COSBOA Communique – Business Continuity & CyberSecurity

Cyber Security, telecommunications failures, power blackouts, website failures, disaster management – they exist and need management and planning

On Wednesday 24 May 2017, COSBOA conducted a workshop with small business representatives and key government and industry stakeholders to discuss some of the key threats to business continuity for small businesses – and the strategies that could be pursued to lessen the impact of these risks across the sector.

Unlike large corporations that build management of business continuity risks into their governance framework, small business owners are generally required to direct all their attention to managing their business on a day to day basis – let alone spending time thinking about some of the risks that could impact their business in the future.

Yet key threats to business continuity have the potential to undo a lifetime of effort in building up a small business and many of these threats are becoming increasingly significant as time goes on.

Key threats to business continuity in the small business sector are principally developed around risks that impact on revenue and cashflow. These risks include:

  1. Cybercrime resulting in the financial and customer information systems of small businesses being compromised and or locked from use by a hacker. In a world where information is king, lengthy disruption to key financial and customer information systems can result in a business being unable to trade with immediate loss of revenue and short term cash flow impacts.

  2. Outages of the national grid. Recent experiences in South Australia resulted in businesses of all sizes suffering significant loss as a result of power system failures. Such outages not only result in loss of business information systems but generally prevent the business from trading and often result in the loss of stock.

  3. Outages of the communication network. In the past 12 months, there have been several outages of the national communications network. Given that many small businesses use digital channels to access customers and utilise the cloud for storage of business information, these failures typically result in small businesses being unable to trade for the period of the outage – with continuing losses following the restoration of the communication network.

  4. Natural disasters. Australia is a country that suffers natural disasters such as cyclones, severe storms and floods. While these events bring immediate disadvantage to affected communities, they have enduing impacts on small businesses – not just those who operate in the impacted region but all those who may rely on the sourcing of products and services from these regions.

The forum noted that there is no practical way to completely protect the small business community from economic loss suffered as a result of key business interruption threats.

The key is to ensure that the small business sector is supported in developing a better understanding of the nature of these risks and the capacity to respond to these risks in a timely manner to minimise losses (i.e. resilience) This will extend to COSBOA working:

  1. cooperatively with key government agencies to promote small business understanding of the key threats to business continuity

  2. with all stakeholders to build the capacity of small business to respond quickly to business interruption, with a view to minimising losses

As the first tangible step in this journey, COSBOA has developed the three-pillar framework to assist small business in managing the growing threat of cybercrime. These 3 pillars of cybersecurity management for small business comprise:

  • Training and certification: Making an online training programme available to COSBOA members (and the members of COSBOA members) outlining what measures can be pursued to minimise the threat of cybercrime. Participants who achieve a satisfactory score will be issued with a certificate of satisfactory course completion.

  • Protection and inoculation: Ensuring that business software is regularly updated and that virus and spamware systems are in place.

  • Disaster recovery insurance: Making affordable insurance available for small business owners who experience direct and indirect economic losses arising from a cybercrime incident.

COSBOA would like to thank all stakeholders who attended the forum today and looks forward to working cooperatively with all parties to decrease the risk of economic loss arising from the major threats to business continuity.