A new way to approach cyber security for small and medium enterprises

Page 1

2021 AdviceTech Masterclass

A new way to approach cyber security for small and medium enterprises

This document is for general use. Modification of content is prohibited unless you have Netwealth’s express prior written consent.


Before we get started This document is for general use. This information has been prepared by Netwealth. Whilst reasonable care has been taken in the preparation of this presentation using sources believed to be reliable and accurate, to the maximum extent permitted by law, Netwealth and its related parties, employees and directors and not responsible for, and will not accept liability in connection with any loss or damage suffered by any person arising from reliance on this information. Netwealth Investments Limited (Netwealth) (ABN 85 090 569 109, AFS Licence No. 230975) and Netwealth Superannuation Services Pty Ltd (ABN 80 636 951 310), AFS Licence No. 528032, RSE Licence No. L0003483 as the trustee of the Netwealth Superannuation Master Fund, is a provider of superannuation and investment products and services, and information contained within this presentation about Netwealth’s products or services is of a general nature which does not take into account your individual objectives, financial situation or needs. Any person considering a financial product or service from Netwealth should obtain the relevant disclosure document at www.netwealth.com.au and consider consulting a financial adviser before making a decision before deciding whether to acquire, dispose of, or to continue to hold, an investment in any Netwealth product.


Housekeeping

1 CPD point available • Must have attended for >40 minutes • CPD details will be included in the postwebinar email

This webinar is being recorded • Slides will be sent to you after the webinar via email

Enter your questions in the questions of webinar toolbar • We will get to them at the end of the webinar


2021 AdviceTech opportunities

How to become an AdviceTech Star

Client data as the core of your AdviceTech stack

A digital experience is more than a Zoom meeting

Portfolio construction at scale with managed accounts

How to educate clients with content marketing

The Emerging Affluent – an important group of millennials


Real cyber security concerns Which of the following potential sources of cybersecurity threats to your business are you concerned about?

72%

47%

22% 13% 6% Unwitting employee action

Malicious employee action

Organised cybercriminal gangs

State-based actors

Competitor espionage

10%

None, I am not concerned by these threats


Meet Murray Goldschmidt from CyberCX • Co-Founder and Chief Operating Officer at Sense of Security • A founding member firm of CyberCX. • His credentials include CISSP, IRAP and PCI QSA certifications • He is an active member of AISA, the AICD and RMIA.


Cyber 123 for SME The essential guide for small and medium enterprises to take control of their cyber security.


One morning we came in and there was nothing on our computers

We lost all patient and staff records, X-rays, plus booking, scheduling and treatment details. They took the lot.


$20,000



$77,216.58







• Brush twice daily • Floss • Avoid sugary foods and drinks • Get a check-up twice a year • Visit your dentist if you have problems

$50,600


• • • • •

Keep your tyres pumped Use quality petrol Keep an eye on the gauges Get a service twice a year Visit your mechanic if you have problems


• • • •

Don’t eat too much Get regular exercise Get enough sleep Get a check-up twice a year • Visit your doctor if you have problems






People Process Technology










The truth? • Unlikely, but also likely • Devastating


Who is it for? • • • •

Everyone Digitally enabled Data based Privacy focussed






It’s a thinking tool • Cost



It’s a thinking tool • Cost • Complexity


Before an event

After an event


It’s a thinking tool • Cost • Complexity • Expertise



Security training from ABC IT Services Company


ISO27001 Policy Templates


Managed by XYZ IT Service Company


Staff

Staff

Contractors


Staff

Internal

Regulatory


On-prem

Cloud/aaS


Cyber 123 for SME Case Study – Protecting Data





Privacy Policy Data Handling and Classification Policy


Privacy Training Data classification training Privacy Policy Data Handling and Classification Policy


Privacy Training Data classification training

Privacy Policy Data Handling and Classification Policy

Data classification software Data dashboard


Privacy Training Data classification training

Privacy Policy Data Handling and Classification Policy

Data classification software Data dashboard


Data handling training Data classification Don’t use USB drives training Lock screens Don’t share Say “no” Privacy Training

Privacy Policy Data Handling and Classification Policy

Data classification software Data dashboard


Privacy Training Data classification training

Data handling training Don’t use USB drives Lock screens Don’t share Say “no”

Confidentiality/NDAs Privacy Policy

Restricted Access Policy

Data Handling and Classification Policy

Data classification software Data dashboard


Privacy Training Data classification training

Data handling training Don’t use USB drives Lock screens Don’t share Say “no”

Privacy Policy

Confidentiality/NDAs

Data Handling and Classification Policy

Restricted Access Policy

File access controls Encryption

Data classification software Data dashboard

Block transfers


Privacy Training Data classification training

Mess up, fess up

Data handling training Don’t use USB drives Lock screens Don’t share Say “no”

Privacy Policy

Confidentiality/NDAs

Data Handling and Classification Policy

Restricted Access Policy

Data classification software

File access controls

Data dashboard

Encryption Block transfers


Privacy Training Data classification training

Privacy Policy Data Handling and Classification Policy

Data handling training Don’t use USB drives Lock screens Don’t share Say “no”

Mess up, fess up

Monitoring processes Confidentiality/NDAs • Social media Restricted Access• Customer feedback Policy

Review logs Data classification software Data dashboard

File access controls Encryption Block transfers


Privacy Training Data classification training

Data handling training Don’t use USB drives Lock screens Don’t share Say “no”

Privacy Policy

Confidentiality/NDAs

Data Handling and Classification Policy

Restricted Access Policy

Mess up, fess up

Monitoring processes • Social media • Bank statements Review logs

Detect data transfers Data classification software Data dashboard

File access controls Encryption Block transfers

Log all access


Privacy Training Data classification training

Data handling training Don’t use USB drives Lock screens Don’t share Say “no”

Privacy Policy

Confidentiality/NDAs

Data Handling and Classification Policy

Restricted Access Policy

Data classification software Data dashboard

Mess up, fess up

Monitoring processes • Social media • Bank statements

Official comms

Revise training

Incident response plan

Incident review

Review logs

Report data loss to OAIC/other body

File access controls

Detect data transfers

Inventory data lost

Encryption

Log all access

Block transfers

Change encryption keys


For you… • Canvas • Guide book • Self-paced training program • Workshop sessions • More?



Q&A cyber123.com.au


Your AdviceTech toolkit www.netwealth.com.au/advicetech

#action Read the full report Part A: Insights Part B: Suppliers guide

#action Run an internal AdviceTech workshop

#action Watch the 2021 AdviceTech Keynote presentation and our AdviceTech Masterclasses


Disclaimer This document is for general use. This information has been prepared by Netwealth. Whilst reasonable care has been taken in the preparation of this presentation using sources believed to be reliable and accurate, to the maximum extent permitted by law, Netwealth and its related parties, employees and directors and not responsible for, and will not accept liability in connection with any loss or damage suffered by any person arising from reliance on this information. Netwealth Investments Limited (Netwealth) (ABN 85 090 569 109, AFS Licence No. 230975) and Netwealth Superannuation Services Pty Ltd (ABN 80 636 951 310), AFS Licence No. 528032, RSE Licence No. L0003483 as the trustee of the Netwealth Superannuation Master Fund, is a provider of superannuation and investment products and services, and information contained within this presentation about Netwealth’s products or services is of a general nature which does not take into account your individual objectives, financial situation or needs. Any person considering a financial product or service from Netwealth should obtain the relevant disclosure document at www.netwealth.com.au and consider consulting a financial adviser before making a decision before deciding whether to acquire, dispose of, or to continue to hold, an investment in any Netwealth product.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.