Get one free call to our Employee Relations Helpline. Find out more.

Our Business Services

Chamber of Commerce & Industry WA

With over 130 years of experience representing WA businesses, we’re ready to help with the resources and advice you need to succeed.

Employee Relations Helpline

Employee Relations Helpline

Get timely, reliable and practical employee relations advice on employment laws, the awards system and other human resource matters. CCIWA Members get unlimited access.

Legal Services

Legal Services

Our team of experienced, client-focused business lawyers offer a full range of Commercial Law & Employment Law services for all your essential legal needs.

Accounting & Taxation Services

Optima Partners and CCIWA

Innovative and personalised accounting, taxation and business advisory services that focus on delivering the best results to help your business grow.

Workplace Health & Safety Services

Workplace Health & Safety Services

Unlock the potential of your business with our suite of staff training and development programs, crafted by workplace relations experts and tailored to your business needs.

Construction & Mining IR Services

Construction & Mining IR Services

We offer extensive, independent and practical industrial and labour relations support to the engineering, construction and mining industries.

Workplace Training & Development

Workplace Training & Development

Unlock the potential of your business with our suite of staff training and development programs, crafted by workplace relations experts and tailored to your business needs.

Apprenticeship Support Australia WA

Apprenticeship Support Australia WA

Our dedicated team specialises in assisting employers maximise the benefits of investing in apprenticeships and traineeships to build local skills for the diverse WA workforce. Our team of experts will provide all the advice, support and services you need — free of charge.

Work Integrated Learning – Internships

Work Integrated Learning - Internships

Tap into WA’s future workforce with our Work Integrated Learning – Internships program. This free service facilitates university student work experience placements for your business.

Industry Capability Network WA

Industry Capability Network WA

Connecting your business with mining, construction, infrastructure, defence and other major projects using the ICN Gateway.

International Trade Services

International Trade Services

Take your business global using our comprehensive suite of international trade services to streamline importing and exporting, reduce risks and identify international partners.

Cyber risks: Security starts at the top

The question for business when it comes to cyber security is not “are we secure” but “what are our cyber security risks and what makes us secure?”

That’s the advice from Grant Thornton cyber security expert and partner Matt Green, who gave some poignant insights into what it means to be cyber secure in the current environment at a CCIWA membership briefing.

Green said managing cyber security starts with the board, with the requirement formalised for banking, insurance and superannuation companies overseen by the Australian Prudential Regulation Authority, with its new CPS 234 information security standard coming into effect on July 1.

“Effective cyber security needs to cover people, process, technology and supplies but it starts at the top with the board. The board has to own this – management, if they are playing that role as well, are equally as accountable – but the board must own cyber security,” he said.

“All the new and updated standards that are coming out are saying roles and responsibilities must be clearly articulated for cyber. The new standard that has just been released by APRA, CPS 234, Information Security, highlights in the very first paragraph that the board is responsible for and owns cyber security.

“It’s just the way it’s going and the only way you will get full effective cyber security in place in your organisation is if it is supported from the top.”

Green said asking ‘what makes us cyber secure and do we know our cyber risks’ will give a company a rich response and something to act upon.

He said this year’s highly publicised LandMark White case, where the ASX-listed company lost $7m in revenue after it was hacked twice with customer details and commercial information uploaded to the dark web, is an example of the devastation a data breach can wreak on a company.

An IT-contractor who had trusted access to the property valuation company’s systems was arrested on October 2 but damage from the loss of customers, investors and the CEO will take far longer to repair.

Get an independent report

With many businesses now using third party hosting on the cloud or software as a service, he said it’s important to ask for an independent assurance report before handing over your corporate secrets.

He recommends requesting a SOC 2 report, which is a globally accepted standard that defines the criteria for managing processes and customer data based on the five trust principles of privacy, security, availability, processing integrity and confidentiality.

“Firms such as Grant Thornton write SOC 2 reports, a standard where we go in every year and we audit their processes and security controls. We write a report, providing an overall opinion and at a control level identify if the organisations processes and controls were effective, partially effective or ineffective,” he said.

“That’s the strongest level of assurance you will get from your third party provider.”

Green recommends putting security clauses in the contracts with third party providers.

“You should be putting in there ‘If you want to do business with us, we need you to be secure and we need you to prove to us that you are going to be secure and the best way you can do that is by giving us a SOC 2 report once a year’,” he said.

Larger companies such as Microsoft, AWS and IBM provide SOC2 audit reports and they are becoming increasingly common for smaller and midsize companies.

“We are doing a lot of them and it’s becoming much more common place and they are going into contracts much more frequently. With government contracts, you need to have an ASAE 3402 or a SOC 2,” he said.

Make it a strategy

Green said it’s imperative that businesses develop a cyber security strategy in the same way they would have a business or IT strategy.

“It does not need to be War and Peace or as large as the Yellow Pages, but you do need to have a roadmap – you need to know what your priorities are, where you’re going to invest, soft controls to focus on, what technology you’re going to use and how it connects to the risk management of your strategic objectives of your business,” he said.

“Cyber security has got to be a strategic consideration, because it can be something that brings your business undone or it can become something that becomes a competitive advantage, because you get your SOC 2 report and say ‘look how good we are’, we take your security seriously and that’s why our clients do business with us.”

Business advisory firm Grant Thornton is a proud CCIWA Member. Find out more here.

Share This Post