Small business may be overconfident about their cybersecurity and generally ill-equipped at preventing cybercrime, according to data by the Australian Cyber Security Centre (ACSC).
SMB Media sat down with the ACSC’s Director of SMEs, Craig Gillies, to understand current cybercrime trends targeting small business and see why small businesses are particularly vulnerable. Gillies shines a light on how SMBs can empower themselves and their employees with simple cybersecurity education and mitigations that can help prevent the majority of cybercrime aimed at small businesses.
What are the biggest misconceptions small business owners have when it comes to cybercrime?
It’s not only big business under threat – small businesses are also big targets for cybercriminals. Small businesses can be especially vulnerable to cybercrime as they often have limited resources and expertise compared to larger businesses and are not always aware of the latest cybersecurity advice.
“It is a misconception that cybercriminals only go after the ‘big fish’.”
Many cybercriminals view small businesses as softer targets compared to larger organisations and small business owners need to be alert and prepared. Business owners might also have a false sense of security if their IT systems are managed by external professionals. Cybersecurity is not ‘set and forget’, it requires active management by all business owners, big and small.
SMBs are the target of 43% of all cybercrime in Australia – what makes them vulnerable compared to larger businesses?
Small businesses often lack dedicated cybersecurity resources and expertise and are primarily focused on their normal business operations. This makes them especially vulnerable to highly adaptable and cunning cybercriminals who look to exploit vulnerable SMBs. For example, this means that SMBs might be more likely to click on a malicious link in a fraudulent ‘phishing’ email or they might be more susceptible to fake IT ‘remote access’ scams.
To increase cybersecurity prowess, I’d suggest small businesses join the ACSC Partnership Program which draws on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.
Is cybercrime an ‘opportunistic crime’ when it comes to small business?
Almost always. Businesses that are alert to cybersecurity threats and implement good mitigations are less likely to fall victim to cybercrime than businesses that don’t. At the end of the day, cybercriminals’ resources and time is also limited, so don’t be the easy target.
“Most cybercrime activity is not targeted with cybercriminals casting a wide net.”
How can SMBs ensure cyber-safe workplaces with remote working?
Be proactive with your cybersecurity and encourage all staff to do the same, particularly if they are working remotely. This includes ensuring that staff working from home are also keeping their personal devices and accounts secure. For a start have remote working staff:
- Use strong passphrases
- Install the latest security updates for all devices and software
- Implement multi-factor authentication for your accounts
- Regularly perform backups of all sensitive and financial data
If you want more information and tools to ensure cyber-safe workplaces, try ACSC’s Small Business Cyber Security Guide, which is a great resource for all small businesses.
What are the real costs to small businesses that don’t take cybercrime seriously?
Businesses that don’t take cybersecurity seriously risk extended business downtimes, loss of customers’ trust, and could even face legal penalties if sensitive customer data is compromised or stolen.
Cyber incidents can cause serious financial, organisational and reputational costs for small businesses and some victims may never recover. Business IT systems, such as those containing sensitive financial and customer data, or those responsible for driving normal operations, can be disrupted, degraded or held to ransom. Cyber incidents can also cause irreparable damage to businesses’ reputations, especially if highly sensitive data, such as from customers and clients, is stolen and leaked online by cybercriminals.
87% of SMBs believe they’re safe from cyberattacks if they just use antivirus software. Why is this notation incorrect?
There is no single defence from cyber attacks and a multilayered approach to cybersecurity is essential. Antivirus software can reduce the chance of devices being compromised but this won’t help protect your email account from being hacked if you use a poor passphrase or don’t implement other security measures like multi-factor authentication.
Small businesses should implement a range of relatively simple cybersecurity mitigations to help protect the various devices, accounts and networks they rely on. The Australian Cyber Security Centre (ACSC) provides the latest up to date advice, including step-by-step guides.
Craig Gillies, Director, Small and Medium-sized Enterprises & Individuals, ACSC