Skip main navigation

Why you need to know about cyber security

Reasoning behind why you need to know all about Cyber Security in your SME and what are your obligations?
Business people in futuristic office
© Deakin University

If you work in or manage a business, you need to know about cyber security for a range of reasons.

  1. You are expected to know and respect the laws and regulations governing the use of computers and information.
  2. It’s important that you understand what’s at stake legally for all stakeholders.
  3. You need to keep abreast about the emerging legal requirements for confidentiality, integrity and availability of data. Ignorance is never an acceptable excuse.
  4. There are requirements that your organisation/authorities must respect in terms of the legal rights that are owed to a person.
  5. There are liabilities for not exercising best practice security.
  6. Security professionals must be prepared to apply wise judgement, often in tense situations, so that appropriate decisions are made.

Due care and due diligence

Many of the SMEs you work in will be dealing with a range of stakeholders. For example, you will have both employee information and customer information. You are obliged by law to keep this information secure through due care and due diligence; not complying can increase business risk.

Due diligence is the continuous activity an organisation engages in to understand the current threats and risks that it faces.

Due care standards are met when an organisation makes sure that every employee knows what behaviour is acceptable as opposed to unacceptable, and knows the consequences. These standards are the verifiable and measurable steps an organisation takes (e.g. implementing controls) to provide protection from the current security threats and risks it faces.

Failure to practice due care and due diligence can expose an organisation to negligence. For example, an organisation is in violation of the due care concept if it does not implement a data protection mechanism and ensure that the mechanism is being enforced.

Cyber security regulations

There is a link to a handy resource below that collates many of the cyber security related legal and regulatory requirements of the Federal Government of Australia. It lists some of the state-specific requirements to gain some insight into how some of the state laws differ from Federal laws. This can be an especially tricky area for privacy, as there could be both state and federal laws that apply to an organisation, depending on your country.

One particularly interesting example is the Australian Spam Act of 2003 (Cth). As a business owner or marketeer, the goal is always to get more customers. What better way than through email or SMS advertising? Many businesses believe they are allowed to send out as many emails as they want to advertise various products and so forth. However, the Australian Spam Act prohibits sending unsolicited commercial electronic messages via email, SMS, MMS and instant messaging. Failing to adhere to this law can lead to fines of up to AUD1.1 million per day. Do you know the requirements and laws in your country?

Ultimately, as a business owner or even employee, there are a range of cyber laws we have to adhere to when we are conducting our daily work tasks. It is best to be aware, be educated and ensure that you know what you need to do. Most importantly, keep up to date with current regulations and standards.

Your task

Were you aware of these obligations and requirements? Do some research on how they might differ in a country other than Australia and share your findings in the comments section.

© Deakin University
This article is from the free online

Cyber Security for Small and Medium Enterprises: Identifying Threats and Preventing Attacks

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education