Over the past two years, digital technology has become fundamental to Australian businesses, the workforce and the economy. Restrictions on movement and demand for contactless interactions supercharged digital uptake across every sector and every demographic.

Australians are becoming increasingly digitally-dependant, thanks to the convenience and anytime-anywhere access to critical services like healthcare, banking and utilities. Decentralised and hybrid working is not only here to stay, but offers a once-in-a-generation opportunity to boost productivity, participation, innovation and collaboration. Everyone wants in.

However, these highly digital ways of living and working also present greater risks for businesses. Coupled with current geopolitical shifts, the Australian Cyber Security Centre (ACSC) recently warned Australian businesses to be on heightened threat levels and to “urgently adopt an enhanced cybersecurity posture”.

Last year, the ACSC reported more than 67,500 cybercrime incidents, an increase of almost 13 per cent from the previous year. That equates to one reported cyberattack every eight minutes, up from one every 10 minutes – and there’s no sign of the trend reversing.

Over the same period, estimates tallied the cost of cybercrime nationally at $42 billion last financial year – a figure that doesn’t even account for the loss of private data.

While these cost and frequency statistics are alarming, reality bites for most when the associated stories bring the human toll into focus. Unhelpfully, most compromised businesses don’t publicly disclose their experiences, given the sense of shame, failure or risk of reputational damage often associated with being a victim.

Security at every step

For companies looking to realise efficiencies from offshore talent, finding a provider with proven security expertise and mature data and security practices is non-negotiable. But it’s easier said than done.

Low-quality offshore service providers often seize on a lack of cyber awareness to cut corners on business continuity programs, cyber compliance controls and ransomware defence measures. They’ll avoid explicitly stating what responsibility they take if a breach occurs and who bears the cost.  In these cases, the end result is typically “all care, no responsibility”, leaving clients exposed.

When critical data is being shared with partners in different countries and jurisdictions, how can leaders ensure that the requisite level of security is maintained?  How do businesses mitigate against ever more sophisticated attacks when data is flowing across international borders?

The onus is on you to ask the right questions – but where to begin?  Perhaps the real insight is gained in flipping the perspective: if you have to proactively seek out IT security information to build a clear picture, you’re talking to the wrong provider.

“Selecting the right offshore partner can be a daunting process,” says Steve Evans, CEO ConnectOS. “Clients tend to focus on resources, talent sourcing and pricing, when cyber security should be central to the conversation – if not the starting point.”

“We begin any offshore discussion with new clients by sharing our industry-leading approach to IT security and explaining the steps we take to protect their business. We’ll seek to connect with their IT team and invite them to assess and challenge our data protection and security management practices.”

While the industry average security score is 31.5%, ConnectOS maintains a Microsoft security posture of 100%.

“We implement the highest levels of security to keep our clients’ offshore employees and data safe,” continues Steve. “In addition to maintaining the IT compliance obligations outlined in the Australian Privacy Principles, PCI DSS and GDPR, we also take responsibility for securing all ConnectOS computer equipment used by our clients’ Manila-based employees.”

Top three takeaways

The saying, “a chain is only as strong as its weakest link” couldn’t be more apt when it comes to safeguarding businesses from cyberattacks and data breaches. Your offshore service provider should be a robust link in that chain, not a vulnerability.

These indicators that will help you determine if your provider is up to task:

1. Ask me anything
Leading providers will encourage you to examine their security frameworks. They’ll welcome your questions and explain the measures they use to keep your people, equipment and data safe. They’ll provide you with a clear understanding of their obligations and yours.

2. Knowledge equals resilience
There should never be a “we did not discuss it” moment. To mitigate this, ask the provider to step you through their approach to maintaining device security, workplace security and employee security. You should also request access to the policies they use to uphold ISO27100 certification.

3. Dive into the detail
What’s the provider’s Microsoft Security Score? Who is responsible for a breach – and does the provider have a data breach response plan? What happens in the event of disruption or disaster?

Outsource Broker Support is a leading offshore provider for small businesses and large enterprises. Reach out to find out how we maintain the highest levels of security achievable, to keep your people and data safe.