Small to medium sized enterprises (SMEs) have often been called the backbone of the Australian economy. 96% of businesses in Australia have fewer than 200 employees. These small businesses are the beating heart of local communities and rely on local manpower and resources to keep functioning. They are also fairly unprepared and under-resourced for the challenges of a digital world. Hence, the massive cyberattack potentially exposing personal data of millions of Optus customers came as a shock to small business owners. This cyberattack indicated the vulnerability and gaping holes within the cybersecurity of small businesses. Information such as customers names, dates of birth, phone numbers, email addresses, and document details were leaked in the Optus cyberattack. While Optus confirmed that the cyberattack did not reach or impact any enterprise customers information, there is a fear that small business clients who have the same personal and business accounts could be affected.
Scam Awareness Week takes place 7-11 November, an initiative by Australian Competition and Consumer Commission (ACCC). With Australian businesses facing a hefty scam bill, small businesses across the country are an easy target because scammers believe the owners are busy and overwhelmed and unaware of cybersecurity measures.
What is cybersecurity?
Cybersecurity is about protecting your data, technology, and information from:
accidental or illegal access
You need to protect any digital information that your business creates and has access to, in addition to any information you collect from your customers.
A wake-up call for small businesses
New research has found that one in three Australian consumer households may have had their personal information stolen by criminals. The total economic impact of cybercrime in 2019 was approximately $3.5 billion. Most of the costs were suffered by Australian citizens. While the proportion of businesses reporting cybersecurity breaches have reduced, the move towards remote work has exposed businesses and employees towards data risks.
Small businesses are just about trying to find their feet amidst the post pandemic world. Crippled by labour and skills shortages, they are besieged on all fronts with inflation and supply chain issues. Cybersecurity breaches are another challenge for them to figure. These breaches also highlight the necessity of cybersecurity strategies for small businesses.
Types of cybersecurity threats
Ransomware- It is a type of malicious software that locks down your computer or files until a ransom is paid. It encrypts your files so you can no longer use or access them. Sometimes it can even stop your device from working. Visiting unsafe or suspicious websites, having poor security on your devices, or opening links, emails, or files from unknown sources can result in ransomware.
Phishing- Dodgy emails, text messages, or calls designed to trick recipients out of money and confidential information. The hackers might pretend to be an individual or organisation you think you know or trust. The messages and calls attempt to trick businesses into actions such as-
Giving remote access to your computer by opening an attachment
Receiving bank account details, credit card numbers, and passwords
Paying fake invoices or changing payment details for legitimate invoices
Invoice scams- Cyber criminals impersonate another business representative to trick an employee into transferring money or sensitive information to the scammer is known as an invoice scam or a business email compromise. Criminals send emails addresses and websites that look legitimate. Invoice scams account for 63% of all business losses.
Impact of cybersecurity breaches
The massive data breaches at Optus and Medibank have rocked the business world. If these corporations with access to cybersecurity experts can’t protect consumer data, then what chance do small businesses have? Research has further revealed that customer’s digital trust has been impacted and compromised. Trust is the foundation of all transactions and relationships. As people start to rely on digital devices and services for everything, this trust becomes increasingly valuable. When a customer trusts you with their information, you have a moral obligation to protect them from potential fraud, identity theft, or phishing attacks.
A cybersecurity breach leads to a break in trust, increases business risk, loss of revenue, and reputational damage. According to a recent survey, one in four consumers severed ties with Australian businesses that experienced a breach in security of their customer’s information.
Why is cybersecurity so important?
Cybersecurity for businesses is crucial. A lot of things are at risk.
This could include the destruction or exposure of :
employee records (sensitive personal information)
Cyber security tips to protect your small business
The recent large-scale attacks on Australian companies seem new but the reality is these attacks happen all the time and businesses need to prepare for them. In 2016, the Australian Red Cross had the data of 1.3 million donors leaked. In 2020, Service NSW staff were phished, leading to the data of 104,000 people being accessed due to a lack of two-factor authentication. And one of the largest hacks in Australian cyber history took place in 2019 when the personal details of 137 million Canva users were stolen. This data included names, email addresses, passwords, and partial payment data.
Did You Know?
A cyber-attack hits an Australian company every eight minutes.
These cyber-attacks have resulted in over $33 billion in losses in 2021.
All these numbers confirm one thing- cybersecurity is an ongoing problem for businesses. What steps can SMEs take to protect customer data and prepare their business?
There is a glaring lack of knowledge in small to medium sized businesses when it comes to cybersecurity. They often think the IT guy will deal with cybersecurity but those are two different things and roles. Many cyber attacks are not performed by sophisticated hackers. They are done by people with the basic knowledge of how lax businesses can be.
If you run a small business, you can’t ignore cybersecurity. You should have a basic understanding of what it entails, how strong your system is, and what policies or procedures need to be in place.
Hire experienced professionals
Somethings are best left to experts. Hiring cybersecurity experts can be an efficient way to protect the business. You can either have a cybersecurity expert on retainer or hire them on a temporary basis to analyse the strengths and weaknesses of your data systems. Look for experts with proven experience or recognised credentials such as Certified Information Security Manager (CISM), Certified in Governance of Enterprise (CGEIT), Certificate in Risk and Information Systems Control (CRISC), and Certified Information Systems Auditor (CISA) and a police check. Professional bodies or associations are also a good starting point to identify experts.
Invest in the best technology
Small business owners are hesitant to spend on technology or cybersecurity. Think of it as any other capital expenditure. Investing in the best technology and platforms ensure you have systems in place to monitor and protect data. The benefits of these technological systems far outweigh their costs and makes for prudent business decisions in the long-term.
Have clear cybersecurity processes
According to the Office of the Australian Information Commissioner’s (OAIC) Notifiable Data Breach Report, human error accounted for 41% of data breaches. Having clear processes, rules, and policies can ensure staff and third parties are aware of their duties and responsibilities. These policies would also focus on cyber hygiene and education on basics such as not sharing sensitive information over email.
Your employee handbook can include important information about privacy and data sharing so all employees know where to access them.
Train your employees
You can train your employees in cybersecurity and understanding their duties. Videos, articles, and seminars are some ways you can use to educate your staff on the basics.
Call us for immediate assistance and speak with a member of our team or send us an enquiry and we will get back to you promptly.
Employsure and small businesses
Employsure has worked with 30,000 small businesses across Australia and New Zealand. We understand the challenges and struggles of being a small business owner.
Call our 24/7 Advice Line today to get all your questions about workplace relations and work health and safety answered.
*This document is intended to act as general information and does not constitute advice. Please consult a cybersecurity professional or certified expert for any questions or concerns.