Q&A with James: Your Cyber Questions Answered

Written By Lachlan Nicolson

Autumn 2023 edition: James Bartrop, CEO of ShadowSafe answers your pressing cyber security questions.

cyber security expert James Bartrop

At ShadowSafe, answering your IT and cyber security questions is what we're here for.

Technology is moving at fast pace and the cyber security threat landscape is ever-changing. It's no surprise then, that business owners have more questions, and concern, than ever—whether it's adapting to new technology or how best to protect against cyber threats.

james bartrop - IT expert brisbane

James Bartrop is CEO of ShadowSafe and has over 20 years experience in IT and cyber security. We've collected some key questions from you—our community, for James to share his insights and tips on.

#DATA

"What's the best way to backup all your contacts and emails in Microsoft 365?"

Microsoft, although it holds your data in the cloud, it's not responsible for it. If you experience a ransomware that affects your cloud files and you don't have a backup in place, there's nothing Microsoft can do to help. The same applies to Google Workspace files.

At ShadowSafe, we have a seperate cloud-backup system that backs up all your files securely (including OneDrive, Sharepoint, contacts and emails), up to 12 times per day.

Time is money, the last thing you want is to stop your entire business operations for hours or even days due to a data loss event. The more frequent your backups are, the quicker you can get back up and running with minimal rework. When us (IT geeks) talk about "business continuity" or "recovery" — we are referring to backups.

#PHISHING

"Does clicking on a phishing link automatically compromise you?"

It depends. Some phishing campaigns are designed to scam you by collecting your sensitive, credit card or password information. That requires you providing that information e.g. via a counterfeit web form. Other phishing campaigns are designed to deploy malware when you click a link on a certain device. Even if a malware is triggered, it doesn't mean it will be "successful". If you have antivirus installed and your device is up-to-date, there's a good chance you're protected.

There are cases, however, where highly sophisticated malware is targeted at certain people (usually CEO's) and is successful at compromising their device, often without them even knowing.

#INSURANCE

"What’s behind the rise cyber security insurance premiums and how can businesses manage what they're paying?"

Insurance premiums have soared as much as 80 per cent in the past year, as claims surge in response to a rise in volume and impact of cyber attacks. And it's not just cost, many cyber policies are now adding exclusionary language to not pay claims on certain software and platforms with known vulnerabilities. When it comes to negotiating and managing premiums with your insurer, it pays to document and verify that you are practicing good cyber hygiene, policies are being followed and that you are actively monitoring for threats.

ShadowSafe have solutions that help keep your business safe, which may also reduce your insurance premium (if negotiated with your insurer). These include: automatic patching of software, malware and phishing protection, cloud-based antivirus, conditional access controls to systems and cloud-based centralised policy management.

The best insurance is the one you never have to claim on!

#AI

"How do you see AI affecting cyber security over the next few years?" 

The biggest cyber challenges we may face this decade will be because of AI. On one hand, AI is already being deployed to find hidden vulnerabilities in software and fix them— faster than humans can. On the other hand, we're seeing tools like ChatGPT being used to create targeted phishing campaigns—at speed. It's quickly becoming an arms race between the good and bad actors.

Personally, I’m optimistic that AI will bring positive benefits to the way in which we work and live, despite some bad actors who will use it for malicious intent. What should be observed next is how governments around the world respond to regulating AI technology and companies. The balance between innovation and regulation is hard one to strike. I do not envy them.

#POLICY

"What's the government doing about cyber security legislation and will it affect small businesses?"

At the time of writing, the Attorney-General's Department has started a wide-ranging review of the 1988 Privacy Act. One potential change is the case to scrap the small business exemption and require businesses with an annual turnover of $3 million or less “to protect personal information and disclose how it is used” as per the act.

Many small business groups argue that scrapping the privacy exception will hurt small businesses and could force some to close their doors. From the governments perspective, they see small business as a weak link in the chain. I sympathise with both views.

There’s also the SOCI laws (Security of Critical Infrastructure Act), that for the most part excludes small businesses, for now. That could soon change if the government wants to achieve its cyber security goals.

According to the National Cyber Security Strategy, the goal for Australia to become the most cyber-secure country by 2030.

Regardless of the implications of government regulation, small businesses today can do more to protect their systems and data. But they can’t do it alone. A relationship with a IT business, such as ShadowSafe, is key to putting the right cyber security systems, processes and policies in place.

The government is yet to announce what proposals it will adopt, but watch this space.

Ask James

If you have an IT or cyber security related question, send it to askjames@shadowsafe.com.au

Written by James Bartrop.
Follow ShadowSafe on Linkedin

Lachlan Nicolson

Previous

How To Spot a Social Engineering Scam
Next

Strengthen Security with Conditional Access