You’d have to have been living under a rock with no wifi access for the past few years to not realise that cyber crime is rife in Australia.
Despite this, many small businesses believe they are not significant enough to fall victim to cyber criminals. This is a very dangerous trap to fall into!
“Cybercrime affects everyone, from individuals, to all types of businesses and industry, even government organisations.”
Less than two years ago, a study by the US National Small Business Association in Washington found that almost 40% of small business had been impacted. The stats are no more comforting here in Australia, with reported incidents up 20% in the last 12 months alone, and costing businesses more than $1bn annually in damage and lost revenue, according the Australian Government’s National Cyber Security Threat Report.
Cybercrime affects everyone, from individuals, to all types of businesses and industry, even government organisations. And we seem to be increasingly attractive to exploitation. According to the Australian Cyber Security Centre: “Australia’s relative wealth and high use of technology — including social media, email and online banking and government services — make it an attractive target for organised criminal syndicates. Misreporting and under-reporting of cybercrime make it difficult to assess the prevalence and impact of offences.”
“Cybercrime can completely cripple your business for a good period of time, leaving you unable to operate.”
There are many cyber risks affecting small businesses, ranging from employee fraud and negligence, to phishing, viruses and loss of hardware. One of the most popular for offshore cyber crimes is ransomware, where companies are blocked from their computer systems, unable to operate or access sensitive information until they pay a “ransom” to have it unlocked. Aside from the real risk someone else has access to your sensitive commercial information, it can completely cripple your business for a good period of time, leaving you unable to operate.
With so many risks in this space, staying on top of them all is no easy feat. But there are a number of quick wins small businesses can do themselves to minimise the risk of falling prey to unscrupulous cyber criminals. And while some may seem obvious, you’d be surprised at how many businesses – and individuals within them – aren’t adhering to them.
- Passwords – Change them regularly and make sure they are strong. At least 10, characters including symbols and numbers, is ideal. Don’t just use your own name or the word “password” –which so many people do. A good way to generate a strong one is to think of a phrase or song title and replace some letters with similar looking symbols or numbers such as: m1dn!ght@the0@$is (“midnight at the oasis”). Change these regularly too.
- Create an IT policy for staff – Having no IT usage policy leaves you wide open to misuse and security breaches. If you can afford the software, letting employees know you are monitoring their usage is a big deterrent. Also banning staff from logging onto the company’s wifi with unsecured devices reduces some risk. Alongside an IT policy, ensure you have the right software to protect your system.
- Limit access to certain files– Some of your online folders, such as accounting and payroll systems, or even sensitive R&D information should have access limited to those who need it and no-one else. This adds an additional layer of security to your important business information. Additionally you should be able to narrow down a culprit if you are attacked from within the business, rather than every single employee being a suspect.
- Back-up and encryption – Back up your files daily and store the data offsite, in case of any physical damage to your workplace. If you are a victim of cybercrime, you have the most current records of the system, which should shorten any “down time” Don’t forget to encrypt your data making it harder for external access to your system without the key to unencrypt it. Encryption is like translating everything into an uncrackable binary code.
- Insurance – If the very worst should happen, there is insurance for cyber-risk. While it’s not going to stop cyber breaches, it can help you recover from them, and off-set any costs involved caused by business interruption, loss of machinery, or even PR costs in the aftermath.