SPEAK TO US TODAY 03 9069 2188 03 9069 2188

Category Archives: Essential Eight

Cybersecurity, Essential Eight, MSP

What to know about Cyber Insurance

What to know about Cyber Insurance

Back when cyber insurance first became available in the 1990s, there wasn’t much need for it, but in today’s business and digital landscape, cyber insurance has taken on greater urgency.

Why do I need Cyber Insurance?

Many small and medium-sized business owners have the idea that their business is not worth a cybercriminal’s time since they don’t have valuable data. Your business holds much more data than you think and what’s more, your business might be one link in a supply chain that if it gets hit, the rest of the chain’s data is at risk of being compromised.

Since many business owners think this way, it makes their businesses easy targets for cybercriminals to hit them with malware or ransomware that can potentially ruin their business, and it makes the statistic of 43 per cent of all cyberattacks being on SMEs not at all surprising.

The knowledge that any incident can compromise sensitive data or put an organisation at risk of lost business should be enough to make cyber insurance look appealing.

While strategies put in place are to prevent IT risks, there is always a chance that they will still happen and unfortunately, with so many variables outside your control, it’s no longer a matter of if, but when. This is why cyber insurance provides another way to reduce risk to your business.

So, if you have a large customer base, handle customer data or store information about your business, you should have Cyber Security Insurance.

What Does Cyber Insurance Cover?

Since there’s no guarantee you will never be breached, you need to insure against the costs that are involved with a data breach and theft, system hacking, ransomware demands and other attacks. Claims under a Cyber Security policy are often broad but typically include:

  • Liability: privacy lawsuits and regulatory defence.
  • Internal Financial Loss: extortion, notification expenses, data recovery, business interruption, theft.
  • Emergency Incident Response: costs incurred from responding to a Cyber Security attack.

Check the policy, but generally, cyber insurance covers your business for expenses related to the following:

  • Business interruptions like loss of profits and operational expenses
  • Recovering or replacing records or data
  • Liability and loss of third-party data
  • Hiring negotiators and paying a ransom
  • Defence of legal claims
  • Crisis management and monitoring
  • Media liability

It’s important to note that Cyber Security does not cover property damage that occurs due to a cyberattack, such as if hardware becomes fried during an incident. It also doesn’t cover intellectual property losses, businesses charged with committing a crime or self-inflicted cyber incidents, or costs associated with avoiding future attacks, like employee training, or working with a managed service provider.

Am I eligible for Cyber Insurance?

Being eligible for cyber insurance requires your business’ Cyber Security processes to meet certain standards and these must be maintained to continue to be covered.

Too many organisations have become complacent with their Cyber Security though as attacks become even more complicated, and while premiums are increasing, insurance companies are becoming more selective in what they will pay. As cybercriminals change their methods, it’s harder for organisations to put the best protections in place, which then impacts how insurance companies shape their policies.

As government regulations continue to be implemented to maintain a set of minimum standards for businesses, as cyber insurance does, this forces companies to strive to upgrade their defences from only virus protection and firewall. This only forces companies to reach their minimum standards though and does not provide the incentive to do better, which is where cyber insurance can produce better security.

When filling out a cyber insurance questionnaire, make sure you consult with your MSP so you know how to answer the questions the insurer is asking you. If you input the wrong information and take out a claim, you might find that you’re not covered for certain things that you haven’t told the insurer about. If your business then is hit by a cyberattack, the insurance company will not honour your cover.

Keep in mind that premiums for ransomware — paying a large sum, often in multiple stages, to a cybercriminal who has either stolen data or locked you out of your systems — policies have increased as the number of claims for ransom and extortion has increased. Cyber insurers often cover ransomware protection but since there is no standard policy surrounding this, cyber insurers are starting to rethink their coverage, so this varies significantly depending on the insurer. You might have to pay a separate, standalone cover for ransomware coverage that is outside of your standard Cyber Insurance.

