Many small businesses are unaware of the potential danger of cyberattacks. Cyber criminals are increasingly targeting small businesses in an effort to gain access to customer information and confidential business data. According to recent statistics from the Australian Cybersecurity Centre (ACSC), cybercrime is now the number one economic crime in Australia, with small businesses bearing the brunt of the damage. In 2022, cybercrime cost Australian businesses an estimated US$5.34 billion according to Statista. Small businesses are particularly vulnerable to attacks as they often have limited IT resources and a lack of security measures in place.
Cyber criminals use a variety of methods to target small businesses, including phishing attacks, malware and ransomware. Phishing attacks involve sending malicious emails that appear to be from a legitimate source. These emails are designed to trick the recipient into clicking on a malicious link or downloading a malicious file. Once opened, the attacker can gain access to confidential information such as customer data. Malware is malicious software that is designed to steal data or gain access to a business’s systems. Ransomware is an especially dangerous form of malware that encrypts a business’s data, preventing them from accessing it unless a hefty ransom is paid.
Unfortunately, most small businesses are unprepared for a cyberattack. In 2021, Accenture found that only 14% of small businesses are prepared to defend themselves. The good news is that there are steps small businesses can take to protect themselves from these threats. The ACSC recommends that businesses invest in cybersecurity training for their staff, use strong passwords and regularly backup their systems. By taking these steps, small businesses can minimize their risk of falling victim to cyber criminals. The cost of prevention is far less than the cost of recovery from a cyberattack, so it is essential that small businesses take the necessary steps to protect themselves.
Here is a list of the top 10 measures you can implement to protect your business against cyberattacks:
Businesses – large and small – are responsible for safeguarding their data, systems and networks from malicious cyber threats. In order to do this, you must ensure that you have a comprehensive cybersecurity program in place and implement a set of administrative controls and technical controls.
One of the most important steps that small businesses should take to protect themselves from cyberattacks is to use strong, unique passwords or passphrases. Passphrases are a long string of 3 or 4 words that might be easier to rememebr. Passwords should include a mix of upper- and lower-case letters, numbers and special characters, and avoid using obvious passwords such as “password”, “123456” or a birth date. Passphrases don't always need things like special characters as they are longer and harder to crack. Importantly, don't re-use passwords or passphrases across different sites as they can be compromised. Using a password manager is the best way to implement strong and unique passwords without forgetting them. Two-factor authentication is easy to set up with most services such as Microsoft 365 and Google Workspace, and provides significantly greater protection against unauthorised access to these critical systems.
All software and IT systems should be kept up to date and the latest patches should be regularly applied as soon as practical to ensure known vulnerabilities are kept to a minimum. It’s critical to have a set of clearly-defined security policies documented so that management and staff understand what they should be doing and not doing when it comes to using and managing IT systems within the organisation. Importantly, the policies need to be tailored for your business to ensure they are relevant for your specific business functions. It is also important to educate staff on these policies as well as the importance of cybersecurity and the measures they can take to protect themselves and the company. This includes teaching them to not click on suspicious links or attachments and to never disclose passwords or sensitive information to anyone.
Small businesses that adhere to these security measures can significantly improve their chances of defending against malicious cyber threats. Many of these steps can be easy to implement and they can have a huge impact when it comes to keeping data secure.
Technology is playing an increasingly important role in helping businesses protect themselves from cyberattacks. However, small businesses need to be nimble to get the most security outcomes with their limited budgets and resources.
One of the key steps in improving oneself is to first understand your weaknesses. To improve your security posture, this can be achieved by performing a vulnerability scan or penetration test of your IT environment to identify areas where you may be exposed. A report of these issues can then be shared with your technical team or IT partner to work through the process of fixing them. In terms of defensive technology, it is recommended to install solutions such as firewalls, antivirus software and security monitoring. Firewalls can help prevent unauthorized access to your network, while antivirus software can detect and remove malicious software. Security monitoring helps provide visibility on malicious network activity and can either come in the form of an outsourced service (usually preferred, particularly for small businesses) or an in-house solution (which can be complex and expensive). Finally, businesses should perform regular backups of important data and ensure the backups are securely stored offline / offsite to protect against ransomware.
Technology can be a powerful tool for small businesses to protect themselves from cyberattacks. By understanding the types of attacks they are vulnerable to and taking steps to secure their networks and encrypt data, small businesses can protect themselves and their customers from malicious activity.
Small businesses should consider getting Cyber insurance to protect themselves from the potential financial fallout of a cyberattack and to safeguard their reputation. While insurance policies can’t prevent small businesses falling victim to a cyberattack, cyber insurance can provide a valuable financial safety net in the event that one occurs.
In 2021, Accenture found that 43% of cyberattacks were aimed at small businesses, and the average cost of a data breach in Australia in 2022 was US$2.92M according to IBM. As a result, the potential financial fallout from a successful cyberattack can be devastating for a small business.
This is where cyber liability insurance comes in. Cyber liability insurance is a type of insurance that provides coverage for the financial losses that a business may incur as a result of a cyberattack. This can include expenses such as legal fees, data restoration costs and loss of income. The costs associated with recovering from a cyberattack can be significant and many small businesses may not have the financial resources to cover these costs on their own. Cyber insurance can help to ensure that a small business has the financial means to recover from a cyberattack and continue operating.
Another reason that small businesses should consider cyber insurance is that it can help to protect their reputation. In today's digital age, the reputation of a business is crucial to its success. A successful cyberattack can damage a business's reputation and make it difficult for them to attract and retain customers. Cyber insurance can help to cover the cost of hiring a public relations firm to manage the damage to a business's reputation and help to restore the business's good name.
The threat landscape is continually evolving with new types of threats emerging every day. We’ve gone past the point of being able to ignore the clear and present danger posed by cybercriminals, and small businesses need to take decisive steps to protect themselves and stay in business. The costs are too high and the risks are too great to keep our heads in the sand any longer. Business owners need to prioritise security or risk losing their livelihood.
