Staff turn-over and managers that believe they are exceptions to rules are the weakest links in a company’s cyber security defense, according to Cyber Collective founder Fraser Jack.
“The weakest links are the new people that start and the CEO that thinks they don’t have to follow the rules, if you think of the bell curve,” Jack said at the Professional Planner Licensee Summit earlier this week in Katoomba.
“The weakest link is definitely new staff that don’t understand the process and you really want to turn those weakest links into your frontline of defense.”
Jack said the culture of the business is important, and it needs to start at the top and trickle down to the support staff.
“What inevitably happens is you’re training the front line who are having ongoing communication with the client,” Jack said.
“What you really want to get to is that point where they’re training their clients how to behave and what to do.”
He added there is a “huge gap” between adviser expectations and the reasons clients may leave a practice.
“If people believe that firm invests in security, they’re less likely to leave than if there’s been no communication between the support staff and the clients,” Jack said.
Jack said planning for cyber-attacks is essential, and businesses should conduct regular “cyber drills” to train staff to instantly respond to them and ensure cyber security remains at the front of their minds.
He explained cyber drills should be sharp, focused, and targeted – and be held over a five- to ten-minute period once a fortnight.