With October billed as Cyber Security Awareness Month, businesses are being reminded to stay cyber secure with experts advising that small actions can make a big difference.
It comes as the Cyber Security Bill 2024 was introduced to Federal Parliament yesterday (October 9). 
The Bill introduces requirements for the security of smart devices (IoT devices), sets mandatory reporting requirements for ransomware, modalities for the coordination of significant cyber security incidents, and establishes a Cyber Review Board.
The 2024 Cyber Security Awareness campaign, themed “Stop the Hack” — a joint effort by the Australian Chamber of Commerce and Industry (ACCI) and the Council of Small Business of Australia (COSBOA) — focuses on raising awareness of good cyber practices among small and medium-sized businesses.
The Optus and Medibank breaches in 2022 also demonstrate the urgent need for organisations to learn lessons from the impact of cyber security incidents.
As co-chairs of the Executive Cyber Council’s Small and Medium Businesses working group, the campaign is a collaborative and unified approach led by industry under the Executive Cyber Council, an initiative of the 2023-2030 Australian Cyber Security Strategy, to elevate cyber security awareness and resilience among small and medium-sized businesses.
It aims to encourage businesses to take four simple actions to safeguard the information they hold, recognise potential threats, and adopt robust security practices.
- Activate multi-factor authentication (MFA). Adding an extra layer of security to accounts is essential in safeguarding sensitive information.
- Apply all software updates. Keeping software up to date is crucial for protecting against known vulnerabilities.
- Avoid password reuse. Using unique passphrases for different accounts helps to limit the impact of a data breach.
- Ask ‘is this a phishing email?’ Encouraging vigilance in recognising potential threats can prevent costly scams.
“Cyber Security Awareness Month is an opportunity for every business to check in on their cyber security,” says National Cyber Security Coordinator Lieutenant General Michelle McGuinness CSC.
“For small and medium businesses that operate online, cyber security is more than just a technical issue — it’s a business-critical priority.”
Key changes under the Cyber Security Bill include:
- Relevant connected products would be subject to mandatory security standards (set by the rules), applicable to manufacturers and suppliers, with certificates of compliance provided.
- Ransomware payments must be reported by companies with an annual turnover of over $3 million.
- Information may be voluntarily provided to the National Cyber Security Coordinator for significant cyber security incidents. This information is subject to strict rules of use and disclosure, and is for the purposes of supporting the affected entity and other Australian interests.
- A Cyber Incident Review Board would be established to make reviews into certain cyber security incidents, and make recommendations for future actions to prevent, detect, respond to or minimise future incidents.
Cass Wright, CCIWA Legal Director Commercial Law, says cyber security should be at the top of everyone’s priorities, though the ultimate responsibility rests with an organisation’s board or other “responsible people” within the organisation.
“Organisations should assess their current cyber security measures and ensure effective data governance practices are in place,” she says.
“A cyber-attack should be acknowledged as a matter of ’when’ not ’if’. Boards and other ‘responsible people’ should have visibility of potential risks, monitor these issues closely and ensure steps are in place to mitigate risks.”
CCIWA’s Commercial Law team can assist with introductory data protection and data breach incident response toolkits, as well as reviewing agreements, policies and procedures to ensure compliance with the changing landscape or give you advice on the potential impact to your business. Contact [email protected] or call (08) 9365 7560 for further information.
