SMEs today have had to move their businesses online and adopt more hybrid ways of working, which in turn increases their risk of exposure to cybercrimes. The Australian government has reported a 13 per cent increase in cybercrimes in the last year, and a 15 per cent rise in ransomware attacks.
For many, an online presence may be a completely new venture, which often means technical vulnerabilities and unsecured technologies, a feast for hungry hackers. Technology has certainly become more sophisticated and criminals are able to gain access to valuable data with ease, even via the most unsuspecting areas of your business. In 2022, focus should not be on antivirus technology alone.
Emails and clouds
Boston Consulting Group says 77 per cent of cyber-attacks are due to human error or failure to detect acts of ‘phishing’, accounting for three-quarters of email attacks. Phishing emails mimic those of a real user, and is one of the easiest ways for hackers to access your system. Educate yourself and your employees on the many ways that your business can be attacked in this way by adding information to your training and development programs as a central focus – The Australian Cyber Security Centre (ACSC) offers a range of resources dedicated to employee training.
Cloud storage systems are now heavily relied upon by SMEs and their employees as businesses scale. These can come with unknown bugs and risks that expose private internal information to online criminals. Make data security and governance a priority when using any type of cloud provider, and ensure that your chosen partner is up to speed when it comes to security. The ACSC also has resources on Cloud Security Guidance which you can refer to here.
As the ‘Great Resignation’ sets in, experts predict that a wave of employees leaving their positions could put valuable business IP at risk. Should employees leave on a bad note, they may be inclined to take and share various documents, or continue to log into shared accounts long after their departure.
To avoid this, secure employee accounts with their own unique ID and passwords, remove any shared accounts and make sure that passwords are changed on a regular basis. When employees finish up, access to these accounts should be automatically closed.
It is common practice to outsource operations like payroll to third party suppliers, but with this also comes an increased risk of a data breach. Vet any external suppliers you partner with via a detailed risk assessment to identify potential problems before they occur. Remember, should a third party vendor be attacked while in possession of your customer’s sensitive data, you are liable.
Regular security audits of external partners can help you stay on top of any vulnerabilities that may be exploited, ensuring partners are compliant with a globally accepted information security framework, such as NIST Cybersecurity Framework or the ISO 27001 will help to keep this in check.
Where SMEs may use a Point of Sale (POS) system, like external suppliers, these apps and software can also become targets. Cybercriminals can easily access POS systems to install malware and steal financial data stored in your system’s temporary memory, along with using keyloggers to capture credit and debit card data, before it’s encrypted. These sorts of breaches can be avoided by aiming for real-time visibility of your POS system in order to stop any suspicious or unnecessary activities the moment they occur.
Technology today is more advanced than ever, and not always for good. Cybercriminals are becoming more sophisticated in their methods of attack, and are finding ingenious ways to exploit vulnerabilities that can compromise business health, systems and networks.