Australia's 3rd Largest Economy

Looking towards 2021 - Cyber security and small businesses

03-Jun-2021 12:35 | Tracy Dawson (Administrator)

By Kim Nguyen, Lawyer at Matthews Folbigg Lawyers

As we steadily enter 2021, Cyber security, IT and data analytics are the latest buzz words across every sector. The focus on cyber security is unsurprising as the COVID-19 pandemic has allowed private organisations to digitally hold and retain more personal data across the digital platform than ever before.

The recent cyber security attacks on the Parliament House and Nine Entertainment (Channel Nine) are a shining example of the dangers associated with the use of third-party vendors (such as cloud storage) by commercial entities.

In September 2020, a survey conducted by the Office of the Australian Information Commissioner (OAIC) revealed that data privacy is a major concern for 70% of the Australian community, and almost 9 in 10 want more choice and control over their personal information.1

In August 2020, the Minister for Home Affairs released ‘Australia’s Cyber Security Strategy 2020’. The strategy delivers an investment of $1.6 billion over the span of 10 years to strengthen cyber resilience across both the public and private sector.2 This is a massive jump from the 2016 Cyber Security Strategy which invested $230 million.

What will cyber resilience look like in 2021?

The key highlights of the plan:

  • Protecting and actively defending the critical infrastructure that all Australians rely on, including cyber security obligations for owners and operators.
  • New ways to investigate and shut down cyber crime, including on the dark web.
  • Stronger defences for Government networks and data.
  • Greater collaboration to build Australia’s cyber skills pipeline.
  • Increased situational awareness and improved sharing of threat information.
  • Stronger partnerships with industry through the Joint Cyber Security Centre program.
  • Advice for small and medium enterprises to increase their cyber resilience.
  • Clear guidance for businesses and consumers about securing Internet of Things devices.
  • 24/7 cyber security advice hotline for SMEs and families.
  • Improved community awareness of cyber security threats.
  • Operational resilience

How can I protect my business and unauthorised access to customer data?

1. Use the Australian Governments Cyber Security Assessment Tool to assess how secure your business is.

2. Make it a habit to back up your business’s data and website in the event you lost any information during a cyber attack.

3. Secure your devices and network by upgrading to the latest security software and operating system.

4. Encrypt important and personal customer information, such as: name, signature, address, date of birth, medical records or any other information which could be used to identify your customers.

5. Update your privacy policy and make it publically available on your business website.

Most importantly, if your business has an annual turnover of over $3 million, you must comply with the Privacy Act. For further information on privacy obligations relating to small businesses, please visit the OAIC website.

Cyber security was once seen as an “IT issue”. Now, cyber security is recognised as a core governance issue with regulatory bodies expecting greater accountability from directors and senior management.3 Although small and medium enterprises (SMEs) can expect to receive more assistance with their security awareness and capability, businesses should take steps to develop a skilled cyber workforce to instil greater consumer confidence in information and data handling.

Further information

The information contained in this article is general in nature and does not constitute legal advice. If you require specific advice or assistance on a particular privacy or workplace issue, please contact the Matthews Folbigg’s local government team on 9635 7966.

Liability Limited by a scheme approved under Professional Standards Legislation Commission

1 Office of the Australian Information Commissioner, ‘Australians want more control over privacy, survey shows’ (Media Release,


3 Cary Di Lernia, Catherine Hardy and Asaf Dori, Cyber-related Risk Disclosure in Australia: Evidence from the ASX200, Company and Securities Law Journal Vol 37(7) September 2020

Powered by Wild Apricot Membership Software