The Australian Government advises to never pay a ransom as there is no guarantee you will gain access to your information, nor that the cybercriminals won’t sell or leak the data online. If you’re hit by a ransomware attack, call the Australian Cyber Security Centre 24/7 Hotline on 1300 CYBER1 (1300 292 371) for assistance, or contact your IT service provider so that they can guide you through the next steps forward.

The good thing about Cyber Insurance

The good thing about cyber insurance is that it forces your company to examine its risk levels in depth, such as in areas like security issues commonplace in your industry, the type of information your company stores and shares, your formal Cyber Security processes and tools, auditing procedures, backup and data loss protection, compliance regulations as well as your security history, such as whether you have had a breach in the past and how the business responded.

By doing this, businesses can develop an understanding of what Cyber Security truly encompasses and be better aware of everything within their network.

As with any insurance, no business wants to deal with cyber insurance claims. What having insurance does though, is allow organisations to survive serious cyber incidents while also changing the way businesses build and improve their Cyber Security programs.

Cybersecurity, Essential Eight, IT Support, Managed IT Services, MSP

Questions to ask your current IT service provider

5 Questions to ask your current IT service provider

If you’re satisfied with the service you are receiving from your current MSP and see no room for improvement, here are five things you can ask them to make sure they are looking after your business.

As a business owner, it’s essential that you’re satisfied with your IT provider’s services and capabilities. Many businesses we’ve contacted are happy with their relationship and service from their IT service provider but when we ask them if there’s any room for improvement, there’s always something. Or, they simply don’t know if there’s anything they should be asking their provider as they’re not technically inclined or up-to-date with regulations and new technologies.

If that’s you, here are some questions to ask your current IT provider to just make sure everything is on the right track, and why they’re important:

What recommendations can you give me to improve my IT infrastructure?

An MSP should be helping support the growth of your business so they should be helping your business to achieve its goals by looking at security, technology, the customer’s perspective and workplace transformation effects. You might even be on track and already have a lot of the latest tech, or might simply not find value in anything new, so they may have barely anything to recommend. As long as they’re open and transparent with you about this, you know you’re with an MSP who has your best interests at heart.

How are you implementing the Essential Eight Cyber Security strategies into my business?

Data breaches can be devastating for businesses, not just for owners but also for customers and staff. Essential Eight is currently a framework recommended by ACSC (Australia Cyber Security Centre) for your business to get started with when implementing Cyber Security strategies to protect your businesses. As it’s likely to become mandated in the future, ask your MSP how they are implementing the strategies and how your business ranks in Cyber Security maturity. You may not need to fully implement all the strategies either as you might not deal with data that is deemed ‘high risk’, but you should not be at Maturity Level Zero, so make sure the MSP is helping you improve.

How often are you backing up my data?

Backing up your data is critical to ensure you can quickly recover in the event of data loss or system failure. Losing that data can be a devastating blow, potentially crippling your business and erasing years of hard work. That’s why it’s so important to have a solid data backup and recovery plan in place. Understanding your provider’s backup and disaster recovery solutions can help you evaluate their ability to restore your data and minimise downtime. Backup is important, but restoring is equally, if not more, important. Make sure your MSP conducts regular restoration tests so that nothing is corrupt and you’re rest assured that your business will be back up and running in the event of a disaster.

What happens if my infrastructure goes down?

It’s one thing to know your MSP is backup up your data regularly but another to know what happens if infrastructure goes down. This is a key concern for stakeholders in any business as this affects production and trade, and enables potential data breaches. The consequences can be disastrous. Therefore, your business needs to know exactly the processes the MSP has in place for an attack or outage, such as remotely accessing data to restore systems and bringing you back online. 

How are you staying up to date with the latest technology trends and best practices, and can you give me some examples?

Technology is constantly evolving, so you want to make sure you’re partnering with an MSP that is constantly educating itself and staying current with the latest trends and best practices. Ask them if they’ve implemented any new technology into your business or if there have been any new solutions that could improve your business’s overall IT strategy.

