Login
Navigating cyber threats in the SME sphere
Media coverage may lead one to believe that cyber security threats only impact big businesses, but SMEs also face a multitude of threats that must be combated.
Jerome Doraisamy
The average professional may be forgiven for thinking that cyber security threats only impact larger businesses or global corporations, or that they are at greater risk, given the media attention given to attacks on such companies.
“SMEs generally face threats from phishing and individuals posing as customers or third parties to obtain information to compromise an SME’s business. In comparison, the big end of town generally [faces] more sophisticated attacks in addition to threats facing SMEs,” she told Lawyers Weekly.
“Size generally affects the number of security investments an organisation or business has in place to protect from, and respond to, cyber security threats.”
SME law firms will be facing the same threats as those at the big end of town, and thus need to enact similar measures to address these threats, including education of personnel and putting in place appropriate processes, systems and procedures to protect against threats, Ms Dagger continued.
“Despite an increased awareness of cyber security matters, due in part to the increased media attention surrounding data breaches of larger high-profile organisations, professional service firms are still seeing the majority of their engagements arising from a data breach incident or similar,” she said.
“No organisation will ever be immune from a data security incident occurring but there are certainly steps that can be taken to minimise the likelihood of, and impact of, a cyber security incident occurring.”
“In this regard, organisations have some way to go in terms of engaging specialist and experienced professional service firms from the outset prior to an incident occurring by conducting ‘health checks’ of their systems, processes and procedures,” Ms Dagger added.
There are important lessons that firms in this sphere can learn, she advised.
“Educating clients on cyber, security and privacy matters is key, including by incorporating appropriate contractual protections in agreements with suppliers and customers as well as ensuring clients have appropriate internal policies, procedures and processes in place to respond to such matters,” she said.
“It is also vital organisations understand what data they collect and hold as too often organisations are undertaking a data mapping exercise following a cyber security incident when tensions are high and time is of the essence.”
“Finally – and a step many organisations often forget – is that once such matters are theoretically understood, it is important that organisations actively role-play how they would respond to different types of incidents so that they are prepared when such incident occurs in real life.”
In the event of a data breach, Ms Dagger noted, the ability to effectively and efficiently mobilise a skilled team of privacy, technology and litigation experts on a national and global scale and then connect clients with professional service firms that can provide additional services such as investigation, identify threat and breach notification services, will be paramount.
Furthermore, firms must be cognisant of how best to wade through interactions with the public, regulators and media when faced with cyber threats or data breaches, Ms Dagger concluded.
“By mobilising a targeted team of individuals comprising: (i) decision-makers within the client’s business; (ii) privacy, technology and litigation experts; and (ii) professional service advisers, law firms are able to open the lines of communication to assist the client in providing the public, regulators and the media with timely and informed information in what is generally a rapidly evolving situation,” she posited.
“Law firms can also assist by facilitating the sharing of experiences in responding to, and dealing with, these types of threats and incidents. This assists in creating a high degree of trust and shared learning experiences so that people have the knowledge and experience to deal with emerging threats.”
Jerome Doraisamy
Jerome Doraisamy is the editor of Lawyers Weekly and HR Leader. He has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. In June 2024, he also assumed the editorship of HR Leader. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of the Minds Count Foundation.
You can email Jerome at:
