Cyber security protections should be the number one priority for legal, accounting or financial services firms in Perth. With ransomware, hacks, attacks, vulnerabilities and data theft affecting professional services firms and businesses all around the world on a daily basis, it’s just a matter of time before your legal, accounting or financial services practice is hit. My Info Tech Partner's goal is to provide you with the best cyber security protection possible, while also keeping your unique needs and budget in mind.

Hacks & Attacks

These days, hackers, attackers, nation state actors and even automated web bots are all trying to gain access to your network and ultimately access your private client or customer and practice information. When successful, the attackers can lock down your data or worse they can release your client or customer information to the world.

With the sheer number of security threats faced by firms, it is important to evaluate the vulnerabilities that may affect your legal, accounting or financial services firm. Lost revenues due to downtime or large fines due to data breaches may not be an option and could affect the overall health of the organisation, potentially ending in bankruptcy for the firms equity principals, partners or directors and lost jobs for the firms employees.

Stats show that 60 percent of small businesses that suffer a cyber attack, are out of business within 6 months of the attack. According to Deloitte, 90 percent of costs from a cyber attack occurring beneath the surface, and it takes up to 5 years after the attack to fully recover, naturally, it’s easy to see how this happens.

Further with the IBM and Ponemon Institute Cost of Data Breach study in 2020, the average cost of a cyber attack is US $1,520,000. In a real world example that we are aware of, an organisation suffered a ransomware attack that found all the copies of their backups and deleted them. This organisation was then forced to pay a ransom, of US $250,000, just to get their data back. Obviously, and it goes without saying, this was just the start of the costs to the organisation. Once they were operational again, they calculated the business they lost due to the ransomware attack, was over US $4,400,000 in sales.

I think we can all agree, that’s a lot of money, isn’t it. Would it be inconsiderate to ask, do you think your firm could survive that kind of loss?

Internal Threats

Not only is it necessary to protect your firm from outside threats but internal threats can also be a huge vulnerability. Part of a thorough cyber security plan is ensuring that employees are using best practices and are educated on their role in keeping themselves, the firm and its clients safe.

Compliance

If you store customer data, private information, or take credit cards, cyber security is no longer an option, but instead is a necessity. Not to mention the Australian Privacy Act, Notifiable Data Breach Scheme amendments or any other regulations, you need a team that understands these requirements and a team that can provide the pieces necessary to keep you compliant.

How Can We Help?

Protecting your reputation, livelihood, information and your client or customers’ data is My Info Tech Partner's specialty.

  • Evaluate and Assess - We can evaluate and assess your current practice or firm environment for it’s overall security health.
  • Connect and Review - We work one-on-one with your team to ensure your cyber security goals are achieved at a reasonable budget given your firm’s risk level the damage that can be caused.
  • Implement and Protect - Implement a complete ongoing cyber security plan to provide a comprehensive cyber security solution that will protect your interests and ensure your cyber liability insurance will pay out in a claim.

Why Should You Work With Us?

  • We aren’t afraid to put our money where our mouth is and offer our “Never Pay The Ransom” guarantee which you can read more about on our homepage.
  • We practice what we preach by investing into protecting our own business from cyber attack. The benefit to you is, it’s highly unlikely we will be the cause of a cyber attack that affects your reputation, livelihood and professional services firm.
  • We will have straight up, tough, honest conversations with you when we believe you’re acting against your best interests.
  • We believe in investing in quality products and services that have a great reputation and deliver results.
  • We have a proven track record when it comes to mitigating or preventing cyber attacks and aren’t afraid to admit our mistakes when they happen.
  • We have heavily experienced team members, who know what it feels like to suffer a cyber attack, backed up with industry certifications such as the Certified Information Systems Security Professional (CISSP) from ISC2.
  • We only use suppliers or vendors who we can rely on to get the job done right.
  • We meet with you regularly to check in with how your firm is going and apprise of you changes in the industry, the rapidly evolving cyber security threat landscape, that you need to be aware of, and what we are doing to solve it.
  • We have access to a network of resources such as the Australian Cyber Security Centre (ACSC) Joint Cyber Security Centre (JCSC) network, run by the Australian government, to help out when something is outside our direct expertise.

The benefit to you of all this is

  • Your reputation and livelihood are protected.
  • Which allows you to focus on practicing your profession, serving your clients and growing your professional services firm.
  • Naturally, and it goes without saying, all of this leaves you to sleep better at night.

Our company is the leader in cyber security services. Call us today on 08 6244 2556, for your initial consultation, to start your journey towards a more prosperous future.