Communication is also key in any relationship, so don’t hesitate to ask any questions you may have, whenever you have them, no matter how dumb they may seem. Your IT provider is meant to work alongside you in your growth and since you’re their client who they’re making money off, they should be doing everything they can to ensure the longevity of your business.

Asking these questions can help you evaluate your current IT provider’s services, identify areas for improvement and ensure that you’re getting the most out of your IT investment.

Essential Eight, MSP

How does The Privacy Act affect my business?

How does The Privacy Act affect my business?

If you run a business in Australia, you’ve probably heard about the Australian Privacy Act. It’s a law that sets out how businesses must handle personal information, but what does it mean for you and your business?

What is Personal Information?

Personal information is any information that can be used to identify an individual. This includes things like names, addresses, phone numbers, email addresses and even IP addresses. The Australian Privacy Act applies to all personal information that is collected, used or disclosed by businesses.

Key requirements of The Privacy Act

So, what are the requirements of the Australian Privacy Act? There are several key requirements that businesses must meet to comply with the law:

  1. Open and transparent management of personal information: Businesses must have a clear and transparent policy for how they manage personal information.
  2. Anonymity and pseudonymity: Wherever possible, businesses must allow individuals to remain anonymous or use a pseudonym.
  3. Collection of solicited personal information: Businesses must only collect personal information that is necessary for their business activities.
  4. Dealing with unsolicited personal information: Businesses must destroy or de-identify unsolicited personal information that they receive.
  5. Notification of the collection of personal information: Businesses must notify individuals about the collection of their personal information.
  6. Use or disclosure of personal information: Businesses must only use or disclose personal information for the purposes for which it was collected unless an exception applies.
  7. Direct marketing: Businesses must provide an opt-out option for direct marketing.
  8. Cross-border disclosure of personal information: Businesses must take reasonable steps to ensure that personal information is protected if it is disclosed to an overseas recipient.
  9. Data quality: Businesses must take reasonable steps to ensure that personal information is accurate, up-to-date, and complete.
  10. Data security: Businesses must take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure.
  11. Access and correction: Individuals have the right to access and correct their personal information.
  12. Complaints: Businesses must have a process for individuals to make complaints about how their personal information is being handled.

How does The Privacy Act directly affect your business?

The Australian Privacy Act applies to all businesses that collect, use or disclose personal information. This means that if your business collects personal information from customers, clients or employees, you must comply with the law.

If you don’t comply with the Australian Privacy Act, you could face fines and legal action. This could damage your reputation and hurt your business. So, it’s important to take the law seriously and make sure that your business is compliant.

To comply with the Australian Privacy Act, you’ll need to take steps to protect the personal information that your business collects, uses or discloses. This could include implementing data security measures, creating a privacy policy and providing training to employees about how to handle personal information.

The Privacy Act and Cyber Security

As technology continues to evolve and become more integrated into our daily lives, the need for Cyber Security measures has become increasingly important. In Australia, The Privacy Act is a legal framework that governs the collection, use and disclosure of personal information by businesses, however, in today’s digital age, Cyber Security breaches can pose a significant threat to The Privacy Act, and ultimately, to the privacy of Australian citizens.

Cyber Security refers to the measures taken to protect digital information and systems from unauthorised access, use or damage. Cyber Security breaches can come in many forms, including phishing attacks, malware infections and hacking attempts, and the consequences of a successful cyberattack can be severe, ranging from the loss of sensitive information to financial damages, and even reputational harm.

For businesses, Cyber Security is closely tied to The Privacy Act. Under the Act, businesses are required to protect the personal information they collect and hold, and must take reasonable steps to ensure that this information is kept secure. This means implementing appropriate Cyber Security measures to prevent unauthorised access or disclosure of personal information.

