PROTECTING YOUR FRANCHISE FROM CYBERCRIME
While many may believe cybercrime primarily targets large companies, franchisees running smaller operations may be at greater risk because their security defences are weaker than the bigger entities. In addition, smaller businesses are often part of a supply chain which offers openings to larger companies and larger networks.
For Franchisors, that represents significant brand risk. If franchisees aren’t managing their cyber risk, the franchise not only stands to suffer brand and reputational damage, but when incidents occur regularly, there is often a lot of time and costs involved.
Given 99% of cyber-attacks require human interaction in order to succeed, this makes you and your team the best (and worst) cyber defence your business has. With simple solutions out there, like Cynch, Franchisors can simplify their security posture across the board so there is consistently in the support offered and given to their Franchisees. Moreover, by providing a security apparatus for your franchisees you too will gain insights into the key challenges when it comes to their security, as well as other products and services.
What risks do I need to watch out for?
New research from Deakin University and Cynch shows that 40% of small businesses experience a cyber attack, so there’s never been a better time to review platforms and systems, assess what scams or cyber attacks might pose the biggest risk to your business, and take steps to improve the protection of this information.
At Cynch, one of the areas we get the most questions about from the businesses we work with is about supply chains. Supply chains can be very complex and extend far beyond Australia’s borders.
Moving a product or service from supplier to customer often involves a complex web of organisations, people and information, so it’s important that small businesses take steps to best protect themselves from cyber risks throughout the chain. Due to the swift digitization of many businesses over the past year, the risks associated with a supply chain attack have never been higher, with reports to Scamwatch up almost 25% in 2020 alone. Cyber criminals looking for ways to exploit the new digital economy have found them.
Government departments and large enterprises are increasingly requiring all new suppliers, big or small, to provide details of how they manage their cyber security controls as part of the standard procurement processes and contract renewals. This can create a huge barrier to entry for small organisations and sole traders if they haven't proactively documented their internal security practices.
Usually, the information is requested in a long, complicated questionnaire, and unfortunately, each company has developed its own questionnaire that differs from other organisations. So if you’re a startup, independent consultant or small business selling to enterprises, you could spend days and days of effort each month completing different questionnaires that articulate how you manage this risk. On the receiving end, the government departments and enterprises have an arduous task of reviewing the questionnaire responses and assessing if the supply chain risk is acceptable.
At Cynch, we help small businesses to understand the questions being asked and accurately answer them, improve their security and fill in obvious gaps in their environment, as well as produce third-party reports to demonstrate to your customers your commitment to protecting data and systems. Similarly, we can work with enterprises to streamline their supply chain assurance activities and assessment using our platform for all small business suppliers.
When advising small businesses on better protecting themselves from a supply chain related cyber attack, the top three actions I direct them to take are:
- proactively manage who has access to the systems that integrate with your customers’ networks and ensure you only allow access to those who truly need it
- document all the internal processes and controls you have in place to secure your business so you can demonstrate them to your large customers as required; and
- use multi-factor authentication on all systems that have it available to prevent compromised usernames and passwords from being used against you and your customers.
You can limit the impact of supply chain disruptions on your business by identifying the risks within your supply chain (including those you pose to your customers up the chain) and developing ways to mitigate them. By being more aware of digital risks and making a few changes we can greatly protect ourselves against a cyber threat.
What else can I do?
- Protect your passwords: Often cybersecurity all comes down to poor password management so start using a password manager and enable two-factor authentication
- Double-check invoices: If an invoice you’ve received comes from a different business contact or just looks a bit different, avoid being tricked by making a call to the business you’re paying and check it to confirm before you pay the invoice
- Don’t think it won’t happen to you: Scammers don’t discriminate on size, they can hit thousands of businesses at the same time
- Get Cyber Fit: Just like getting fit doesn’t happen with one workout, Cyber Fitness is all about taking small incremental steps to improve your cybersecurity every day. The first step is to understand what you have to lose and what tech you rely on. What data do you have and what is valuable?
Small business owners can take an online survey (https://cynch.com.au/small-business-cyber-security-study) then enrol in a Cyber Fitness Bootcamp (for free) to help them understand the risks and what they can do now to protect their business.
Cynch is an Australian-owned small-business focused on cyber security for small businesses. Cynch knows small business owners need cyber risk solutions that are cognisant of their budget, time and resource constraints. Cynch runs cyber fitness programs that don’t require any technical expertise and are designed to facilitate gradual improvement at a price small businesses can afford. Features include continuous cyber risk assessment, plain language cyber advice, bundled products, goal setting and tracking, compliance mapping and collaboration capabilities. View more details about Cynch’s ongoing memberships and solutions at https://cynch.com.au