GOSFORD, A PLACE TO WORK, LIVE AND PLAY to our new members · Hon. Scott Morrison, Prime Minister of Australia, accompanied by Federal Member for Robertson Lucy Wicks, was a welcomed

Tel: 02 4323 1735 | E: [email protected] | FB: Gosford/Erina & Coastal Chamber of Commerce and Industry

A WORD FROM THE GOSFORD/ERINA & COASTAL CHAMBER OF COMMERCE AND INDUSTRY INC. ESTABLISHED 1947

GOSFORD, A PLACE TOWORK, LIVE AND PLAY

The NSW Planning Minister, The Hon.Anthony Roberts, delivered the longawaited Urban Development Framework(UDF) designed to pave the way for arevitalised Gosford City.

Delivering the framework and plan toover 200 guests at the Gosford, Erina andCoastal Chamber of Commerce (GECChamber) October lunch event, on behalfof the NSW Government, Minister Robertslaunched the finalised package ofplanning controls for the revitalisation ofGosford City Centre. The NSW StateGovernment recognised that Gosford hasbeen neglected for more than a decadeand now is the time to make “Gosford theCity it should be”.

Replicating the State Government’sinvolvement that revitalised Newcastleand Parramatta, the NSW Governmenthas given a commitment to Gosford andthe Central Coast. Minister Roberts wenton to address the 200 guests at the GECChamber lunch on Wednesday 10thOctober where he made a clear and directstatement that Gosford will be a place to“work, live and play’.

The Minister participated in a Q&A Panelwith Coordinator General for the CentralCoast Lee Shearer and Hunter & CentralCoast Regional Development CorporationCEO Michael Cassel to answer questionsfrom the business community about theGosford Urban Design Framework (UDF)and the way forward to capitalise ongovernment and private sectorinvestment.

Here at the Chamber we endorse the UDFand applaud the State Government fortheir actions aimed at giving Gosford anew life. Developing the city and theidentified precincts will be key to our city’sfuture. The real works starts now wherewe need to be working on funding andopening the doors for more public privatepartnerships on development whereappropriate.

Also last week Gosford played host to theHon. Scott Morrison, Prime Minister ofAustralia, accompanied by FederalMember for Robertson Lucy Wicks, was awelcomed visitor the city where heoutlined his plans to continue thegovernment’s commitment toemployment and the economy. He alsospoke about their continuedcommitment to small business afterbeing questioned on this by the Chamber.

Finally, The Chamber has seen a return ofthe current board which allows thecontinuation of the great work done todate in brining the business communityback together. I am proud to lead ourChamber for another 12 months and lookforward to a great year. I recognise thatwe are a member organisation and assuch we are here to advocate on behalf ofbusiness. Our next event will be the 14thNovember and will feature a spotlight onthe plight of the retail sector. As oursecond largest employing industry werely heavily on retail to fuel the localeconomy and to continue to deliveremployment and growth opportunities.We hope to see you there.

Until next month, Regards, Rod Dever - President

Presidents Report Welcometo our newmembers

Rdconsult

ADW Johnson

Hitech Support

COAST Publishing

Blue Moon FinancialConsultants

SV Partners

Distinct Accounting & Advisory

Janene Stobbs

Jirwander & Company

Central Coast BAS,Bookkeeping & Payroll

Reads Group Pty Ltd

Aspect Z

A S Digital

Wiseberry Coastal

The ever changing

world of retail

Wednesday21st November

2018

SAVE THE DATE

FOR OURNEXT EVENT

Guest Speaker: Jack ZervosJack has lead organisations across the supply chain from manufacturing to retail,working with some of the biggest brands in the region in both family and publicenterprise. He was formerly Group General Manager of AH Beard a fourthgeneration family manufacturing business; National Operations Manager forthe Pacific Brands Home Comfort Group (Dunlop Foams, Tontine, Sheridan andSleepmaker); Group General Manger – Business Development FantasticFurniture and Managing Director Stienhoff Australia (Freedom Furniture).

He has been in private practice as a Brand Manager and consultant to industrygroups specialising in employment matters since 2009 and is currently aworking Director in a Sydney based retail business with 18 stores across threestates employing 75 staff.

Nov Agenda Mag _GeC CHamber 17/10/18 12:31 pm Page 1

I.T. INFRASTRUCTURE ADVICE

From Loyal I.T. Solutions

The Agenda Magazine supplement | The voice for Business, Commerce & Industry | Improving business conditions

UNFORTUNATELY,

A BUSINESSWAS HARMED INTHE MAKING OFTHIS TRUE STORY

“Your files have been encrypted.Please submit payment within48 hours to restore your data.”

