The biggest challenge for franchisors in fighting growing cyber security threats is the general lack of awareness of such risks throughout their franchise networks. “It all comes down to awareness,” says Leon Fouche, National Leader of Cyber Security at BDO. “Cyber security is no longer just an issue for the IT department. To be effective, there needs to be a whole of business approach led from the top and in franchising that means franchisors must be pro-active in raising awareness right throughout their franchise system.”
As the digital presence and e-commerce capabilities of all businesses continue to grow, and cyber security risks increase in both their complexity and sophistication, more and more organisations, of all styles and sizes, will be exposed to cyber security incidents.
The estimated annual cost of cyber-attacks to the global economy is more than $400b, while in Australia the most recent data suggests an annual five million cyber-attacks at an estimated cost of $1.06b plus additional lost opportunity costs and reputational damage.
These cyber security incidents can take many forms, from system disruptions with malicious intent to data breaches of personal customer and company information and IP, and can come from various sources such as cyber criminals, ‘hactivists’, terrorist groups, and current and former disgruntled employees.
Mr Fouche says while it is not possible to 100% protect against all cyber security risks, businesses can improve their overall cyber resilience by becoming more cyber aware and embedding this way of thinking throughout their organisation at every level.
He says the franchisor-franchisee relationship presents its own unique risks in this area, but it comes back to the franchisor leading the way and highlighting the importance of cyber security from the top down.
“In the franchising sector, the franchisor will typically provide the IT infrastructure and systems for its franchisees and it is crucial that this is tested and proven to be secure,” he says.
“The risks here run both ways. If the IT system supplied is not secure, there are risks to the franchisee’s business. Also, if there are gaps at the franchisee’s end, this can create potential risks back to the franchise head office and right throughout its franchise network.”
Therefore, franchisors must make sure they are providing properly tested and secure IT infrastructure and systems to all of its franchisees. It is also critical that this supported by comprehensive IT security guidelines, policies and training.
“Franchisors must provide more than just cyber security architecture to their franchisees, they have to also provide the cyber security awareness training to go with it,” Mr Fouche says. “To build cyber resilience throughout a franchise network, all new and existing franchisees need to receive company-wide guidelines and policies and ongoing training on cyber security risks.”
These guidelines should cover issues such as the collection and storage of personal customer information as well as ensuring free in-store customer WIFI can only be accessed via secure passwords, to name just a couple of examples.
“As more business is done online there are more cyber risks, but managing them all comes back to awareness,” Mr Fouche says.
“This includes knowing what information and systems are most at risk. You need to understand what the crown jewels are before you can protect them. Ask, who would be interested in your company and customers details? What could be lost in a cyber-attack? What would be the impact on your business and customers’ privacy?”
“The end goal is to become a more cyber resilient organisation, one where cyber threats are well understood and measures exist to defend your digital assets against cyber incidents.”
As a starting point, the BDO Cyber Security Checklist covers:
- Understanding your cyber risk profile
- Identifying your business critical digital assets
- Integrating cyber security with strategy
- Building a cyber resilient organisation
Leon Fouche is the national leader of cyber security and partner at BDO Australia. Leon has over 20 years’ experience delivering a wide range of Business and IT projects ranging from strategy development through to system implementations in Australia, Europe and Africa.
Connect to Leon Fouche via Linkedin