Despite the legal requirements set out in The Privacy Act, many businesses still fall short when it comes to Cyber Security. A lack of investment in Cyber Security measures, combined with a growing sophistication of cyberattacks, has left many businesses vulnerable to breaches. This not only puts personal information at risk but also undermines the trust of customers and stakeholders who rely on these businesses to safeguard their data. Customers need to feel confident that their personal information is being handled securely, and when businesses fail to protect this information, it can have devastating consequences.

Another issue is the cost of cybercrime to businesses. Recovering from a cyberattack can be incredibly expensive, both in terms of financial costs and lost productivity. Small businesses, in particular, may struggle to recover from a serious cyberattack, which can put them out of business altogether.

Cybercrime is having a significant impact on The Privacy Act for Australian businesses. While the government is taking steps to address these issues, including introducing the Notifiable Data Breaches scheme where an organisation must notify affected individuals and the government when a data breach is likely to result in serious harm to those whose personal information has been affected, as well as Essential Eight, it’s up to businesses themselves to take proactive steps to protect their customers’ personal information. This means investing in robust Cyber Security measures, implementing strong data protection policies and educating employees about the importance of Cyber Security. By taking these steps, businesses can help prevent cybercrime from undermining The Privacy Act and damaging their reputation.

In summary, the Australian Privacy Act is a law that sets out how businesses must handle personal information. If your business collects personal information from customers, clients or employees, you must comply with the law. This means taking steps to protect personal information and ensuring that your business is compliant with the law. By doing so, you can protect your business and your customers’ privacy.

Cybersecurity, Essential Eight

Why was Essential Eight introduced?

Why was Essential Eight introduced?

In the world of Cyber Security, Essential Eight is a term that is frequently heard. It’s a set of security strategies that businesses can implement to protect themselves against cyber threats. But have you ever wondered why Essential Eight was created in the first place?

Essential Eight was created by the Australian Cyber Security Centre, also known as the ACSC, in response to the increasing frequency and severity of cyberattacks on Australian businesses. The ACSC recognised that the majority of cyberattacks could have been prevented or mitigated if businesses had implemented basic security measures.

Essential Eight was originally developed to give Australian governmental agencies, departments, councils and other businesses in the public sector a framework to increase their security and operational practices. These strategies are now highly recommended for all private businesses as a foundation for their Cyber Security controls so that Australian businesses are protected against cybercrime as cybercriminals develop and improve their attacks.

At the moment, with the current rate of cyberattacks, businesses should aim at getting the security basics right. After analysing factors like the incident response of some of the early victims of cyberattacks, the ACSC released a revised 2023 version of its Essential Eight Strategies to Mitigate Cyber Security Incidents, originally released in 2017.

Essential Eight is a list of eight security strategies that ACSC believes will provide a strong foundation for Cyber Security. The strategies are based on ACSC’s experience and expertise in dealing with cyber threats and are designed to be effective against a range of cyberattacks, and they cover three key areas, prevention, limitation and recovery, and these are ranked by the business’ maturity level.

The strategies are not meant to be a one-size-fits-all solution, but rather a set of guidelines that businesses can use to tailor their security approach based on their specific needs and risk profile. By implementing Essential Eight, businesses can significantly reduce the risk of cyberattacks and protect their sensitive information and assets.

The Essential Eight strategies include:

  1. Application control: Allowing only approved applications to run on systems, preventing the execution of unauthorised software.
  2. Patching applications: Keeping all software up to date with the latest security patches to prevent exploitation of known vulnerabilities.
  3. Configuring Microsoft Office macro settings: Blocking macros from the internet and allowing only approved macros to run on specific systems.
  4. User application hardening: Configuring web browsers to block malicious content and implementing security features such as two-factor authentication.
  5. Restricting administrative privileges: Limiting the number of accounts with administrative privileges to minimise the risk of privilege misuse.
  6. Patching operating systems: Keeping operating systems up to date with the latest security patches to prevent exploitation of known vulnerabilities.
  7. Multi-factor authentication: Requiring additional forms of authentication, such as a security token or biometric authentication, to access sensitive information.
  8. Daily backups: Conducting daily backups of important data to ensure that in the event of a cyberattack, data can be restored to a previous state.