“couldn’t happen to us”. So how can this happen to so manybusinesses and individuals?

Let me go back to describing hackers and their methods. Originally,hackers would do it for the notoriety. These days’ they havegraduated because computers are very powerful devices, theyhave learned a lot, they consider their chances of getting caughtto be slim and they now have access to some very sophisticatedtools. Bruce Schneier, an American cryptographer, computersecurity specialist, and writer said, ‘attacks only get better; theynever get worse’. There is also Bitcoin and other cryptocurrencieswhich are digital currencies being used to buy and sell itemsanonymously on the internet. Think of these currencies asuntraceable internet cash. Now the hackers have a way of beinganonymously paid. Recall our Central Coast victim? Their ransomwas issued in Bitcoin.

The challenge for any hacker is to gain access to your data storage(your laptop, server etc). There are many vectors for infection (theplacing of a malicious operating software in your system), andmany methods where you can be ‘tricked’ into letting the infectionin, including spam, social engineering, malicious advertisingand/or ways the hacker can ‘break in’, including website hacking,exploiting insecure remote access and insecure communications,aging equipment, vulnerabilities in software or equipment, are afew methods.

In the example of the Central Coast business, it was all too easy fora hacker to ‘break in’ via the remote access. But why this business?Well, it wasn’t personal…. it’s random plus vulnerability. A hackercan go on any number of public websites that lists every deviceopen to the internet and can apply his or her automation tools tochoose targets to attempt to hack into. If you are reading this onyour computer right now and you’re online, your IP address is oneof millions around the world that may come up in such a search.

The internet is an interconnected network consisting ofapproximately four billion internet addresses. These addresses arecalled Internet Protocol (or IP) addresses and it is how allcommunication occurs on the internet, and within every computernetwork. Behind each IP address can be any number of computersin business or home networks. Hackers don’t necessarily have toscan the internet looking for vulnerabilities themselves. They utiliseproducts such as Shodan (like a ‘Google for hackers’) and Masscan,meaning they can scan all four billion internet IP addresses, lookingfor vulnerabilities in less than six minutes. If a vulnerability orinsecure practice is found, the hacker will look to leverage this intoan attack. They don’t necessarily know you, they just know your IPaddress is vulnerable and they will try to exploit it to see if they canearn some money.

Can you imagine turning on your computer tomorrow and findingall of your business data inaccessible? Could you continue trading,or would your business come to a halt? This is the precise scenarioa small Central Coast business was recently faced with.

This business operates a busy office in the Gosford area. Like somany people these days, they revelled in the ability to completework remotely from the comfort of home. But without the rightsecurity in place, the open connection to the network was like anunlocked door, and it was all too easy for hackers to gain access tothe company’s files.

Who are these hackers? Anyone with an internet connectedcomputer is capable of attacking you. With anonymouscryptocurrencies and the ability to attack victims across the globe,cybercrime is virtually untraceable and has little to noconsequences, making hackers more motivated than ever.

What are they after? Your data and information, because it isextremely valuable to you and is also valuable for trade on the darkweb. Your business data is like currency. Even in a small to mediumbusiness, data is just as attractive to hackers as a corner store cashregister.

Hackers have two options with your data.

1. They recognise that its worth more to you than it is to them, sothey encrypt it (locking your files) and hold your business datafor ransom.

2. They recognise that the data is valuable to them as well. Yourcustomers’ bank details, credit card numbers, and Medicarenumbers fetch high prices when sold on the dark web. Oncesold, such data is often used to commit identity fraud. A databreach like this could have a huge impact on the life of your clients.

The situation faced by this Central Coast business falls squarely intothe first example of how hackers make money from your mistakes.Through inadequate security measures, a hacker gained access totheir server, encrypted all of their files, and then issued a ransomnote for 0.8 Bitcoins (at present value - approximately A$7,500.00).The files were largely worthless to the hacker, BUT were thecurrency and life blood for the business.

They thought they had adequate security and they thought this

Nov Agenda Mag _GeC CHamber 16/10/18 9:18 am Page 2


Vulnerabilities are found in devices daily. They can take the shapeof mistakes in programming, insecure policies by the devicemanufacturer or deliberate programming of a backdoor. Mostvulnerabilities are mistakes in programming. Programmers areonly human and are often under a lot of pressure to deliver aproduct – this is why we get so many updates to Windows and Macoperating systems each month. When a vulnerability is found by awhite hat (or ethical) hacker, they are often disclosed to thedeveloper or manufacturer and a Common Vulnerabilities andExposures (CVE) case is created (by the way, these CVE’s are easilysearchable).

