Covid-19 moved small business operations and workplaces online, sometimes for the first time ever. But without proper cybersecurity software and training, cybercriminals are exploiting these weaknesses. While the pandemic has left many small businesses increasingly vulnerable to cyber attacks, luckily they’re some simple steps to combat these new threats.
SBC Media sat down with Neil Royle from Kaspersky; a cybersecurity consultant with over twenty years of experience. We asked Neil eight critical cybercrime questions to help small businesses understand cybersecurity risks and how to prevent falling victim to cyber-attacks.
What is the biggest misconception small businesses have about cybercrime?
It’s that they won’t face a cyber attack because they are not part of a large ecosystem. However, the reality is, cybercriminals are opportunistic and their primary objective is to make money, so they will attack any business regardless of size if they successfully gain access to their network.
How has Covid-19 affected small business cybercrime?
Since Covid-19, we have seen a significant increase in ransomware attacks. In addition, we now see cybercriminals using “pressure tactics” as a new way of cybercrime. Meaning they threaten victims (businesses) by saying they will publicly leak sensitive data stolen from compromised systems…Companies are pressured knowing that their business’s reputation could be damaged.
Australia is one of the most targeted countries in the world for ransomware attacks on small businesses. What is ransomware and why are SMBs targeted?
The word “ransom” tells you everything you need to know about this pest. Ransomware is extortion software that can lock your computer and then demand a ransom for its release. Cybercriminals conduct cyber attacks for a number of reasons. However, small businesses are generally easy targets as they don’t have adequate cybersecurity controls in place.
How can businesses protect themselves better from ransomware attacks?
Most cyber-attacks start with a phishing email where a malicious attachment is opened, or a link is followed. The most important action a small business can take now is to educate all of their employees on cybersecurity awareness so that they know how to identify and take action against malicious emails.
Employees working from home is a trend that will likely outlive Covid-19, what tools should small businesses implement to safeguard remote employees?
It is vital that small businesses install a reliable security solution on all devices that handle corporate data. Also, configure your Wi-Fi encryption to make sure information is safe from prying eyes. If your Wi-Fi asks anyone connecting to it for a password, the connection is encrypted. It is also important that security patches are applied as soon as they become available. For small businesses, this can be setup to occur automatically.
Small businesses are the target of 43% of all cybercrime in Australia – what makes them more vulnerable than larger businesses?
Sometimes because of their resources at hand, updating their PC’s and OS systems seems unimportant to many SMBs. This is where they forget that threats can find ways to attack them with more ease with the absence of patching and updating.
And how can SMBs be proactive to decrease cybercrime vulnerability?
If you are an employee, go back to basics with creating complex passwords with a combination of symbols, numbers and a mix of upper and lowercase letters. Use the assistance of a password manager so you won’t forget the passwords. As a business owner, stay on top of the latest cyber threats within your industry. From that, you can have an open dialogue and push for more employee training and secure systems to be put in place.
What advice do you give to small businesses that are resource or time-poor regarding cybersecurity?
Without the proper training, cybersecurity poses a risk within an organisation from higher management all the way down to the day to day employee will be at risk. Cybersecurity awareness training is critical for staff to adopt a cyber aware culture and help reduce that risk. There are plenty of resources available online at no cost that will significantly reduce the risk of getting infected, for example, Kaspersky offers free cybersecurity guides.