Vertical-specific software is adopted by many small businesses across many industries, for its ability to focus on and cater to distinct requirements. When a software or service gains such popularity that it becomes the default platform of use across a sector, it delivers the efficiency that comes from standardisation and critical mass.
But this significant reliance by companies and suppliers on one channel also creates increased potential for widespread infiltration by cybercriminals and entire sectors to be taken offline.
Use of the videoconferencing service Zoom soared when the coronavirus outbreak forced Australian businesses to establish remote working practices. This exposed several security flaws within the platform as the application suddenly became a significant target for criminals due to its massive popularity. It emerged that Zoom had no end-to-end encryption when it claimed it did and Mac users were vulnerable to having their webcams and microphones hacked. While these security gaps have now been addressed, the damage has already been done to Zoom’s reputation.
Wool sales across Australia were cancelled for a week in February when the industry’s IT system was hit by a ransomware attack and forced offline. As the software is used by over 75 per cent of the local industry for auctioning and exporting wool, this single attack ceased up to $80 million worth of business for the sector and affected businesses from sole traders upwards.
Mimecast researchers recently discovered a rise in malware delivery using Microsoft Excel spreadsheet’s VelvetSweatshop default password. As Microsoft Office files are so regularly distributed by consumers and businesspeople via email, they’re some of the most popular file formats for the delivery of email-borne malware.
When there’s commercial pressure for a business to be plugged into the same service as its industry peers, or when widespread adoption of a platform by customers and suppliers means it’s nearly impossible to avoid using it, how does a small business plan for business continuity?
Have a Plan B
A business continuity plan is essential for every small business to be able to quickly mobilise and use a new method of trading in the case of an attack on their IT system. Talman Software – the IT system underpinning the Australian wool industry – took several days to restore its encrypted database from a back-up system, leaving thousands of brokers with no alternative means to trade and losing millions of dollars for every day of downtime.
Ask questions first, not later
While Software as a Service (SaaS) may be much cheaper and requires less maintenance, it also requires business reliance on something you can’t control, particularly if something goes wrong.
Check your provider’s track record, even if it’s the same provider all your industry peers are using. Find out what their back up plan is in the event of a service disruption and how long it will take to implement, so there are no nasty surprises should your small business find itself in this predicament.
Make cybersecurity a business priority
While disruption can happen in any sector, the vulnerabilities of organisations are directly related to the calibre of their leadership, the budget they devote to cybersecurity, the people they hire and the importance they place on cybersecurity as an organisation.
This is precisely why no small business should be overly reliant on a single piece of software to the extent that their entire operation would be paralysed without it. Have appropriate security measures and a fully tested Plan B in place to be safe, not sorry.
Garrett O’Hara, Principal Technical Consultant, Mimecast Australia