Cyber security tips for advice practices

If you have a limited budget for cyber security, it’s important to prioritise both the systems that would have the most impact on your business if they were attacked, and those that are most vulnerable to attack.

As part of this assessment, you can take a look at where and how your data is stored and who has access to it. Get in contact with any vendors you work with, like cloud data storage providers, to get their help completing the assessment as well. Once you have an idea of which systems could be vulnerable, you can develop a strategy to protect this data as best you can, and a response plan for what to do if there is a breach.

Employees are a key vulnerability for businesses when it comes to cyber security, as phishing emails are becoming an increasingly common way for attackers to breach a business’s systems. In April 2023 alone, the Australian Competition and Consumer Commission received almost 7,500 reports of phishing scams which cost consumers more than $2.4 million.³

Consider putting your employees through some basic training on how to recognise phishing emails, which often look like they are coming from someone within your business.

Keeping your regular software up to date is as important as using appropriate anti-virus software, since software companies often add patches to the latest version of their apps to close security vulnerabilities. The easiest way to do this is to set your software and operating systems to auto-update on all staff computers after a set amount of time, rather than having to manually conduct an update.

Passwords are another key vulnerability for a business, as employees can accidentally allow attackers access to servers by leaving work devices open or misplacing them in a public place.

Restricting access to your business’s systems as much as possible can help avoid this kind of mistake. You may want to ensure employee passwords follow strict guidelines – such as no common words and a combination of letters, numbers and special characters – and are backed up by authentication through another device. Another option is to require extra-strong passwords, and give your employees access to a password management system.

Alongside ensuring that employee access to your business’s IT systems is tightly controlled, you may want to consider which applications or permissions your staff really need within your IT structure. Make sure you have ‘administrator’ and ‘employee’ level accounts, with access to the most important data restricted to only crucial people within the business.

You can also look to keep a close eye on employee turnover and terminate access to your systems as soon as an employee leaves the business. WiFi is another way outsiders can gain access to your network, so make sure passwords are changed regularly and remote management is turned off.

Make sure all important files are backed up either offline or in the cloud, so that you will still have access to these if any of your systems are compromised.

Encrypting work devices that contain sensitive information is an easy way to protect your data from attack. This can include devices like laptops, tablets and work phones, as well as anywhere else your business’s data may be stored, such as with your cloud storage provider. Don’t forget to also look at the encryption on your WiFi, to ensure information sent on your network is protected too.

^{1 Latitude data breach to slash cash profit by at least $128 million. Business News Australia, 26 May 2023}

^{2 Media release: Court finds RI Advice failed to adequately manage cyber security risks. ASIC, 5 May 2022}

^{3 Phishing. ACCC ScamWatch, April 2023}

This information is for advisers only.

This information is for advisers only and is general in nature, it does not take into account your objectives, financial situation or needs. Before determining whether to apply for or hold the product(s) you should read the Product Disclosure Statement (PDS) and consider the appropriateness of the product(s) to your circumstances. A copy of the PDS can be obtained from 132 977 or on our website clearview.com.au/pds. If relevant, information about the Target Market Determination(s) for this product(s) is available at clearview.com.au/tmd. ClearView does not make any representation as to the accuracy of any referenced websites or articles, and to the extent permitted by law, does not accept any responsibility or liability for the content.