Cybersecurity – a big problem for small business

Small businesses are easy targets

Poor cybersecurity, not competitors, may be the biggest threat to small to medium enterprises (SMEs) and startups in Australia. According to an Australian government report, SMEs are the target of 43 per cent of all cybercrime in Australia. 

The same report found that 22 per cent of the businesses hacked in 2017 became completely inoperational as a result of the ransomware used by hackers. The Australian Small Business and Family Enterprise Ombudsman warns that cybercrime against SMEs is on the rise and that cyberattacks are becoming increasingly costly.

Small businesses are being disproportionality preyed upon by hackers because they often represent easy targets. Of all SMEs in Australia, 94 per cent report using the internet for operations in some way, making nearly all small businesses vulnerable to potential online attacks or data breaches. 

Overconfidence leads to vulnerability 

A study by the NSW Small Business Commissioner found that approximately 66 per cent of small-business owners report feeling well-informed about cybersecurity risks. Those SME owners went on to state that they feel more confident about their cybersecurity knowledge and ability to combat a potential attack than their counterparts in larger companies and government agencies. 

When these figures are compared with the actual data about cyberattacks on SMEs, it seems that many small business owners are greatly overestimating their cybersecurity prowess. This overconfidence, in conjunction with spending less on security software and having fewer cyber safety practices in place, is a weakness hackers can easily identify and exploit. 

More than 85 per cent of Australian SME owners report believing that they’re safe from cyberattacks because they’ve installed antivirus software. But as hackers become increasingly sophisticated and hacks become increasingly common, antivirus software alone cannot protect a business properly from cybercrime. Further, something that SME owners often overlook is that their antivirus software requires regular updates to perform efficiently. Without the required updates, the software can become redundant. 

Loss of trust and damage to reputation

Cybercrime costs SMEs time and money, but attacks can have far-reaching effects that inflict more damage to the business in the long term. Data breaches and concerns about financial security when making online purchases can erode customer loyalty and cause lasting damage to the reputation

of a business. Given that many SME business models are built around customer or community loyalty, small businesses may actually have the most to lose when it comes to cybercrime. 

A recent customer loyalty survey reported that Australian consumers are less trusting of businesses that have been hacked than they are of their global counterparts. Of those who participated in the survey, approximately 66 per cent stated that they held concerns about their personal information being stolen from a company. 

When asked about how they would react to a data breach of any kind, 70 per cent of respondents reported that they would cease to do business with the company in question. In addition, 55 per cent said they would take their business elsewhere if their passwords alone were stolen. 

Simple cybersecurity steps for small businesses

Small-business owners can actively protect themselves from becoming victims of cybercrime by making cybersecurity a top priority. Here are a few simple steps to preventing a cyberattack:

• Strong cybersecurity starts with good management and a hands-on approach. Put someone in management in charge of cybersecurity. Let them be the expert and make it their duty to familiarise the team with cybersecurity software and practices. Empower them to continue to educate themselves.  
• Turn simple cybersafety practices into company culture. Train current employees and new starters on cybersecurity threats; create an action plan to be used in the event of a cyber breach; and stay up to date on the latest cybersecurity trends and technology. 
• Education and awareness can protect small businesses. Educate staff about the different types of cybercrime software such as malware, ransomware and email phishing. Put processes in place that allow staff members to detect and report potential cyber-attacks quickly. 
• Prevent cyber attacks with good internet hygiene. Practices such as regularly backing up data, using complex passwords, changing passwords frequently, installing security updates, and limiting access to admin accounts, databases and other sensitive data are at the forefront of cybersecurity for small business.

The Australian Cyber Security Center (ACSC) will be joining the panel discussion at the B2B EXPO & SEMINAR 2020 in March in Melbourne. The ACSC will be sharing their insights on this critical issue and how small businesses can protect themselves.