Implementing these strategies can seem daunting, but businesses need to protect themselves from cyber threats. Not only can a cyberattack cause significant financial damage, but it can also damage a business’s reputation and erode customer trust.

Do businesses need to report security breaches?

All Australian businesses with an annual revenue of $3 million are required to report data breaches both to impacted customers and to the Office of the Australian Information Commissioner (OAIC) within 72 hours. Since it’s difficult to gauge the impact of each breach, it’s best to report all breaches to be safe.

All health service providers, credit reporting bodies, credit providers that process credit eligibility information, Tax File Number recipients and all entities regulated under The Privacy Act 1988 must comply with this law, known as the Notifiable Data Breach Scheme (NDB).

This is required regardless of whether a business has implemented Essential Eight. The Essential Eight strategies simply provide a framework for businesses to prevent breaches and a way to protect themselves when one does occur.

Failure to report breaches The Privacy Act and can result in enforcement action. Businesses face a maximum fine of $1,800,000 for serious or repeated interference with an individual’s privacy.

Businesses need to ensure they have planned adequately for any potential data breaches, such as by reviewing their existing processes around data and Cyber Security and improving these by implementing Essential Eight. They also need to review their contracts with key suppliers to learn about how information is to be handled, as well as educate their staff on data breach laws and security practices, create data breach management strategies and consider Cyber Insurance to protect themselves against financial loss.

Essential Eight was created to provide a framework for businesses to protect themselves from cyber threats. By implementing these strategies, businesses can significantly reduce their risk of a successful cyberattack and safeguard their sensitive information and assets. Businesses need to understand the importance of Essential Eight and take steps to implement these strategies as part of their overall Cyber Security approach.

Cybersecurity, Essential Eight

Does Essential Eight Impact my Business?

Does Essential Eight Impact my Business?

As a business owner or IT professional, you may have heard about Essential Eight, a set of Cyber Security strategies introduced by the Australian Cyber Security Centre (ACSC) to help organisations protect themselves against cyberattacks. But you might be wondering, does the government’s recommendation of implementing Essential Eight affect my business? In this blog post, we will explore what Essential Eight is and whether it is relevant to your business.

What is Essential Eight?

Essential Eight is a set of eight Cyber Security strategies that the ACSC has identified as essential for organisations to protect themselves against cyberattacks. It was developed to help companies comply with Cyber Security laws, legislations and regulations. The strategies cover a range of security controls that should be implemented to mitigate against the most common cyber threats. Essential Eight is not a prescriptive set of rules, but rather a framework that organisations can use to identify and prioritise their security needs.

The eight strategies are:

  1. Application control
  2. Patching applications
  3. Configure Microsoft Office macro settings
  4. User application hardening
  5. Restricting administrative privileges
  6. Patch operating systems
  7. Multi-factor authentication
  8. Daily backups

Each strategy is designed to address a different aspect of Cyber Security and should be implemented according to the specific needs of your organisation.

By assessing your business against Essential Eight, your compliance with the strategies is measured in terms of its ‘Maturity Level,’ which ranges from zero to three.

Will Essential Eight impact my business?

Currently, Essential Eight is simply recommended guidelines for businesses to measure their Cyber Security maturity against and to give them steps to take to improve their position. We believe this recommendation will soon turn into a mandate, hence why it is something we push our new clients to adopt when we begin working with them. As an MSP that specialises in Cyber Security, these types of strategies are ones we implement anyway, but since they are now strongly recommended by the government, we try to show our clients, and any potential clients, the importance of seriously taking the time to invest in Cyber Security and to educate their staff about security methods.

For now, will Essential Eight affect your business? The short answer is yes. Even though it is only recommended, it’s recommended for a reason. With harsh penalties for businesses that fall victim to cyberattacks, it would be illogical not to start bringing Cyber Security measures into your company. The framework is centred around preventing attacks, limiting the impact of attacks and data availability, which are issues all businesses should be concerned about.