So, the hackers have an easy way to scan the internet, they canaccess the known and published vulnerabilities, they havedeveloped toolkits which will automate the entire process, theyhave tools to break in (a common example is automated passwordguessing-or brute force password hacking) and they can makemoney.

With these hacker modus operandi’s in mind, what happened withthe small business on the Central Coast? The hacker(s) via theirsearch engine and automation tools were able to isolate avulnerable IP address, which in this case it was the remoteconnection to the server i.e. the portal that is created at the serverto allow the remote user’s laptop to connect. The hacker easilyfound their way to the server and started a brute force passwordattack. This sort of attack is not flagged by Windows and can onlybe determined by checking the event logs of the server. Thehackers eventually guessed the right password which allowedthem into the server. They deployed their ransomware software

which encrypted all their data and then issued the ransom. Theydemanded the 0.8 Bitcoin, with an additional caveat that if it wasn’tpaid in three days it would go up to 1 full Bitcoin (AroundA$9,200.00). The ransom notes also included an email address forcommunications. The business owner negotiated and pleaded andwas able to reduce the ransom amount, but that was not the endof the saga.

This catastrophe could have been avoided. If you are storing

your data on a server at your business and accessing it

remotely, there are three key ways to prevent hacking.

1. Set up a secure remote connection to the business via a virtualprivate network (VPN) appliance.

2. Have a bulletproof backup solution in place that follows the 3-2-1 backup framework (3 copies of your data on 2 differentmedia and 1 copy offsite).

3. Have a strong password management regime.

Without the VPN, a remote connection opens a portal into yourserver that is visible and easily accessed by anyone else (you mayas well leave your front door of your house open all the time,sooner or later someone will notice and walk in). Once the hackerhas gained access, they just need to crack the password. A VPNreduces the ‘viability’ of the remote connection and provides thesecurity to prevent any unauthorised entry.

If the business in this story had a bullet proof 3-2-1 back-upsolution in place; then at least they could have ignored the ransom,purged the server, installed the necessary VPN and endpointsecurity and then loaded their back-up data.

I.T. INFRASTRUCTURE ADVICE



I.T. INFRASTRUCTURE ADVICE I.T. INFRA

Lastly, with an appropriate password management regime, maybethe hackers would not have been able to crack this Central Coastbusiness’s password.

To put some more perspective into this case, A VPNrouter/appliance costs approximately AU$500 and a bullet proofbackup solution costs approximately $2000.

Before I conclude with what happened to the Business in this story,I will share some more information about how hacker’s go abouttheir business.

The way data is held to ransom is that hackers encrypt (or lock yourdata) so you cannot access or use it. Only the hackers have the keyto decrypt or unlock your data. You might think perhaps you canguess the key yourself however, the key length that encryptionpackages use as a standard today, on a standard PC, it will takeapproximately 6.4 quadrillion years (long after our sun burns out)to guess every key combination. The only way you can get yourdata back is by the hackers supplying the key, which is what youget after paying the ransom (hopefully).

Hackers can attack from anywhere around the globe, hence attackshappen 24/7, so you must always be vigilant and keep your shieldsup. Attack strategies are constantly evolving so what is securetoday, may not be secure tomorrow. Periodic security checks arerecommended to make sure you are kept up-to-date withprotections from the latest threats. You may be under attack rightnow and not even know it.

So, how did this story end for our Central Coast business? Not toowell I am afraid. The ransom was paid but the final kick in the

Southern Cross Austereo Central Coast provides the localcommunity and local businesses a unique and powerfulopportunity to engage consumers, with a diverse media portfolioacross radio, digital, online and television. This includes Sea FM,2GO, all SCA’s national digital radio programming across the Hitand Triple M networks, and a television programming partnershipwith NBN Television.

This multichannel footprint enables SCA’s adept salesforce andcreative team to draw on its extensive in-house research findingsto tailor bespoke, insight-driven solutions for local clientele, withclear and measurable return on investment. SCA Central Coastunderstands its local audience- how they think, how they feel andwhat drives them- and can develop campaigns that cut-throughthe noise and yield results.

Working closely with the client and sales team, SCA’s in-housecreative team, The Studio, conceptualise dynamic solutions,employing tactics such as live talent reads, outside broadcasts, on-air promotions and events to help brings local brands and eventsto life. Meanwhile, television partnerships with NBN allows for clearand consistent messaging.

