{{ propApi.closeIcon }}
Our industry
Our industry $vuetify.icons.faArrowRight
Housing industry insights Economics Insights Data & forecasts Tailored research and analysis Advocacy & policy Advocacy Policy priorities Position statements Submissions News and inspiration Industry news Member alerts Media releases HOUSING Online
Business support
Business support $vuetify.icons.faArrowRight
Become an apprentice host Hire an apprentice Why host a HIA apprentice? Apprentice partner program Builder & manufacturer program Industry insurance HIA Insurance Services Construction works insurance Home warranty insurance Tradies & tool insurance Member perks Toyota vehicles The Good Guys Commercial Fuel savings See all Planning & safety solutions Building & planning services Safe Work Method Statements (SWMS) Solutions for your business Contracts Online Advertise jobs Trusted support & guidance Contracts & compliance support Industrial relations
Resources & advice
Resources & advice $vuetify.icons.faArrowRight
Building it right Building codes Australian standards Getting it right on site See all Building materials & products Concrete, bricks & walls Getting products approved Use the right products for the job See all Managing your business Dealing with contracts Handling disputes Managing your employees See all Managing your safety Safety rules Working with silica See all Building your business Growing your business Maintaining your business See all Other subjects Getting approval to build Sustainable homes See all
Careers & learning
Careers & learning $vuetify.icons.faArrowRight
A rewarding career Become an apprentice Apprenticeships on offer How do I apply? Frequently asked questions Study with us Find a course to suit you Qualification courses Learning on demand Professional development courses A job in the industry Get your builder's licence Continuing Professional Development (CPD) Further your career Find jobs
HIA community
HIA community $vuetify.icons.faArrowRight
Join HIA Sign me up How do I become a member? What's in it for me? Mates rates Get involved Become an award judge Join a committee Partner with us Our initiatives HIA Building Women GreenSmart Kitchen, bathroom and design hub Get to know us Our members Our people Our partners Support for you Charitable Foundation Mental health program
Awards & events
Awards & events $vuetify.icons.faArrowRight
Awards Awards program People & Business Awards GreenSmart Australian Housing Awards Awards winners Regional Award winners Australian Housing Award winners 2024 Australian Home of the Year Enter online Industry events Events in the next month Economic outlook National Conference Events calendar
HIA shop
HIA shop $vuetify.icons.faArrowRight
Most popular products National Construction Code Vol 1 & 2 Waterproofing wet areas AS 3740:2021 HIA Guide to Waterproofing HIA Guide to NCC Livable Housing Provisions Top categories Building codes & standards Contracts & documents Guides & manuals Safety documents Signage For your business Contracts Online Digital Australian Standards Digital Resource Library Forecasts & data
About Contact Newsroom
$vuetify.icons.faMapMarker Set my location Use the field below to update your location
Change location
{{propApi.text}} {{region}} Change location
{{propApi.successMessage}} {{region}} Change location

$vuetify.icons.faPhone1300 650 620

How to prevent cyber attacks

How to prevent cyber attacks

Anne-Maree Brown

General Manager of Content
Meet the cyber insiders
  • David Fairman: Chief Security Officer and Chief Technology Officer, Netskope (APAC)
  • Kelly Tot: General Manager – Information Technology, HIA
Netskope's David Fairman and HIA's Kelly Tot

Q: What are the biggest weaknesses smaller businesses face in terms of cybersecurity?

David: The main pain point is finding or allocating time and money to cybersecurity. As a result, there is often no coordinated approach or focus on taking basic steps to improve their posture. 
Appointing a person in a company to own cybersecurity is important. They don’t need to be technical or an IT expert but someone who can ensure good practices and measures, and then ensure improvements are being made.

Lack of cyber awareness can lead to easy mistakes. Take invoice fraud and scams, for example. They are one of the most prevalent cybercrimes targeting small businesses. They work really well because there’s often little caution being taken in the payment process. To prevent this, only process payments when they are validated with the party you are paying. This includes validating any change of payment details, such as updating bank account details for the payment, and doing it verbally by calling a verified contact person and phone number.

Kelly: I always say when it comes down to cybersecurity, you can have all the technology and processes, but your biggest risk is your people.

