Just out! The 2nd edition of Boss-Gram Newsletter here on:

  • Information Risk Assessment
  • Layering for business cyber-protection
  • Apple cyber-security
  • New cyber-breach reporting in Australia

Boss-Gram Newsletter focuses on cyber-security across business processes, management, leadership and competitiveness - as well as IT.

Boss-gram Newsletters are free.

Subscribe at http://designoutcrime.org

Or read at http://designoutcrime.org/bossgram


Segmentation is a well-established security idea - 'don't put all your eggs in one basket!' It is common sense in cyber-security, CPTED, personal protection and asymmetric warfare. In whole-of-business cyber-security we apply segmentation to all aspects of a business, as appropriate. Segmentation of business assets is guided by Information Risk Assessment.

Segmentation provides a basis for layering of cyber-protection to reduce business risks and increase difficulty for cyber-attackers. Segmentation is a powerful, management-based cyber-security method...


The losses from cyber-crime are expected to increase to $2 trillion dollars by 2019. 

For many businesses, organizations and individuals this level of losses will seriously impact their bottom line and in some cases will be disastrous.

Businesses most at risk are SMEs and professional services businesses, especially micro-businesses of 1-50 employees.


A recent Australian Prudential Regulation Authority (APRA) survey identified that 50% of financial sector organisations experienced cyber-security incidents needing executive management involvement.

For many financial planners and wealth managers, such cyber-attacks threaten business collapse.

Why do hackers focus on financial planning and wealth adviser professionals? The opportunities for criminal financial gains are large, and many financial advisers are small in size with  business processes are not well developed in cyber-security terms.


Cyber-attacks are no longer purely an IT technical issue. Your management decisions, business processes and practices - the activities of your staff and even the actual setup of your physical business environment - can put you at risk of severe losses.


From a cyber-risk perspective there are just two types of business: 

"Those that have been hacked and those that will be hacked"

Cybersecurity impacts extend via managers and the executive to the boardroom.

Cyber-risks and the extent of cyber-losses are now more to do with the management of business processes and staff than with IT security only.

IoT image

Management Take-Aways

The business risks from cyber-attacks using Internet of Things devices are high. They are eased by keeping IoT devices on a separate Internet network, making sure they have strong passwords, and checking they are not attacking others.

"For businesses, having insecure IoT devices linked to business computer systems is a significant concern."