SCA prides itself on being deeply immersed in the localcommunities in which it operates. With a committed, full-timecommunity liaison officer on the Central Coast, SCA supports over200 community organisations with free commercial promotion forsignificant events and programs. These strong, personalrelationships promote a strong sense of comradery between SCAand the Central Coast community.

Likewise, SCA’s annual Give Me 5 for Kids fundraiser has seen theCentral Coast community work with SCA’s local radio stations forover two decades, raising more than $2.4 million for the CentralCoast Local Health District Children’s Fund. These funds have gonetowards the purchase of vital equipment and infrastructureupgrades to support sick local children and their families.

SCA is both a proud member and passionate supporter of theCentral Coast community and takes its responsibility to inform,engage and unite very seriously.

guts… the hackers went quiet. There has been no contact since.They did not deliver the decryption key nor the program to decryptthe data, they simply stopped responding to all correspondence.Now the business has lost their data and their money.

As an addendum to this scenario, it is an offence to pay a ransomunder Australian counter-terrorism laws in which you may beaccused of financing a terrorist organisation. Not only do you loseyour data and money, you may even be breaking the law by payingthe hacker. You are also compelled to report any breach such asthis to the Australian Government through the Notifiable DataBreaches scheme.

The moral to this story is: regular security audits should beimplemented on business networks to ensure best practices arebeing adhered to and when issues are found, it is always best toaction them with urgency. If you ignore the problem, before toolong you may also be shutting your business’s doors.

ENGAGING WITH YOUR CONSUMER

Given they did not have an adequate backup

solution, they lost all their data. They have

downsized their business and moved back to their

home to continue operations and had to let go of

their admin staff. This had a devastating effect on

this business in which will take years to rebuild.



There’s one thing many of us wish we hadmore of, and I’m one Accountant tosuggest it isn’t just money.

It’s time: Time to grow our businesses and,ultimately have more time to do what weenjoy.

I recently attended the Xerocon 2018event in Brisbane with thousands ofAccountants, Bookkeepers and SmallBusiness owners and I wanted to learn justone thing: how can Xero cloud softwaregive my business and my clients moretime for stuff that matters?

Xero is already an effective tool in savingtime on accounting tasks like invoices,data management, expenses, payroll andreports, but the future of programs likethis is beyond our imagination. I shoulddeclare here that we’ve been using Xerofor eight years and while we oftenrecommend it to our business clients, wedo not have any financial interest in it. Wejust like the way it works to free up time.There are many cloud-based accounting

systems and Xero is our program ofchoice.

Professor Genevieve Bell spoke at theconference about Artificial Intelligence(AI): the fourth wave of industrialisation.She suggested that, if the first wave ofindustrialisation was mechanisation usingsteam power in the Nineteenth Century,the second was electricity, and the thirdwas computers in the Twentieth Century,then the fourth is AI in the Twenty FirstCentury.

She helped to break down the stigma ofAI by describing it simply as a computersystem that can do tasks that requirehuman intelligence. We already live withAI in our smartphone when we use searchhistory, maps and apps like Siri.

The world is going through a process ofworking out what level of autonomy,governance and assurance to allowmachines and computer programs. Oncewe define the limits, our softwareprograms will become as efficient as a

proactive employee who never sleeps. Iwas pleased to see Xero on the cusp ofthis because proactive software will saveus all time for our business.

We’ve received a number of enquiriesabout the functionality of Xero so we arehosting a special Xero informationworkshop in Gosford on Thursdayevening, 1 November. It is free to attendand all are welcome. Visit our website fordetails.

BUSINESS ADVICE BUSINESS ADVI

HAVING YOUR HEAD IN THECLOUD SHOULD BUY YOU TIME

By David Evers, Managing Director at Robson Partners

In addition to learning about thepossibilities of technology for futurebusiness, we all need to be aware thatprograms like Xero will be compulsory nextyear. The Australian Tax Office will require allbusinesses to be on a cloud-basedreporting platform from July 2019. Thelegislation is called Single Touch Payroll andin order to comply, businesses mustelectronically submit weekly wage records.Early adoption of something like Xero willminimise business disruption.

David EversDirector

Troy MarchantDirector

valued a

FREE SEMINAt $189



SPONSOR SPOTLIGHT SPON

Established in 2005 Red Eye Constructions, located on the CentralCoast NSW, specialises in Construction & Interior projects to theInstitutional, Commercial, Residential and Industrial market sectors.

