2021 AdviceTech Masterclass
A new way to approach cyber security for small and medium enterprises
This document is for general use. Modification of content is prohibited unless you have Netwealth’s express prior written consent.
Before we get started This document is for general use. This information has been prepared by Netwealth. Whilst reasonable care has been taken in the preparation of this presentation using sources believed to be reliable and accurate, to the maximum extent permitted by law, Netwealth and its related parties, employees and directors and not responsible for, and will not accept liability in connection with any loss or damage suffered by any person arising from reliance on this information. Netwealth Investments Limited (Netwealth) (ABN 85 090 569 109, AFS Licence No. 230975) and Netwealth Superannuation Services Pty Ltd (ABN 80 636 951 310), AFS Licence No. 528032, RSE Licence No. L0003483 as the trustee of the Netwealth Superannuation Master Fund, is a provider of superannuation and investment products and services, and information contained within this presentation about Netwealth’s products or services is of a general nature which does not take into account your individual objectives, financial situation or needs. Any person considering a financial product or service from Netwealth should obtain the relevant disclosure document at www.netwealth.com.au and consider consulting a financial adviser before making a decision before deciding whether to acquire, dispose of, or to continue to hold, an investment in any Netwealth product.
Housekeeping
1 CPD point available • Must have attended for >40 minutes • CPD details will be included in the postwebinar email
This webinar is being recorded • Slides will be sent to you after the webinar via email
Enter your questions in the questions of webinar toolbar • We will get to them at the end of the webinar
2021 AdviceTech opportunities
How to become an AdviceTech Star
Client data as the core of your AdviceTech stack
A digital experience is more than a Zoom meeting
Portfolio construction at scale with managed accounts
How to educate clients with content marketing
The Emerging Affluent – an important group of millennials
Real cyber security concerns Which of the following potential sources of cybersecurity threats to your business are you concerned about?
72%
47%
22% 13% 6% Unwitting employee action
Malicious employee action
Organised cybercriminal gangs
State-based actors
Competitor espionage
10%
None, I am not concerned by these threats
Meet Murray Goldschmidt from CyberCX • Co-Founder and Chief Operating Officer at Sense of Security • A founding member firm of CyberCX. • His credentials include CISSP, IRAP and PCI QSA certifications • He is an active member of AISA, the AICD and RMIA.
Cyber 123 for SME The essential guide for small and medium enterprises to take control of their cyber security.
One morning we came in and there was nothing on our computers
We lost all patient and staff records, X-rays, plus booking, scheduling and treatment details. They took the lot.
$20,000
$77,216.58
• Brush twice daily • Floss • Avoid sugary foods and drinks • Get a check-up twice a year • Visit your dentist if you have problems
$50,600
• • • • •
Keep your tyres pumped Use quality petrol Keep an eye on the gauges Get a service twice a year Visit your mechanic if you have problems
• • • •
Don’t eat too much Get regular exercise Get enough sleep Get a check-up twice a year • Visit your doctor if you have problems
People Process Technology
The truth? • Unlikely, but also likely • Devastating
Who is it for? • • • •
Everyone Digitally enabled Data based Privacy focussed
It’s a thinking tool • Cost
It’s a thinking tool • Cost • Complexity
Before an event
After an event
It’s a thinking tool • Cost • Complexity • Expertise
Security training from ABC IT Services Company
ISO27001 Policy Templates
Managed by XYZ IT Service Company
Staff
Staff
Contractors
Staff
Internal
Regulatory
On-prem
Cloud/aaS
Cyber 123 for SME Case Study – Protecting Data
Privacy Policy Data Handling and Classification Policy
Privacy Training Data classification training Privacy Policy Data Handling and Classification Policy
Privacy Training Data classification training
Privacy Policy Data Handling and Classification Policy
Data classification software Data dashboard
Privacy Training Data classification training
Privacy Policy Data Handling and Classification Policy
Data classification software Data dashboard
Data handling training Data classification Don’t use USB drives training Lock screens Don’t share Say “no” Privacy Training
Privacy Policy Data Handling and Classification Policy
Data classification software Data dashboard
Privacy Training Data classification training
Data handling training Don’t use USB drives Lock screens Don’t share Say “no”
Confidentiality/NDAs Privacy Policy
Restricted Access Policy
Data Handling and Classification Policy
Data classification software Data dashboard
Privacy Training Data classification training
Data handling training Don’t use USB drives Lock screens Don’t share Say “no”
Privacy Policy
Confidentiality/NDAs
Data Handling and Classification Policy
Restricted Access Policy
File access controls Encryption
Data classification software Data dashboard
Block transfers
Privacy Training Data classification training
Mess up, fess up
Data handling training Don’t use USB drives Lock screens Don’t share Say “no”
Privacy Policy
Confidentiality/NDAs
Data Handling and Classification Policy
Restricted Access Policy
Data classification software
File access controls
Data dashboard
Encryption Block transfers
Privacy Training Data classification training
Privacy Policy Data Handling and Classification Policy
Data handling training Don’t use USB drives Lock screens Don’t share Say “no”
Mess up, fess up
Monitoring processes Confidentiality/NDAs • Social media Restricted Access• Customer feedback Policy
Review logs Data classification software Data dashboard
File access controls Encryption Block transfers
Privacy Training Data classification training
Data handling training Don’t use USB drives Lock screens Don’t share Say “no”
Privacy Policy
Confidentiality/NDAs
Data Handling and Classification Policy
Restricted Access Policy
Mess up, fess up
Monitoring processes • Social media • Bank statements Review logs
Detect data transfers Data classification software Data dashboard
File access controls Encryption Block transfers
Log all access
Privacy Training Data classification training
Data handling training Don’t use USB drives Lock screens Don’t share Say “no”
Privacy Policy
Confidentiality/NDAs
Data Handling and Classification Policy
Restricted Access Policy
Data classification software Data dashboard
Mess up, fess up
Monitoring processes • Social media • Bank statements
Official comms
Revise training
Incident response plan
Incident review
Review logs
Report data loss to OAIC/other body
File access controls
Detect data transfers
Inventory data lost
Encryption
Log all access
Block transfers
Change encryption keys
For you… • Canvas • Guide book • Self-paced training program • Workshop sessions • More?
Q&A cyber123.com.au
Your AdviceTech toolkit www.netwealth.com.au/advicetech
#action Read the full report Part A: Insights Part B: Suppliers guide
#action Run an internal AdviceTech workshop
#action Watch the 2021 AdviceTech Keynote presentation and our AdviceTech Masterclasses
Disclaimer This document is for general use. This information has been prepared by Netwealth. Whilst reasonable care has been taken in the preparation of this presentation using sources believed to be reliable and accurate, to the maximum extent permitted by law, Netwealth and its related parties, employees and directors and not responsible for, and will not accept liability in connection with any loss or damage suffered by any person arising from reliance on this information. Netwealth Investments Limited (Netwealth) (ABN 85 090 569 109, AFS Licence No. 230975) and Netwealth Superannuation Services Pty Ltd (ABN 80 636 951 310), AFS Licence No. 528032, RSE Licence No. L0003483 as the trustee of the Netwealth Superannuation Master Fund, is a provider of superannuation and investment products and services, and information contained within this presentation about Netwealth’s products or services is of a general nature which does not take into account your individual objectives, financial situation or needs. Any person considering a financial product or service from Netwealth should obtain the relevant disclosure document at www.netwealth.com.au and consider consulting a financial adviser before making a decision before deciding whether to acquire, dispose of, or to continue to hold, an investment in any Netwealth product.