Insurance companies are now starting to mandate certain security measures, which are part of the Essential Eight, and without these measures, your insurance company will not pay you when a claim is made. Or, the insurance company will not renew your Cyber Security coverage. What we also notice is that many small businesses fill out their insurance questionnaire without consulting the right IT people, which often leads to incorrectly stated responses to some of the Cyber Security questions. In cases like these, while a Cyber Security policy is taken out, in the unfortunate event when the small business is attacked and compromised, the insurance company will not honour the covers.

Implementing Essential Eight will require time and resources from your organisation, however, the long-term benefits of implementing these strategies can far outweigh the initial investment.

By implementing Essential Eight, you can:

  1. Improve your Cyber Security posture: Implementing the Essential Eight can help improve your organisation’s Cyber Security posture, making it more difficult for cybercriminals to breach your network.
  2. Reduce the likelihood of a data breach: The Essential Eight strategies are designed to protect against the most common cyber threats, reducing the likelihood of a successful attack.
  3. Save money in the long run: The cost of a data breach can be significant, both in terms of financial costs and damage to your organisation’s reputation. By implementing Essential Eight, you can reduce the likelihood of a data breach, potentially saving your organisation significant costs in the long run.
  4. Privileged Access Management (PAM): By implementing Essential Eight, you thereby place administrative restrictions on applications, operating systems and devices on a user-by-user basis which allows for increased data security, increased control over operations, reduced risks stemming from human error, reduced cost due no more over expenditure on materials and resources and greater insight into how applications, systems and devices are used.
  5. Meet compliance requirements: Many regulatory requirements, such as the Australian Privacy Act 1988, require organisations to implement reasonable measures to protect personal information. Implementing Essential Eight can help your organisation meet these compliance requirements.

Challenges to implementing Essential Eight

While implementing Essential Eight can provide significant benefits, it is not without its challenges. Some of these include:

  1. Lack of resources: Implementing Essential Eight can require significant time and resources, which can be a challenge for small and medium-sized organisations.
  2. Complexity: Some of the Essential Eight strategies, such as application whitelisting and multi-factor authentication, can be complex to implement and manage.
  3. Resistance to change: Introducing new security measures can sometimes be met with resistance from employees who may see the measures as an inconvenience.
  4. Lack of understanding: Some organisations may not fully understand the risks posed by cyber threats and may not see the need for implementing Essential Eight.

Essential Eight is a set of Cyber Security strategies designed to help organisations protect themselves against cyberattacks. While implementing Essential Eight can require time and resources, the long-term benefits of improved Cyber Security posture and reduced likelihood of data breaches can far outweigh the initial investment. By implementing Essential Eight, businesses can better protect themselves against the most common cyber threats and meet regulatory compliance requirements. However, challenges such as lack of resources, complexity, resistance to change and lack of understanding can make implementing Essential Eight a challenge for some organisations.

  • Get A Full IT System Assessment

    Call 03 9069 2188

    Or fill out the form below and we'll call you back straight away!

      [recaptcha size:compact]

    • gtee-arrow-3

      All our services are underpinned by our 100% Service Level Guarantee, so the onus is on us to perform and provide you with better service and support for a lower total cost. If we don’t perform well, it’s us who pays, not you!

      • 99.9% Guaranteed system uptime
      • Fast, 15-minute response
      • All your IT needs under one roof
      • ebook-graphic-2

      Download our FREE eBook:

      "8 Common Mistakes When Switching IT Provider" (and how you can avoid making the same mistakes)


      DOWNLOAD NOW

      WARNING: Telemarketers have been posing as Pronet & calling individuals/organisations to sell
      website and domain hosting services.
      Pronet Technology ensures that we DO NOT contact businesses or individuals to offer these products.                                  
      If this has happened to you we apologise and encourage you to email info@pronet.com.au so we can prevent the issue.

      Got it!
      X