Red Eye Constructions has a positive industry reputation and hasbuilt a solid customer base of repeat and referred clienteleundertaking projects predominantly on the Central Coast, Hunterand Sydney regions. We have completed projects to the value of$35Mill with a focus on Education, Medical & Health, particularlyPrivate Hospitals, Medical Centres, School Upgrades and Child CareCentres.

With an approximate annual turnover of $40-50 Million, employingsome 50 + staff, we have demonstrated experience deliveringprojects to these market sectors.

Red Eye Constructions offers total construction services, frommanaging design and securing building approvals through toproject completion. Our capabilities span the complete spectrumof small, medium and large scale construction. Our managementteams have experience in new construction, refurbishment toexisting buildings often involving work within occupied premisesor other sensitive working environments and construction fitouts.

The strength of Red Eye Constructions is its ability to delivertechnical challenging projects. We have a proven record indelivering projects with extremely demanding deadlines on timeand within budget, often in live operating facilities to achieve thedesired outcome for our clients.

In 2011 Red Eye Constructions adopted a strategy to provide in-house Trade Services which has proven a key to our success in thedelivery of all Construction & Interior services projects. Our in-houseTrade Services offering includes Joinery, Electrical, Windows &Doors enabling project teams to program with confidence, thefabrication and delivery of these items, without the need to rely ona third party contractor. These business units work very closely inplanning and construction, supporting project delivery (effectivelyas subcontractors) to the main Construction & Interior ServicesProjects.

Red Eye Constructions has consistently proven to impress ourcustomers by delivering projects:• With safety, reliability, integrity and high quality workmanship• On time within extremely demanding deadlines.

Projects successfully completed by Red Eye Constructions, whichhave helped shape and provide services to the Central Coastinclude:• Mingara Medical Centre• Brisbane Waters Private Hospital• Gosford Private Hospital Endoscopy• CCGT Light Industrial Units • Alkira Childcare Centre, Wamberal• Jarrett Street Medical Centre

commercial I residential I industrial I institutional

commercial I residential I industrial I institutional

I t tnstitu

PROUD BUILDERS OF THE NEW TUGGERAH LAKES PRIVATE HOSPITAL

(02) 4389-8933 I www.redeyeconstructions.com.au

DELIVERING OUTSTANDINGCONSTRUCTION PROJECTS

By Red Eye Construction



EMPLOYMENT UPDATE EMP

1800 466 046www.jobcentreaustralia.com.au

LOOKING FOR STAFF?CALL US TODAY!

»

»

»

Job Centre Australia can help!We match motivated, work-ready candidates with suitable job vacancies, so you can focus on running your business!

FINALIST2018

AWARDS

Congratulations to Job Centre AustraliaCEO Brian Yates, finalist in the BusinessLeader category at the 2018 Central CoastBusiness Excellence Awards.

Brian is an advocate for diversity in theworkplace and is a volunteer on severalnot for profit boards including his positionas Vice Chair for Choice and ControlAustralia. Brian has worked in theemployment industry for over 18 yearsand since becoming CEO, namesincreasing Aboriginal engagement, staffdiversity and a steady growth in incomeas his main achievements.

Job Centre Australia (JCAL) is a forpurpose Disability Employment Serviceassisting people with barriers toemployment and businesses to achievetheir employment goals. JCAL wasestablished here on the Central Coast andhas been assisting the local communityfor over 28 years.

Brian is humbled to be recognised for thisaward and would like to thank the staff atJCAL as well as the local businesscommunity who have embraced diversitymaking the Central Coast a great place tolive and work. Best of luck to all thefinalists in these prestigious awards.

CONGRATULATIONSBRIAN YATES – CEO

By Job Centre Australia Ltd.

Brian is an advocate fordiversity in theworkplace and is avolunteer on several notfor profit boardsincluding his position asVice Chair for Choiceand Control Australia.



Tel: 4323 1735 • E: [email protected] Like us

Your membership fee helps us to representmembers and improve business conditions in your

City & surrounding areas. We are a not-for-profit organisation so your

membership counts.

Gosford will be a place to “work, live and play”

Nov Agenda Mag _GeC CHamber 17/10/18 12:32 pm Page 8

Documents

GOSFORD, A PLACE TO WORK, LIVE AND PLAY to our new members · Hon. Scott Morrison, Prime Minister of Australia, accompanied by Federal Member for Robertson Lucy Wicks, was a welcomed