(L-R) Julia Newbould, Peter Ornsby, and Fraser Jack

Staff turn-over and managers that believe they are exceptions to rules are the weakest links in a company’s cyber security defense, according to Cyber Collective founder Fraser Jack.

“The weakest links are the new people that start and the CEO that thinks they don’t have to follow the rules, if you think of the bell curve,” Jack said at the Professional Planner Licensee Summit earlier this week in Katoomba.

“The weakest link is definitely new staff that don’t understand the process and you really want to turn those weakest links into your frontline of defense.”

Jack said the culture of the business is important, and it needs to start at the top and trickle down to the support staff.

“What inevitably happens is you’re training the front line who are having ongoing communication with the client,” Jack said.

“What you really want to get to is that point where they’re training their clients how to behave and what to do.”

He added there is a “huge gap” between adviser expectations and the reasons clients may leave a practice.

“If people believe that firm invests in security, they’re less likely to leave than if there’s been no communication between the support staff and the clients,” Jack said.

Jack said planning for cyber-attacks is essential, and businesses should conduct regular “cyber drills” to train staff to instantly respond to them and ensure cyber security remains at the front of their minds.

He explained cyber drills should be sharp, focused, and targeted – and be held over a five- to ten-minute period once a fortnight.

Take it from the top

RI Advice Group CEO Peter Ornsby is well-versed in the issues that can arise from lack of proper cyber safeguards after the licensee was fined by ASIC last year for having insufficient risk management systems in place.

“As a licensee, you’ve got to have all the controls around it,” he said, adding that the time commitment to ensure advisers’ practices are safeguarded from cyber attacks begins at the board level.

Boards are where “many of the liabilities are had”. Ornsby said they must have a risk framework, because cyber-attacks can happen easily and quickly and “you could be up for millions and millions of dollars”.