Frequently Asked Questions

My existing IT company or team handles our cyber security, so why do I need your services?

We find that cyber security is changing very fast, too fast for any one company or team to keep up with. We work with a network of providers that help us ensure we are staying abreast of the changes happening globally and deliver services that protect you.

Most IT companies are not specialists in this area, so their advice has to be taken with a grain of salt. Think of our assessment process as like a doctor giving a second opinion on another doctor’s recommendation. If you had a major health concern, would you just rely on the advice of one doctor or would you get a second opinion from a specialist in their field?

What about if you had a legal or accounting matter that required specialist knowledge and experience for your client?

Can you help me with the ASD Essential 8, ISO 2700X or other cyber security guidelines or standards?

Yes we can.

However, our goal is not just to meet a certain maturity level of a guideline or “standard”.

We look to exceed the guidelines as our experience has shown us, this is the best way to help prevent you from suffering the serious time and financial losses caused by a cyber-attack.

As an example, the ASD Essential 8 maturity levels are the bare minimum you must have in place.

Would you advise one of your clients to do the bare minimum to avoid legal action or avoid an audit from the Australian Tax Office that then costs them a lot of lost time, money, and stress?

As the equity principal, partner or director, do I have to be involved in the meetings or diagnostic assessment?

Yes. The primary reason you need to be involved is that we ask a lot of business questions that your team may not know the answer to. Further, when a cyber attack or security incident occurs, ultimately you are responsible. This is not something you can just hand off to your practice manager or IT manager. I’m not saying they should not be involved, they absolutely should. This is not something you can abdicate; you must be involved fully in the process.

Just as you would be if you were meeting with your accountant to review your firm’s financial position or conduct tax planning or your financial planner with regards to your personal financial position.

We have cyber liability insurance, why can’t I just rely on this?

Does your insurance provider cover reputational damage in their policy? This is one of the major exclusions all insurance providers have. It means they won’t pay for your damaged reputation with your clients. This is one of the most expensive costs from a cyber attack that often is catastrophic to the firm or business.

Naturally, just because you have the insurance doesn’t mean you actually want to go through the experience of using it. Think of it like your private health cover. I’m sure you’re not taking unnecessary risks with your health, right? Just because you have private health cover doesn’t mean you want to go through the experience of open-heart surgery, right?

We haven’t been hacked yet, so why should I do anything?

It sounds like you’ve been really lucky.

We’ve seen a huge uptick in hacking over the last few years. Naturally, the Australia Cyber Security Centre have released an alert, that is now up to version 10, in the past month warning of the escalating dangers from the situation in Eastern Europe, specifically around ransomware.

Ransomware gangs have had a lot of success recently and they are continuing their efforts while the going is good.

We are a small firm, aren’t we too small to be hacked?

One of the disservices the media does for organisations like yours and mine is they only report the stories of big companies, universities or government departments being breached.

Small firms and small businesses are hacked all the time, and this never makes the news. Naturally, and it goes without saying, most small to medium firms and small businesses are very embarrassed and don’t want to talk publicly about their experiences.

Just recently I was talking with a family member of a business owner in Perth who mentioned they were hacked, and it cost them $150,000 in recovery costs and lost business. They also mentioned that it would be better if people were not so embarrassed and prepared to share their experiences.

Most of our “stuff” is in the cloud. Do I need to worry about doing an assessment or engaging your services?

Yes, cloud applications are just as insecure as those installed in your office. Your cloud provider is generally responsible for keeping their cloud infrastructure secure. Review your terms of service with regards to the data itself and who is responsible for its integrity and confidentiality.

In fact, because you have more control over the security of your office, they may be less secure. Further, the end DEVICES connected to your cloud applications must be scanned for vulnerabilities and kept secure. If a hacker gets to your computer, they will have access to your cloud data.

What’s worse is they may be able to use your access to extort money from your clients or perform fraudulent transactions.

How come we can’t just pay the ransom when we have a ransomware incident?

Did you know that when you pay the ransom, there is only an 80% chance you will get your data back. Imagine paying someone $100,000 to $200,000 and only having an 80% chance they will do what they say. Obviously, after you pay, they often come back and ask for more money.

Further, the average ransom demanded in 2021 is US $850,000. So, do you have that amount of spare cash available to pay the ransom?

Naturally, once you pay the ransom, you end up on a hit list because they know you will pay. This means if you then don’t act to rapidly implement advanced security measures immediately, you will be targeted again, and could be re-infected in days or weeks.

Further, with the proposed ransomware reporting obligations the Department of Home Affairs is looking to introduce, any business that turns over $10,000,000 in annual revenue or more will have to report that you’ve paid a ransom and will have to report the material facts around the incident. The current language around this is very open to interpretation and if you don’t report you may face fines or sanctions.

