I know you are really busy and don't have time for this right now. I know it seems like almost daily you're getting bombarded with things you must know or things you must do. I too have felt the same way. Being a business owner or business manager, your responsibilities are endless and sometimes you feel like putting your head in the sand or quitting.
You’re either busy with your family duties, practicing your profession, finding more client work from existing clients, finding new clients or trying to find good employees to help you get the client work done.
I also know you want to “trust” your existing supplier has your back and wouldn’t allow you to make these sorts of mistakes.
As the recent high profile cyber-attacks of last month have shown us however, we are all prone to mistakes. As I’ve previously wrote and spoke about, I too made one that started me on my journey.
Going back to the high-profile cyber-attacks that have affected Uber and now Australian telecommunications company, Optus, when you look at the detail behind them, both in essence were caused by a human being making a mistake and that mistake was not found in any of their vulnerability assessments, risk reviews or penetration tests.
In the Optus case, it has led to mass public outrage about how they let it happen. It has also put them at risk of a class action lawsuit. Further the CEO of the company has had one hell of a time trying to explain to the media why this has happened.
I can imagine the entire board and C-Suite at Optus is facing extreme amounts of stress and anxiety currently. As I also wrote about in another article, this was one of the most surprising things another CEO said after experiencing a ransomware attack in February 2022. Naturally, their IT and cyber team as well as their legal counsel would also be facing similar stress and anxiety.
Now of the two attacks the Uber one was much more sophisticated. However once the attacker got inside their system, they were able to discover the “keys to the kingdom” very easily, which gave them access to a password database with all their other system “god mode” passwords. This gave them access to a bunch of systems that in essence allowed unrestricted access to Uber.
While I’m not a cyber insurance specialist, I’d say there is a good chance for both companies, based on what I know about the incidents, neither will be covered by their cyber liability insurance policies, or may only be partially covered.
Now I know you’re not a large publicly traded company, you’re a small to medium professional services firm equity principal, partner, director or practice manager.
So, what lessons are there in all of this for you?
- All of us humans are fallible to make mistakes, as one of my mentors likes to say “We’re all flawsome”. Some mistakes obviously, are greater and have more impact on you, your reputation, your family’s livelihood, than others.
- Conduct a tabletop exercises as to what would happen should you suffer a cyber attack and how you will communicate that to your clients and the press.
- Inspect what you expect. Don’t just abdicate things to your current supplier and “hope” they know what they are doing.
- No matter how much you “trust” your current IT services or IT support supplier you need to a get an independent third-party risk assessment done of your systems and your firm, ASAP.
- Have a better understanding of your cyber liability insurance policy wordings and fully understand what is covered and what would lead to a claim being denied.
- Invest in your firm with the right cyber security protections and services to prevent or mitigate the risk of you suffering reputation damage or damage to your family's livelihood.
Would it be inconsiderate of me to ask when does it become irresponsible to not invest in your team with the right training and the right services to protect your reputation and family’s livelihood?
Want help preventing reputation damage, protecting your family’s livelihood and ensuring you don’t fall victim to scams, phishing emails or cyber-attack? Click here www.myinfotechpartner.com.au/initialconsult/ or give us a call on 08 6244 2556 to schedule a quick initial consultation call today.
My Info Tech Partner is a trusted IT Services and IT Support provider in Perth that specialises in protecting reputations and family’s livelihoods with advanced cyber security services for legal, accounting and financial services firms and is the only one that offers a “Never Pay the Ransom” $10,000 Guarantee.