Small to medium sized businesses have often been called the backbone of the Australian economy. They are also unprepared and under-resourced for the challenges of a digital world which include cybersecurity. Which explains why the recent cyberattacks came as a shock to many small business owners. These small businesses are the lifeline of local communities and rely heavily on local manpower and resources to keep functioning.
Research has found that one in three Australian consumer households may have had their personal information stolen by criminals. The total economic impact of cybercrime in 2019 was approximately $3.5 billion. Small businesses have only just started to find their feet in the post pandemic world, and they’re already crippled by labour and skills shortages and are inundated on all fronts with inflation and supply chain issues. Cybersecurity breaches are just another challenge for them to navigate and only adds further stress on their overburdened shoulders.
Mr Scott de Mestre, Head of Security, and Infrastructure from Employsure, Australia’s leading Employment Relations and Work Health and Safety specialists commented, “There is a glaring lack of knowledge in small to medium sized businesses when it comes to cybersecurity. Employers often think the IT guys will deal with cybersecurity but those are two very different issues and roles. Many cyber-attacks are not performed by sophisticated hackers, they are executed by people with the basic knowledge of how lax businesses can be.”
Mr de Mestre further added, “There are steps small business owners can take to protect their data and that of their clients. Firstly, understand cybersecurity. Business owners shouldn’t be ignoring cybersecurity. They should have a basic understanding of what it entails, how strong their systems are, and what policies or procedures need to be in place. The Australian Cyber Security Centre (ACSC) website contains a wealth of valuable information tailored for small and medium business that assist with understanding the basics. Secondly, hire experienced professionals. Some things are better left to the experts and business owners need to understand that they need to delegate some tasks to trained and qualified professionals. Hiring cybersecurity experts can be an efficient way to protect the business. And most importantly, train their staff. Employers can train their employees in cybersecurity awareness which will help them understand their duties. Videos, articles, and seminars are some ways business owners can use to educate their staff on the basics.”
The recent large-scale attacks on Australian companies may seem new to many but the reality is these attacks happen frequently and businesses need to prepare for them. In 2020, Service NSW staff were phished, leading to the data of 104,000 people being accessed due to a lack of two-factor authentication. And one of the largest hacks in Australian cyber history was in 2019 when the personal details of 137 million Canva users were stolen. This data included names, email addresses, passwords, and partial payment data.
Now, more than ever, businesses need to be vigilant about protecting their data. A cybersecurity breach leads to a break in trust, increases the business risk, directly caused impacts the loss of revenue, and does reputational damage; all of which small businesses cannot afford.