When we think of cyber security, the first thing that comes to mind is usually data breaches on big businesses. Companies like Facebook and Uber have been subject to cyber-attacks, with the Uber data breach affecting 57 million users. However, cyber security is not just a big business problem with the Verizon Data Breach Investigation Report revealing that 61% of breaches hit smaller businesses last year. Cyber-crime is estimated to cost Australian businesses up to $1 billion every year and, with most businesses now relying on digital technology to function, cyber security should be a concern for everyone.
The reality is, hackers don’t just target big businesses. Regardless of the size of your business, your customer data is valuable, and hackers see vulnerability in small businesses for a number of reasons.
One of these reasons is small businesses are generally less conscious of the threat of cyber-attack and, according to a survey by Symantec, only 14% of Australian small businesses are covered by cyber insurance. A it won’t happen to me mentality can be disastrous.
Another reason small businesses are vulnerable to cyber-attack is due to lack of resources. Often, small businesses don’t have the resources to protect themselves in the way big businesses do, exposing them to attacks. Research reveals only 2% of small businesses treat protections against hacking as a priority. However, when you consider the fact that 60% of small companies that are hacked are unable to sustain their business more than six months after the attack, investing in cyber security measures is more important than ever.
Late last year, the Queensland Police Financial and Cyber Crime Group warned small businesses of a cyber scam that cost at least one local business a $1.9 million loss. The cyber-attack saw malware access the client list, and alter the account details on an invoice template- resulting in the business losing almost $2 million.
In another case, hackers forced a Brisbane based business to pay a ransom and then threatened the family of one of the staff members. Sensitive customer data was stolen, and the businesses was forced to pay a $14,000 ransom. From this it’s clear that cyber-attacks can have wide reaching negative effects on businesses which can sometimes extend into the personal lives of employees.
How do hackers get in?
The video above reveals how hackers can profile employees in order to make cyber-attacks appear authentic and legitimate.
Attackers are often able to attack business systems through an employee inadvertently clicking on a malicious link within phishing emails and 66% of malware is installed via email attachments. There are also cases where the hacker takes advantage of an access point made possible by lapsed or inadequate anti-virus software.
How can small businesses defend themselves?
- Invest in quality security software
Often, cheap or free security software won’t completely protect your devices from advanced hackers. Security software needs to be implemented across all tech that is used for business purposes, including mobile devices and laptops that have access to confidential information. It’s also important to ensure this software is constantly up to date and you’re regularly reviewing the level of security cover you have.
- Use spam filters
With phishing emails such a huge risk, it’s important to reduce the amount of spam your business receives. Spam filters will help reduce the chance of you or your employees accidentally opening a malicious email attachment.
- Educate your staff
Unaware staff can be a huge cyber security risk. If your staff are aware of the ways cyber-attacks can occur, then they can actively work to reduce their risk.
Some ways to minimise the risk of cyber-attack include advising staff to:
- Avoid visiting suspicious URLs
- Never automatically open email attachments, even if they appear to come from a legitimate source
- Avoid passwords with dictionary words
- Use passwords with more than eight characters (which makes it harder for hackers to get in through brute force)
The more barriers your business has against attack, the harder it is for valuable data to be compromised.
Regularly backing up data is a simple and cheap way to safeguard against cyber-attacks. In the case of a ransomware attack, having backups means you won’t be caught off guard and lose all of your data. Backups need to be kept physically secure as well as encrypted and covered by cyber security software.
- Policies and procedures
Many cyber-attacks occur as a result of a hacker profiling employees from data publicly available online and using this to make an email or attachment appear as legitimate as possible. Establishing strong social media policies that outline what type of business information staff can share online will reduce the amount of data a hacker is able to use to their advantage.
Policies should also cover guidelines surrounding BYOD practices and establish what devices can be connected to the work network, what security measures need to be implemented on the device before they can be used and what information can be accessed on the device.
- Cyber liability insurance cover
While this can’t protect your business from being attacked, it can help with the costs associated with attack. While this may seem costly in the short term, it’s definitely worth considering, especially since the fall out from a cyber-attack can be devastating to a small business.