Free training course designed to boost brokerages' cybersafety
Human error, bad habits or poor processes, not a failure of technology, are the reasons for 95% of all cyberattacks, says the Council of Small Business Organisations of Australia.
COSBOA CEO Luke Achterstraat (pictured above) said cybercriminals thrived on businesses which had poor cyber security processes and fell for scams when they were busy.
There’s no doubt the scourge of cyberattacks and cyberscams is on the rise and the engine room of Australia’s economy – small businesses – are particularly vulnerable, including mortgage and finance brokerages.
Australian Bureau of Statistics figures for June 2023 show that there are 2.5 million small businesses, categorised as those with up to 19 employees, making up 97.3% of all businesses in Australia.
According to the Australian government, a cybercrime is reported every six minutes in Australia, with 43% of attacks targeting small businesses, while the average cost of a cyberattack to a small business is a crippling $46,000.
As at June 2022, cyberthreats and scams cost the Australian economy an estimated $33 billion a year (Australian Cyber Security Centre, 2021).
In order to safeguard brokerages and other small businesses from cybercriminals, Achterstraat is encouraging mortgage broker business owners to sign up to Cyber Wardens, a free cyber security training course designed to help protect Australian small businesses from online threats.
Cyber Wardens is a national initiative of COSBOA, and is supported by the Australian government and an industry alliance led by Telstra, CommBank and the Australian Cyber Security Centre.
Achterstraat said the training was developed from expert advice and research from the Australian small business community.
“It is designed for busy small businesses and you don’t need to be an IT whiz to graduate,” said Achterstraat. “It takes just two minutes to enrol in the self-paced eLearning course at cyberwardens.com.au.”
Running a small business does not mean you are safe from cyberattacks or won’t be targeted, he said.
“Knowing a problem exists isn’t enough to solve it. We need a cultural shift and targeted support, and that is why the Cyber Wardens program is so important for Australian small businesses.”
In 2022, COSBOA extensively consulted with the government on its cybersecurity strategy while concurrently piloting the CommBank and Telstra-sponsored, fit-for-purpose Cyber Wardens program.
It was launched in November 2023 with the aim of training 50,000 Cyber Wardens over three years in small businesses across Australia.
How Cyber Wardens help businesses
Achterstraat said the Cyber Wardens program was designed for busy small business owners and their teams and “is simple and easy to complete”.
“The course is jargon-free and user-friendly, offering practical and quick cyber safety solutions to help you and your team protect your business and clients,” he said.
“Mortgage brokers are particularly vulnerable to cyberattacks due to the sensitive financial and personally identifiable information that mortgage brokers utilise as part of their work, with clients and financial institutions.”
The property sector in Australia is one of the leading industries targeted by cyber criminals. Achterstraat said real estate businesses were regularly featured in the media after becoming victims of cyberattacks and scams.
In May, the media reported that a cyberattack on a non-bank mortgage lender had exposed sensitive customer data.
Achterstraat said Cyber Wardens research showed that four in 10 small businesses were not prepared for or able to recover quickly from a cyberattack.
The vast majority of cybersecurity issues could be traced to human error, according to reports from the Verizon 2023 Data Breach Investigations Report, and World Economic Forum The Global Risks Report 2022.
Achterstraat said Cyber Wardens training built small business skills across cybersecurity fundamentals including:
- multi-factor authentication;
- strong password management;
- automatic software updates; and
- ensuring effective backups to support recovery.
“By encouraging all staff and businesses in your supply chains to complete the Cyber Wardens training and be prioritising cybersecurity you will help to keep your broker business safe.”
As well as the Cyber Wardens program, Achterstraat said mortgage brokers should also work with their IT suppliers or support team to ensure that their systems and data back-ups were secure.
“All businesses, even within the same industry have different IT set-ups. You should seek expert technical advice for your business to ensure you have the best systems in place to protect sensitive information.”
What brokers risk by doing nothing
Achterstraat said a trained cyber warden who could identify and prevent a single attack could save a small business an average of $46,000, according to the Australian Signals Directorate in a 2023 report.
“For many mortgage brokers, and other small businesses, a $46,000 loss could spell the end of their business.
“Being unprepared for a cyberattack is not just a financial risk—it could damage your business’ reputation. Trust is at the cornerstone of every business/customer relationship, and an online attack that comprises their data can quickly erode that.”
There’s no point blaming technology, with 95% of cyberattacks the result of human error, bad habits or poor processes, rather than tech failures.
Achterstraat said four in five small business owners (78%) had everyday habits that inadvertently made them more vulnerable to cybercrime.
“By bolstering the cyber capabilities of business owners and their teams, Cyber Wardens is making it easier to prevent attacks.”
Brokerages with Cyber Wardens provided confidence that both the business and customers would be protected.
Achterstraat said brokerages should aim to have several cyber wardens on their team and create a culture where cybersecurity was discussed.
“Cyber Wardens research shows that most small businesses (61%) do not talk about cybersecurity regularly, which further increases the risk they face.”
Business compliance with privacy laws
So what are the legal ramifications for brokerages that are victims of cybercrime when it comes to their customers?
Achterstraat said Cyber Wardens was an education online training tool and did not provide any legal advice.
However, given the nature of the sensitive personal and financial information and regulatory requirements of the financial services industry, he said mortgage brokers should be familiar with their requirements around storing data and reporting data breaches or cyber fraud.
“Regardless of size, Australian businesses are expected to exercise a duty of care in safeguarding sensitive information,” said Achterstraat. “Negligence in implementing adequate cybersecurity measures could render a business liable if a hack occurs. This duty extends to protecting customer and employee data from unauthorised access.”
Australia has robust privacy laws, including the Privacy Act 1988, which governs the handling of personal information.
Businesses must comply with these laws, and a cybersecurity breach may trigger legal obligations, including the mandatory reporting of eligible data breaches to the Office of the Australian Information Commissioner (OAIC).
Achterstraat said further information on notifiable data breaches could be found on the OAIC website at oiac.gov.au, while information on reporting cyberattack was also available at cyber.gov.au.
Further cybersafety resources
COSBOA’s Cyber Wardens program has a range of helpful resources on cyberwardens.com.au to help small businesses protect themselves from digital break-ins and scams.
Achterstraat said cyber.gov.au also had useful resources and step-by-step instructions for reporting and recovering from an attack.
The government’s National Anti-Scam Centre also runs scamwatch.gov.au to collect reports about scams, and provides important information to help people spot and avoid scams. The centre works with government, law enforcement and the private sector to disrupt and prevent scams.
The Cyber Wardens program has the full support of both the MFAA and CAFBA, which are encouraging their members to sign up for the free online course.
Mortgage brokers wanting to enrol in the free Cyber Wardens program can do so here