In the wake of cyber attacks that have hit Illawarra businesses large and small, including most recently trucking business Barnett's Couriers, local IT specialist Serge Niazi is sounding the alarm that businesses in the Illawarra are under-prepared for cyber threats.
Impending changes to legislation are a wake up call for Illawarra businesses, with small firms liable to cop fines in the tens of millions of dollars if they do not protect customers' data.
"We look after 800 businesses and less than 2 per cent are aware of the changes," Mr Niazi said.
Currently, small businesses are exempt from provisions within the Privacy Act which require businesses to protect customers' data.
This will all change soon, as the federal government agreed in principle that an exemption for businesses with a turnover of less than $3m should be removed.
"This is going to be a game changer for small businesses," Mr Niazi said.
The changes will require small businesses to seek informed consent for customers' data, more accountability when dealing with information, and ensure data is destroyed when it is no longer needed.
Most of the businesses that Mr Niazi works with are in healthcare, but the changes are just as applicable for real estate agents or any firm that handles sensitive customer data.
Small businesses will also be on the hook if lax data protection leads to serious or repeated privacy breaches. They could face fines of up to $50m, three times the value of any benefit obtained or 30 per cent of the company's adjusted turnover - whichever is higher.
"Everyone can be fined if they haven't done their due diligence to secure customer data," Mr Niazi said.
The changes come as multiple organisations in the Illawarra reel from significant cyber attacks.
Earlier year, the University of Wollongong apologised to staff and students affected by a data breach and North Wollongong trucking company Barnett's Couriers has been out of action for two weeks after a cyber attack.
Road Freight NSW chief executive Simon O'Hara said that transport businesses were bearing the brunt of an increase in cyber attacks.
"The tempo of cyber attacks on Australian freight businesses has increased since July 2020," he said.
"Community and business need to be aware of the dangers ranging from the sophisticated of altered invoices with non-legitimate payment terms, to phishing and ransomware."
Data from the Australian Signals Directorate shows that reports of cyber crimes had increased by 23 per cent in 2023, with a cyber attack reported every six minutes. Businesses were also losing more money to hackers than before.
Mr Niazi said cyber criminals were becoming more sophisticated, and could be inside companies' systems for months undetected.
"They sit and watch how they are using the data, how they communicate between different parties, suppliers and customers and then after they have created a profile that's when they start," he said.
"The hack might start today, but they've been in your system for eight to 12 months."
Mr Niaza is hosting a free seminar for businesses at the North Wollongong Novotel on Thursday, May 2 and said the message was act now, or be hit by the double whammy of an attack and a fine.
