5th August, 2020
Complacency in cybersecurity combined with the coronavirus crisis has combined to make Australian startups and small businesses prime targets for cybercriminals.
It’s an unfortunate fact that no one these days can prevent their company from being hacked. The best anyone can do is to detect an intruder, find out what they took and minimise loss.
Cyberattacks on the likes of Sony, Adobe, JP Morgan, and Target and the data loss they incurred made international headlines, but locally, even over the past year you could add Domino’s, Medicare, Bupa, Telstra, Vodafone or Optus to the list. Less known, however, is that according to the Australian Government, small businesses across Australia are now being disproportionately targeted by cybercriminals, often resulting in enormous financial costs.
Although statistics can vary depending on source and methodology, to put this into a sobering perspective, almost half (43 percent) of all attempted cyberattacks targeting Australia are now aimed at small businesses, which often lack the resources, know-how, and infrastructure available to large companies to at least defend against intrusions.
According to Treasurer Josh Frydenberg, despite the very real threat, startups and small businesses across the country are too often falling into the trap of complacency.
Indeed, over a third of Australian small businesses are failing to proactively protect themselves against cybercrime, while 87 percent incorrectly believe their antivirus software will completely protect them, the Australian Small Business and Family Enterprise Ombudsman added.
This could mean many compromises go undetected, let alone reported. Among even those that are, according to techAU, 26.4 percent of Australian small businesses reported that they lost between $3000 and $15,000 through attacks in 2019.
But the most serious threat to the bottom line is reputational damage and loss of customer loyalty, which, because of growing consumer awareness of identity theft and escalating concern about the security of their data, will adversely impact any business.
It can take months, if not years, to recover from such a loss of confidence.
Complacency is no excuse. Data breaches must be reported to the Office of the Australian Information Commissioner because for over two years the Notifiable Data Breaches scheme has been active and applies to Australian businesses with a turnover of more than $3 million. Non-compliance imposes serious penalties. The message seems to be getting through.
For many SMEs, however, ignorance of digital tools and cybersecurity issues is still not only widespread but a potential business death sentence.
According to ANZ’s The Digital Economy: Transforming Australian Businesses report, 56 percent of microbusinesses and SMEs still do not value digital tools and have little or no knowledge of cybersecurity issues. Cybersecurity knowledge was at its lowest among startups, with 71 percent knowing nothing about it.
ANZ General Manager Small Business Banking Guy Mendelson emphasised that with one in four Australian SMEs suffering a cyberattack, small business owners cannot afford to remain ignorant of cybersecurity issues.
“As businesses become more established, so does their understanding of cybersecurity issues, however, it’s important for every business to be aware of the different types of cyberattacks such as business email compromise (BEC), which are growing at a significant rate,” Mendelson said.
According to the report, many SMEs find the cost of adopting digital solutions a barrier to adoption. This makes them easy pickings for cybercriminals who can steal critical data from companies from safe havens anywhere in the world. Despite this, the failure of smaller companies to protect confidential information is rapidly becoming epidemic, and outdated software is not helping.
So, what should they be doing?
SMEs are in the crosshair for hackers, but certain risks are especially acute – some exacerbated by the coronavirus crisis.
As cybercriminals find new ways to steal money and data, and with more people than usual working from home, phishing is rampant not only via emails but now SMS, instant messaging, and social media. Therefore, ensure all staff’s portable devices are updated before they connect to your business network. Also, insist that all devices incorporate either a strong unique passphrase, fingerprint or facial identification, direct staff to avoid using public wi-fi hotspots and, if possible, use your work virtual private network (VPN). Encrypt all data, especially on portable devices that may leave the workplace.
Sign up for added insights and business-critical news from MYOB.
Stay in the know
Small and microbusinesses should backup important data, such as customer details and financial information, using an external USB hard drive or cloud storage service, preferably both, and never let your web browser remember passphrases. Always turn on automatic updates for operating systems such as Microsoft Windows, with proper firewalls and security software on up-to-date systems
READ: 2FA is here, so what is it?
On a final, sombre note, be aware that keystroke logging malware programs are often unwittingly downloaded by employees surfing the internet for pornography or video games, and that 40 percent of all free pornography is viewed on company computers – something identity thieves are well aware of and will exploit.
As a senior lecturer at Bentley University in the US aptly put it: “Remember that things are not as bad as you think – they are much worse”.
But that doesn’t mean you shouldn’t take the necessary steps to protect yourself.