Firstly, cybersecurity isn’t about a business being attacked, but more often an individual on the team. Educate your employees and make sure that everyone understands what to look out for and what to do if they are suspicious something isn’t right. Check the spelling on emails, logos, wording – any inconsistencies.

Then discourage your workers to feel embarrassed if something occurs. Once someone realises they have clicked on a suspicious link, if they contemplate what to do for too long, they continue to make your systems vulnerable. Make your team feel empowered and aware that it is common and don’t feel they need to hide it if they feel they have been hacked. The same goes for the business owner themselves; it is definitely a case of not if it will happen, but when.

Always insure your business from cyber crime

Q: What advice do you have for owners to protect themselves?

David: Your priority should be to protect the data you handle as this is the most precious digital asset you own. Understand and take note of where your most important data is and who has access to it, including third parties. You can’t protect what you don’t know about. Once you have this visibility, you should review every stakeholder’s access rights, validate if they still need this access, and correct if necessary. This review should happen regularly to minimise the chances of data breaches.

There are also a number of cyber-hygiene steps owners should regularly take. Apply security patches as soon as they are published for the software you use, including operating systems on laptops and PCs.

Enabling multi-factor authentication on all systems, such as a password and a temporary code sent on a mobile device, is another safety step. Plus, have an incident response plan that outlines the roles, responsibilities and guidelines for different types of cyber incidents should they arise. Back up your data to ensure it's not lost for good if it's stolen, encrypted or deleted.

Kelly: As David mentioned, don’t overlook your antivirus software. Make sure it’s current and you've done the right updates, which are often automatic. Check the expiry dates like you check expiry dates on your food in the fridge. People tend to do an iPhone update within a second but don’t do the same with their software.

Also look at minimising your current data on your live active systems and where you keep your older data. Look at removing old data from your live systems and store it elsewhere.

Continue to educate your team and encourage behavioural change to ensure your business is protected. This includes locking screens, shutting down desktops or laptops overnight. The more hours in the day your systems are made available to hackers, the more opportunities you provide them.

Even if you're threatened by ransomware, you shouldn’t pay the ransom

Q: What should a business owner do if they are compromised?

David: Seek help as soon as possible. Even if you are threatened by ransomware, you shouldn’t pay the ransom because there is no guarantee the attackers will keep their promise, and in some cases, they actually keep the stolen data and continue to blackmail their target.

There are industry and governmental bodies that can help, including the Australian Cyber Security Centre (ACSC), which has launched a dedicated hotline for businesses that experience a cyber incident. In addition, a company will probably need to bring in external support, often private cybersecurity or managed security services companies that will build a response team to mitigate the attack or start the recovery.

Once those technical aspects are being taken care of, other steps include quickly designing a communications plan to inform all stakeholders that may be impacted by the incident as soon as possible, as well as assessing the potential ramifications of this incident – financial, legal and reputational. Businesses should build a plan to outline how it will recover from this. Lastly, consider how to reinforce your cybersecurity to prevent similar incidents from happening again in the future.

Kelly: Approach ACSC, and also reach out to a local professional if you are unprotected and ask to have your laptop cleaned if you don’t feel confident you can do it yourself.

A cybersecurity breach or threat is a lesson in your business processes and how informed your team is. While concerning if it happens, it can provide an opportunity to better safeguard yourself in the future. However, it is best practice for businesses to look at all possible safeguards before a breach occurs.

Cybersecurity isn’t about a business being attacked, but more often an individual on the team

What is a cyber threat?

According to Netskope’s David Fairman, it is important to understand that cyber criminals know that information is power and are after one thing: valuable information and data to blackmail organisations for financial gains, and in some cases, for espionage.

There are two main ways cyber criminals achieve this: find vulnerabilities in an organisation’s systems and/or devices to penetrate them; or deceive the people who work within those organisations to steal their credentials and get them to send confidential data and information. The latter is often achieved with malware, phishing and general social engineering tactics.

Unfortunately, smaller businesses are prime targets because cyber criminals know that they often don’t have strong cybersecurity. Any business should consider that as soon as they are handling data, and have a digital footprint, they are at risk.

