Australian SMEs are being warned they’ve been left exposed after Optus hackers accessed the personal information of up to 10 million Australians.
“This is very serious and has the potential to create a business email compromise storm,” says Phil Parisis, General Manager of Products at My Business, Australia’s largest small business organisation.
“Business email compromise (BEC) is when hackers gain unauthorised access to or impersonate an email account to intercept private communications. Criminals are then able to intercept financial transactions such as invoices or scam other organisations out of money and goods,” says Mr Parisis.
“I would estimate more than 60% of small business owners are using the same email/password for their Optus account as they do for other critical business systems,” he says.
“Not to mention employees using the same password that’s been breached or suppliers and clients.”
According to the Australian Cyber Security Commission business email compromise cost $81.45mill during 2020-2021.
The latest data from the Australian Small Business and Family Enterprise Ombudsman shows more than 60% of Australian SMEs don’t survive a cyber-attack.
“We often hear from small businesses that ‘I’m just a retailer, a designer; why would anybody target me?’
“The reality is that cyber criminals don’t necessarily target you. Mostly, you become an accidental victim of a large, broad scale attack such as what’s happened to Optus.
“It’s also a good reminder for SMEs to look at their own cybersecurity because if it can happen to a huge company like Optus imagine how easily it can happen to them,” he says.
6 Tips to small businesses who believe their data has been compromised:
- Create a human firewall: Building a human firewall or educating yourself and employees is the most effective way of preventing a cyber-attack.
- Password protection: It’s important that passwords are not easy to guess. All businesses should consider a password manager or multi-factor authentication, with passwords regularly updated.
- Limit exposures: Logging on to public Wi-fi is one of the easiest ways to get hacked, hot spotting to a secure account is a safer option. Likewise be careful with cheap imitation cables and upgrade your systems regularly.
- Be prepared: Have a back-up account ready and know how to access it. Know what will be required to get your account back – have that information ready before the attack happens.
- Pay for an expert: The government is now offering cyber protection insurance to small businesses. This significantly reduces the financial impact of a cyber-attack and can help a business recover faster.
- Update business policies and procedures: Ensure your business processes are up to date to protect, prevent and recover from any suspicious behaviour.
“Small business is big business for cyber criminals,” says Mr Parisis.
“Cybercriminals are savvy, they know that by taking on larger organisations they can then branch out and hit smaller businesses too who knowingly have less resources, time and budget to protect themselves.”
“But this should act as a warning to Australian SMEs – if it can happen to a huge organisation like Optus with all the firewalls at their disposal – imagine how easily it can happen to smaller companies.”