Login
ISCOVER
The recent Optus and Medibank data breaches have brought home the fact that malicious cybercriminals can and do target Australian companies and their customers – chances are you were affected by one of these yourself.
While individuals and small businesses undoubtedly operate in a different environment to these major organisations, don’t make the mistake of assuming that cyber criminals aren’t interested in you or your clients. Cyber-attackers’ software sends out bulk spam or phishing emails, and never fails to trap a range of people and businesses in their net every day.
Anyone who uses an online bank account, an email system, a computer or a mobile, potentially faces their data, their clients’ data, funds, and personal information being stolen or misused.
If you have clients who are SMEs, or you’re an SME owner yourself, please take stock of the cyber security precautions you have in place and encourage your clients to do so.
The Australian Cyber Security Centre’s (ACSC) 2020 Report and Survey, Cyber Security and Australian Small Businesses found that “while there are effective practices available to protect small and medium enterprises (SMEs) against cyber incidents, many businesses are unaware these practices exist.”
At the time of the ACSC survey and report, the agency was receiving approximately 144 reports of cybercrime a day, or one approximately every 10 minutes. It also found that 1 in 5 respondents didn’t know what the term “phishing” meant. Phishing is when criminals send emails claiming to be from reputable companies, asking the recipient to reveal personal information such as passwords and bank account details. Almost half of the responding SMEs reported that they spent less than $500 per year on cyber-security. Yet the costs of being hacked would be many multiples of that.
While many SMEs have undoubtedly caught up with the need for better cyber security for their business in 2022, a significant proportion are still under-protected or not protected at all online.
The opportunity cost of having no, or weak, cyber-security is very high not just financially, but also to your brand and reputation. If you fall prey to an attack, you could potentially be locked out of all your systems and documents for days, even weeks; you may be subject to a ransom demand to unlock your data; and there’s a high chance of infected emails being sent to all your contacts or clients, further spreading the attack and affecting their systems as well.
While many SME owners are unable to have an employee dedicated to IT, there are effective protection packages on the market. The number one rule is: choose a good quality cyber-security package from a reputable provider. Some of the well-known global providers have the most sophisticated options, with state-of-the-art technology and their own international reputations to uphold.
Check that these are included in your package, as a minimum:
- 2-factor authentication (where 2 methods of identification are needed to verify your identity, such as a password and a PIN sent to your mobile)
- email filtering for more than just spam - such as phishing filters, and infected document identification
- anti-virus software – often this is not included in basic packages, so make sure you purchase separate anti-virus software to give an extra level of protection.
As a rule of thumb, you, or your SME business client should be spending approximately $20-$30 per month per user (i.e. staff member in your business) on cyber security. You’re protecting your business, so it’s worth investing in this.
Be aware of what to look out for in dodgy emails. Sophisticated attackers can produce fake emails that look quite convincing, so regularly remind staff to think twice before clicking on links, especially if the email is unsolicited. A useful hint is to hover your mouse (do NOT click the mouse) over the link in an email, which will usually show you the email address or website it’s going to. If it doesn’t match that of the purported sender, or is strange in some other way, delete the email immediately.
Other housekeeping tips include:
- make sure all data is backed up to a cloud-based provider
- don’t use the same password for everything - choose a small range of different passwords, the longer the better, but easy for you to remember. Have different passwords for your financial sites, work systems, social media and online shopping.
The Australian Privacy Principals (APPs), legislated via the Privacy Act 1988, governs rights and obligations around:
- the collection, use and disclosure of personal information
- an organisation or agency’s governance and accountability
- integrity and correction of personal information
- the rights of individuals to access their personal information.
Organisations with an annual turnover of $3 million or more, have responsibilities under the Privacy Act. If a business is in Telecommunications or Healthcare, there are some industry-specific regulations that apply.
The Privacy Act also covers some small business operators with an annual turnover of less than $3 million.
Cyber security needs to become an everyday management plan for every SME in Australia. Remaining up to date with cyber security maintenance and taking on board some additional procedures to secure your business can protect you from a world of pain
JOIN THE DISCUSSION