{{ propApi.closeIcon }}
Our industry
Our industry $vuetify.icons.faArrowRight
Economic research & forecasting Economics Housing outlook Tailored market research Economic reports & data Inspiring Australia's building professionals Business & digital Products & innovation Projects HOUSING Online The only place to get your industry news Media releases Member alerts Submissions See all
Business support
Business support $vuetify.icons.faArrowRight
Become an apprentice host Hire an apprentice Why host a HIA apprentice? Apprentice partner program Builder & manufacturer program Industry insurance Construction legal expenses insurance Construction works insurance Home warranty insurance Tradies & tool insurance Planning & safety solutions Building & planning services How can safety solutions help you? Independent site inspections Solutions for your business Contracts Online HIA Tradepass HIA SafeScan Advertise jobs Trusted support & guidance Contracts & compliance support Professional services Industrial relations Member savings Toyota vehicles Fuel savings Handy pay See all
Resources & advice
Resources & advice $vuetify.icons.faArrowRight
Building it right Building codes Australian standards Getting it right on site See all Building materials & products Concrete, bricks & walls Getting products approved Use the right products for the job See all Managing your business Dealing with contracts Handling disputes Managing your employees See all Managing your safety Falls from heights Safety rules Working with silica See all Building your business Growing your business Maintaining your business See all Other subjects COVID-19 Getting approval to build Sustainable homes See all
Careers & learning
Careers & learning $vuetify.icons.faArrowRight
A rewarding career Become an apprentice Apprenticeships on offer Frequently asked questions Study with us Find a course to suit you Qualification courses Learning on demand A job in the industry Get your builder's licence Continuing Professional Development (CPD) Find jobs
HIA community
HIA community $vuetify.icons.faArrowRight
Join HIA Sign me up How do I become a member? What's in it for me? Mates rates Get involved Become an award judge Join a committee Partner with us Our initiatives HIA Building Women GreenSmart Kitchen, bathroom and design hub Get to know us Our members Our people Our partners Support for you Charitable Foundation Mental health program
Awards & events
Awards & events $vuetify.icons.faArrowRight
Awards Awards program People & Business Awards GreenSmart Australian Housing Awards Awards winners Regional Award winners Australian Housing Award winners 2023 Australian Home of the Year Enter online Industry events Events in the next month Economic outlook National Conference Events calendar
HIA products
HIA products $vuetify.icons.faArrowRight
Shop @ HIA Digital Australian Standards Contracts Online Shipping & delivery Purchasing T&Cs See all Products Purchase NCC 2022 Building codes & standards Economic reports Hard copy contracts Guides & manuals
About Contact Newsroom
$vuetify.icons.faMapMarker Set my location Use the field below to update your location
Change location
{{propApi.text}} {{region}} Change location
{{propApi.successMessage}} {{region}} Change location

$vuetify.icons.faPhone1300 650 620

How to prevent cyber attacks

How to prevent cyber attacks

Anne-Maree Brown

General Manager of Content
Meet the cyber insiders
  • David Fairman: Chief Security Officer and Chief Technology Officer, Netskope (APAC)
  • Kelly Tot: General Manager – Information Technology, HIA
Netskope's David Fairman and HIA's Kelly Tot

Q: What are the biggest weaknesses smaller businesses face in terms of cybersecurity?

David: The main pain point is finding or allocating time and money to cybersecurity. As a result, there is often no coordinated approach or focus on taking basic steps to improve their posture. 
Appointing a person in a company to own cybersecurity is important. They don’t need to be technical or an IT expert but someone who can ensure good practices and measures, and then ensure improvements are being made.

Lack of cyber awareness can lead to easy mistakes. Take invoice fraud and scams, for example. They are one of the most prevalent cybercrimes targeting small businesses. They work really well because there’s often little caution being taken in the payment process. To prevent this, only process payments when they are validated with the party you are paying. This includes validating any change of payment details, such as updating bank account details for the payment, and doing it verbally by calling a verified contact person and phone number.

Kelly: I always say when it comes down to cybersecurity, you can have all the technology and processes, but your biggest risk is your people.

