Australia’s small and medium sized businesses are increasingly under threat of cyber attack, but most are unaware of the risk or are doing almost nothing to prevent it.
Business owners are becoming more and more dependent on IT systems and therefore vulnerable to new and emerging security risks. From hairdressers to builders, accountants to GPs, small businesses are using IT to improve, expand and market their services, and that includes things like booking services, online sales, social media promotion, websites and customer databases.
The problem is that they may not have the appropriate resources, expertise or understanding to protect their systems and key data – they’re using the technology from a convenience perspective but without properly understanding the privacy and security risks. Many think security is not their responsibility but it’s a serious risk that can destroy their business.
A key priority in developing the state’s small business economy must be the promotion of cyber security. There are seven simple things owners of small and medium businesses should do to protect themselves:
There were nearly 700,000 cyber attacks against Australian organisations each year, with 60 per cent of those attacks being made against SMEs. One prominent example we saw in 2016 was when thieves hacked into the computer system of a SME that held a national security contract with the Federal Government.
The intruders had access to the IT network for a long period of time and stole large amounts of the defence supplier’s data. While not all breaches will impact on matters of national security, when you consider that the average time it takes to resolve a cyber attack is 23 days, that can still have an enormous impact on a small business’ operations and ultimately on its bottom line.
SMEs need to ask themselves: If they were a victim of a cyber attack how much immediate business would they lose? Could they restore their system and data? And, would their customers have confidence in their organisation in the future?
Professor Matthew Warren, Deputy Director – Centre for Cyber Security Research and Innovation, Deakin University