We have backups, why can’t we just restore from backup in a ransomware incident?

Backups are one of the first things the ransomware gangs look for once they get inside your system. In a case we worked a couple of years ago they hunted out both the primary and secondary copy of the backups. So if your backups and your systems are not properly secured, you’ll be up the proverbial “creek” without the paddle.

Obviously, the ransomware gangs realised people were just restoring from backup as well to avoid paying the ransom, so they changed their tactics. They will now ensure they take a copy of all your data and threaten to or start contacting your clients, customer or the press to shame you into paying the ransom.

Why can’t I just have you deploy one off project e.g. implement firewall or antivirus software?

While we can do one off projects, it has been our experience, they don’t provide you enough value. Also firewalls today need regular monitoring, maintenance and updating, so its better there are ongoing services in place that allow for this in one fixed monthly amount, rather than the maintenance not getting done at all or very sporadically.

Why do I need to deploy layers of cyber security services?

Think of it like the defensive security layers in a castle. These are all designed to protect the inhabitants of the building from armies attacking. Each defensive layer is designed to provide protection, however if it fails, for whatever reason, there are many more behind it, to ensure you don’t fall victim.

Why do you need to monitor our entire systems 24x7x365?

Hackers and cybercriminals are known for attacking during weekends, public holidays and even in the early hours of the morning when they know its less likely someone is watching. Without 24x7x365 security monitoring and response, it’s almost impossible to detect their activity. Naturally, the quicker you can detect their activity in your system, the quicker you and us can respond and take action to remove them before they cause you catastrophic consequences to your reputation, you and your family’s livelihood.

Why do you need to do a diagnostic assessment of my systems before you provide me recommendations?

Just like a doctor isn’t going to give you their advice before being sure exactly what your problem is, likely sending you for a blood test or X-Ray and whether their prescribed fix will actually help, neither can we. We might overestimate your needs or underestimate them, and then we look foolish and you’re not happy.

We always run a diagnostic assessment, so we understand the true state of your systems and combine this with our proprietary approach to truly understand your needs before making any recommendations.

I KNOW things are screwed up and I’m embarrassed to have someone review us. Is this truly confidential?

Let us assure you that no one gets a “perfect” score, and everyone we’ve done an assessment on has uncovered problems, security shortfalls and a host of things that need to be addressed. Let me personally assure you that WE WILL NEVER BLAME YOU OR MAKE YOU FEEL EMBARRASSED. It’s absolutely NOT your fault that cybercriminals have become as sophisticated and aggressive as they have been. You shouldn’t have to do this – but the reality is if you don’t, you will get compromised. At that point, employees, clients, competitors and the federal government will be on the warpath to blame you. By doing this assessment and then addressing any security issues found, you are demonstrating a “good faith” effort in attempting to protect their data.

Further, if you are trusting an outsourced IT company, you shouldn’t feel bad or embarrassed to have their work checked. Fresh eyes always see things they cannot for being too close. And finally, everything we discover and discuss is completely confidential.

Our goal is to protect hardworking professional services firm practice managers, principals, partners and directors like you from the cyberscum robbing unsuspecting businesses blind or severely crippling or harming them and their livelihoods.

I don’t have a server in my office; is an assessment still worth doing?

ABSOLUTELY! In fact, organisations without a server are at a higher risk of becoming a victim of a cyber-attack, particularly if the phones, laptops and tablets are used by remote employees who might also use those devices for personal use.

Should I have my current IT person/company involved? What if I DON’T want them to know you’re doing this?

It’s entirely up to you whether or not we work with your current IT person or company. We are here to work for YOU and sit on YOUR side of the desk, so we can work with them or keep this process confidential.

However, keep in mind that some IT companies (outsourced) or people (employees) may feel threatened and retaliate. They might try to cover up their mistakes or do things to prevent the assessment from being completed, such as refusing to give you your network password, refusing to complete the surveys or falsifying information (saying they have it covered, invalidating the reports, etc.).

To that end, if you DO want us to work with them, we need your full support and the ability to alert you to anything that is blocking us or preventing us from honestly and candidly conducting the assessment. Again, we are sitting on your side of the desk to shine a spotlight on where you’re being underserved, or where you are exposed to threats that can have a significant, negative impact on you and your firm.

Most people want us to conduct this assessment without their IT person or company knowing. In some cases, they are outsourcing their support and are not happy with the service they are getting and feel there are things NOT being done that should be done. In that case, we can conduct this completely under the radar.