With cyberattacks poised to rise how can small and micro businesses prepare?


The ACCC recently released its Targeting Scams report, which found Australians lost a record $851 million to scams in 2020 alone. For small and micro businesses, this is concerning – by nature of their size, they tend to not have the resources or expertise necessary to counteract complex cybersecurity issues.

There’s significant financial, legal, and reputational risks if cybersecurity is ignored. Indeed, it can spell the end for an SME – some 80 per cent of SMEs targeted by a cyber attack go bankrupt within 12 months, according to the NSW Business Chamber.

Fraudsters and malicious actors were able to capitalise on the unique situation caused by COVID-19, which created a sense of vulnerability amongst consumers and businesses. As physical businesses rushed to move online, and people that had never before shopped online suddenly found themselves left with no other option, scammers were poised to take advantage.

Not to mention, many businesses were left with retrofitted, precarious security practices in supporting an almost overnight move to remote working, leaving the doors wide open for cyberattackers to weave their way into sensitive business information.

The overhanging threat of a cyberattack is exacerbated by a lack of general understanding about cybersecurity and its implications in the small business world. A survey from the Australian Cybersecurity Centre found almost half of SMEs rated their cyber security understanding as ‘average’ or ‘below average’ and had poor cyber security practices overall.

As cyberattacks are set to increase in scope and sophistication in a post-COVID world, small and micro businesses need to prioritise protecting themselves and their customers.

What can small and micro businesses do to defend against cyber attacks?

Getting educated on the basics is the first step. With some 97 per cent of small business owners taking on the responsibility for their business’s cyber protection (as opposed to outsourcing to an expert), it’s crucial you invest time upfront to understand the fundamentals. For example, having operating systems up to date, identifying and avoiding scam emails, and encouraging safe browsing amongst all employees on the business’s devices, goes a long way to long term protection. Even learning all the various types of cyber attacks – from phishing to ransomware and malware – will put you ahead of most.

Understanding your obligations is another key element of cyber protection. For example, did you know you have 30 days to compulsorily report any data breaches to the Office of the Australian Information Commissioner?

Don’t stop once the box is ticked. Once you have cleaned up password control, device upgrades, and read up on your obligations as a business owner, don’t rest on your laurels. Cybersecurity strategy creation or education should never occur in isolation, but as a repeated exercise, with employee-wide programs run regularly to account for changes in national policy and the threat landscape.

Government collaboration essential if SMEs want adequate cyber protection

The ACCC report confirmed that the largest number of scam reports from businesses came from micro and small businesses, showing it isn’t just large corporations that are susceptible to cyber attacks. Although the government is making headway in creating requirements for compulsory reporting of data breaches and ransomware attacks, more needs to be done to keep cybercriminals locked out of the SME landscape. The government needs to provide accessible resources and information to empower SMEs to cost-effectively adopt enterprise-grade cybersecurity solutions.

But running a small business means wearing many hats – with the right technology, it’s possible to be cyber protected without being distracted from the core duties involved in running your business.