The Australian Cyber Security Centre offers some great resources including a framework called the Essential Eight that provides practical cybersecurity actions.

Insure your business from cyber crime

Cyber insurance for the construction industry has been specifically designed to protect businesses from a variety of risks associated with doing business online. Every business that has an online presence or that uses technology as part of its day-to-day operations is potentially vulnerable to a cyberattack. These attacks can compromise personal or confidential data, cause financial loss and liability to third parties, and damage your business's reputation. Some of the key highlights of cyber insurance are:

  • Protect your business against financial losses resulting from a cyber incident 
  • Guard against common cyber threats that aren’t covered by traditional insurance policies 
  • Rely on a dedicated incident response team to help you tackle any situation head-on. 
For more information

To find out more about cyber insurance, visit HIA Insurance or call 1800 762 878 to speak with a specialist.

Published on 11 November 2022

You might also like:

Bathroom Plumbing Project management Renovations Business and digital
Wasting no time
When a couple launched their own bathroom renovation business, they soon recognised a gap in the market. Their product launch was so successful, they’re now considering globalisation.
Jul 24
4 mins
Read full article $vuetify.icons.faArrowRight
Timber Kitchens Design Business and digital
Resources - winter 2024
Looking for building information or design inspiration? Here are the latest tools to narrow your search and advance your knowledge.
Jun 24
4 mins
Read full article $vuetify.icons.faArrowRight
Design Inspiration Sustainability Kitchens Business and digital
Making a splash
Daniel Ferretti and Theresa Leonardos run ISPS Innovation, a one-of-a-kind bespoke kitchen and cabinetry establishment that embraces sustainability, craftsmanship and entrepreneurialism.
Jun 24
4 min
Read full article $vuetify.icons.faArrowRight
Awards Business and digital Payment Trends
Resources - autumn 2024
Looking for technical information or design inspiration? Here are the latest tools to narrow your search and advance your knowledge.
Apr 24
2 min
Read full article $vuetify.icons.faArrowRight
Apprentice Awards Business and digital Residential
A building franchise with a difference
Personal, collaborative, supportive, flexible and user-friendly: not always words we might associate with franchises. But these words capture the spirit of the national building franchise Integrity New Homes.
Apr 24
5 min
Read full article $vuetify.icons.faArrowRight
Apprentice Business and digital Education Networking
Jumping-off point
To give apprentices the tools to stay on the job longer, they can learn from the best in the building industry. HIA Apprentices offers various initiatives, including its targeted BuildHer and LAHC programs.
Mar 24
7 min
Read full article $vuetify.icons.faArrowRight
Residential Renovations Awards Business and digital
Set up for success
National award winner Hudson Homes is focused on steady growth but not at the expense of the customer experience.
Nov 23
4 mins
Read full article $vuetify.icons.faArrowRight
Australian Standards Building developments Innovation Business and digital
Build + Tech – Summer 2023
Builders, large and small, know one thing: whatever saves you time, negates risk and improves workflow and communication is bound to be the makings of a better business. 
Nov 23
Read full article $vuetify.icons.faArrowRight
Australian Standards National Construction Code (NCC) Business and digital
Resources - summer 2023
Looking for technical information or design inspiration? Here are the latest tools to narrow your search and advance your knowledge.
Nov 23
4 mins
Read full article $vuetify.icons.faArrowRight
Business and digital Trends Safety
Resources - spring 2023
Looking for technical information or design inspiration? Here are the latest tools to narrow your search and advance your knowledge.
Aug 23
2 min
Read full article $vuetify.icons.faArrowRight
Business and digital Expenses Small business
What's in it for me?
HIA provides members with a large range of industry products and services to help you manage, operate and grow your business. Here are some benefits you can access today.
Aug 23
5 min
Read full article $vuetify.icons.faArrowRight
Business and digital Business operations Construction Customer service Digital marketing
Pride and passion
From custom homes to specialised housing projects, Ben Garraway of Garraway Developments is passionate about quality construction and delivering beautiful homes in regional Victoria.
Aug 23
6 min
Read full article $vuetify.icons.faArrowRight