Firstly, cybersecurity isn’t about a business being attacked, but more often an individual on the team. Educate your employees and make sure that everyone understands what to look out for and what to do if they are suspicious something isn’t right. Check the spelling on emails, logos, wording – any inconsistencies.

Then discourage your workers to feel embarrassed if something occurs. Once someone realises they have clicked on a suspicious link, if they contemplate what to do for too long, they continue to make your systems vulnerable. Make your team feel empowered and aware that it is common and don’t feel they need to hide it if they feel they have been hacked. The same goes for the business owner themselves; it is definitely a case of not if it will happen, but when.

Always insure your business from cyber crime

Q: What advice do you have for owners to protect themselves?

David: Your priority should be to protect the data you handle as this is the most precious digital asset you own. Understand and take note of where your most important data is and who has access to it, including third parties. You can’t protect what you don’t know about. Once you have this visibility, you should review every stakeholder’s access rights, validate if they still need this access, and correct if necessary. This review should happen regularly to minimise the chances of data breaches.

There are also a number of cyber-hygiene steps owners should regularly take. Apply security patches as soon as they are published for the software you use, including operating systems on laptops and PCs.

Enabling multi-factor authentication on all systems, such as a password and a temporary code sent on a mobile device, is another safety step. Plus, have an incident response plan that outlines the roles, responsibilities and guidelines for different types of cyber incidents should they arise. Back up your data to ensure it's not lost for good if it's stolen, encrypted or deleted.

Kelly: As David mentioned, don’t overlook your antivirus software. Make sure it’s current and you've done the right updates, which are often automatic. Check the expiry dates like you check expiry dates on your food in the fridge. People tend to do an iPhone update within a second but don’t do the same with their software.

Also look at minimising your current data on your live active systems and where you keep your older data. Look at removing old data from your live systems and store it elsewhere.

Continue to educate your team and encourage behavioural change to ensure your business is protected. This includes locking screens, shutting down desktops or laptops overnight. The more hours in the day your systems are made available to hackers, the more opportunities you provide them.

Even if you're threatened by ransomware, you shouldn’t pay the ransom

Q: What should a business owner do if they are compromised?

David: Seek help as soon as possible. Even if you are threatened by ransomware, you shouldn’t pay the ransom because there is no guarantee the attackers will keep their promise, and in some cases, they actually keep the stolen data and continue to blackmail their target.

There are industry and governmental bodies that can help, including the Australian Cyber Security Centre (ACSC), which has launched a dedicated hotline for businesses that experience a cyber incident. In addition, a company will probably need to bring in external support, often private cybersecurity or managed security services companies that will build a response team to mitigate the attack or start the recovery.

Once those technical aspects are being taken care of, other steps include quickly designing a communications plan to inform all stakeholders that may be impacted by the incident as soon as possible, as well as assessing the potential ramifications of this incident – financial, legal and reputational. Businesses should build a plan to outline how it will recover from this. Lastly, consider how to reinforce your cybersecurity to prevent similar incidents from happening again in the future.

Kelly: Approach ACSC, and also reach out to a local professional if you are unprotected and ask to have your laptop cleaned if you don’t feel confident you can do it yourself.

A cybersecurity breach or threat is a lesson in your business processes and how informed your team is. While concerning if it happens, it can provide an opportunity to better safeguard yourself in the future. However, it is best practice for businesses to look at all possible safeguards before a breach occurs.

Cybersecurity isn’t about a business being attacked, but more often an individual on the team

What is a cyber threat?

According to Netskope’s David Fairman, it is important to understand that cyber criminals know that information is power and are after one thing: valuable information and data to blackmail organisations for financial gains, and in some cases, for espionage.

There are two main ways cyber criminals achieve this: find vulnerabilities in an organisation’s systems and/or devices to penetrate them; or deceive the people who work within those organisations to steal their credentials and get them to send confidential data and information. The latter is often achieved with malware, phishing and general social engineering tactics.

