Cyber Security Concept, Man Hand Protection Network With Lock Ic
Credit: Cyber security concept man hand protection network with lock icon and virtual screens on smartphone.
Australia’s small and medium sized businesses are increasingly under threat of cyber attack, but most are unaware of the risk or are doing almost nothing to prevent it.
Business owners are becoming more and more dependent on IT systems and therefore vulnerable to new and emerging security risks. From hairdressers to builders, accountants to GPs, small businesses are using IT to improve, expand and market their services, and that includes things like booking services, online sales, social media promotion, websites and customer databases.
The problem is that they may not have the appropriate resources, expertise or understanding to protect their systems and key data – they’re using the technology from a convenience perspective but without properly understanding the privacy and security risks. Many think security is not their responsibility but it’s a serious risk that can destroy their business.
A key priority in developing the state’s small business economy must be the promotion of cyber security. There are seven simple things owners of small and medium businesses should do to protect themselves:
Patch systems and enable automatic patching. All systems and packages are updated (called patching) and the patching can be done automatically rather than implemented individually by users.
Back up all important data.
Use a cloud based email and/or data storage.
Use strong authentication. Use passphrases instead of passwords and use two stage authentication where possible.
Set up different accounts. For example you can set up an administrator account, as well as user accounts.
Don’t use the same password across all accounts (Twitter, Facebook, LinkedIn, Gmail, Adobe, Apple, etc). When one is hacked, they all become vulnerable if you’re using the same password.
Don’t click on links, attachments or images from people not known to you. Criminals often hack one account and use that account to send malware to people in the contact list.
There were nearly 700,000 cyber attacks against Australian organisations each year, with 60 per cent of those attacks being made against SMEs. One prominent example we saw in 2016 was when thieves hacked into the computer system of a SME that held a national security contract with the Federal Government.
The intruders had access to the IT network for a long period of time and stole large amounts of the defence supplier’s data. While not all breaches will impact on matters of national security, when you consider that the average time it takes to resolve a cyber attack is 23 days, that can still have an enormous impact on a small business’ operations and ultimately on its bottom line.
SMEs need to ask themselves: If they were a victim of a cyber attack how much immediate business would they lose? Could they restore their system and data? And, would their customers have confidence in their organisation in the future?
Professor Matthew Warren, Deputy Director – Centre for Cyber Security Research and Innovation, Deakin University