity training and slow adoption of modern technology is leaving an open door for cyber criminals,” he said.
https://www.australasianlawyer.com.au 17 November 2018
FACT: REAL ESTATE AGENTS ARE FALLING VICTIM TO EMAIL SCAMS
Consumer Affairs Victoria has advised real estate agencies to ensure their cyber security is up to date, and home buyers to verify any payment instructions, after receiving reports of more than $200,000 in losses from an email scam.
The email scam works by directly hacking the email accounts of real estate agents. Once the agent has sent through a contract of sale and trust account details to a buyer for the payment of their house deposit, the hacker then sends a second email advising the account details were ‘incorrect’.
This email includes details of a false account, which leads to the scammers siphoning the buyer’s funds by getting them to pay to the wrong bank account.
Consumer Affairs Victoria has urged Victorian real estate agencies to consider setting up two-step verification for email accounts and deleting spam messages without opening them.
Director for Consumer Affairs Victoria, Simon Cohen, recommended buyers double-check any emails that include payment details with their real estate agencies over the phone in order to ensure they are valid.
“If you have purchased a home and receive an email from the estate agent with trust account details to make payment, call the agent or visit them in person to verify that the email is legitimate,” Cohen said in a statement.
Similar scams have resulted in big losses in other Australian states over the past year, with two property buyers in South Australia losing close to $1 million last October through an email scam. The scammers impersonated conveyancers and asked clients to deposit funds into the incorrect bank account.
https://www.smartcompany.com.au February 15, 2018
This is but a small drop in the ocean as most cyber-attacks on Professional Services based businesses go unreported.
Don’t be a Mr Bean.
Act now to build your Defence Plan by clicking on one of these links:
Accountants and Lawyers: 2019 Cynosura Cyber Security Summit for Accountants and Lawyers
Book a ticket here for the
“3 Key Strategies to Build your Defence Plan to protect your Practice against Cyber Attack”
https://www.eventbrite.com.au/o/cynosura-17042493175
Architects:
Webinar link to Architect Association recorded webinar
“Top Cyber Crime Challenges putting Architectural Practices at Risk in 2019”
https://www.anymeeting.com/xewlvpgjbdacegw/E958D984864D30
Cheers,
Gary Lowe
IT Security Specialist