Unfortunately, smaller businesses are prime targets because cyber criminals know that they often don’t have strong cybersecurity. Any business should consider that as soon as they are handling data, and have a digital footprint, they are at risk.

The Australian Cyber Security Centre offers some great resources including a framework called the Essential Eight that provides practical cybersecurity actions.

Insure your business from cyber crime

Cyber insurance for the construction industry has been specifically designed to protect businesses from a variety of risks associated with doing business online. Every business that has an online presence or that uses technology as part of its day-to-day operations is potentially vulnerable to a cyberattack. These attacks can compromise personal or confidential data, cause financial loss and liability to third parties, and damage your business's reputation. Some of the key highlights of cyber insurance are:

  • Protect your business against financial losses resulting from a cyber incident 
  • Guard against common cyber threats that aren’t covered by traditional insurance policies 
  • Rely on a dedicated incident response team to help you tackle any situation head-on. 
For more information

To find out more about cyber insurance, visit HIA Insurance or call 1800 762 878 to speak with a specialist.

Published on 11 November 2022

You might also like:

Residential Renovations Awards Business and digital
Set up for success
National award winner Hudson Homes is focused on steady growth but not at the expense of the customer experience.
Nov 23
4 mins
Read full article $vuetify.icons.faArrowRight
Australian Standards Building developments Innovation Business and digital
Build + Tech – Summer 2023
Builders, large and small, know one thing: whatever saves you time, negates risk and improves workflow and communication is bound to be the makings of a better business. 
Nov 23
Read full article $vuetify.icons.faArrowRight
Australian Standards National Construction Code (NCC) Business and digital
Resources - summer 2023
Looking for technical information or design inspiration? Here are the latest tools to narrow your search and advance your knowledge.
Nov 23
4 mins
Read full article $vuetify.icons.faArrowRight
Business and digital Trends Safety
Resources - spring 2023
Looking for technical information or design inspiration? Here are the latest tools to narrow your search and advance your knowledge.
Aug 23
2 min
Read full article $vuetify.icons.faArrowRight
Business and digital Expenses Small business
What's in it for me?
HIA provides members with a large range of industry products and services to help you manage, operate and grow your business. Here are some benefits you can access today.
Aug 23
5 min
Read full article $vuetify.icons.faArrowRight
Business and digital Business operations Construction Customer service Digital marketing
Pride and passion
From custom homes to specialised housing projects, Ben Garraway of Garraway Developments is passionate about quality construction and delivering beautiful homes in regional Victoria.
Aug 23
6 min
Read full article $vuetify.icons.faArrowRight
National Construction Code (NCC) Sustainability Accounting Business and digital
Resources - winter 2023
Looking for technical information or design inspiration? Housing rounds up the latest tools to advance your knowledge.
Jun 23
3 min
Read full article $vuetify.icons.faArrowRight
Budget Renovations Construction Business and digital
To chatbot or not
A jump into virtual technology is resonating for Trendsetter Homes. With a clientele now wedded to life online, the dividends speak for themselves.
May 23
4 min
Read full article $vuetify.icons.faArrowRight
Work Health and Safety (WHS) Wellbeing Safety Business and digital
Back in business
Addressing any back and neck pain you may be experiencing at work is necessary not just for your daily comfort but for your long-term wellbeing as well.
Apr 23
7 min
Read full article $vuetify.icons.faArrowRight
Business systems Networking Small business Business and digital
How safe is your website?
Is your network secure? Your IT network security should protect you from within, but how do you ensure you have the right safeguards in your systems?
Apr 23
4 min
Read full article $vuetify.icons.faArrowRight
Superannuation Financial planning Small business Business and digital
Boost your super
Superannuation may seem complex and – to be honest – not that exciting. But it becomes more appealing when you realise all the perks and strategies that will give your super a real boost.
Apr 23
5 min
Read full article $vuetify.icons.faArrowRight
Business systems Education CPD Business and digital
Resources autumn 2023
Looking for technical information or design inspiration? Here are the latest tools to narrow your search and advance your knowledge.
Apr 23
1 min
Read full article $vuetify.icons.faArrowRight