Who is Australia’s cyber-underclass and what can SMBs do about it?
Hint: SMBs, you are Australia’s cyber-underclass.
Fighting invisible dragons ...
Cyber-security is just one of those things. If you’re in business, you know it’s important. However, the gravity of the situation can fail to influence cyber strategy depending on the size of a company.
Large enterprises are explicitly aware that they can live or die by IT security. Their reputations, customer base and stakeholder responsibilities make it a more pressing concern. They also have greater budgets to allocate towards it.
Conversely, smaller companies have less direct external pressure on meeting safety compliance and less funds to allocate towards it.
This lapse in prioritisation is understandable given protecting yourself from attack via the internet and lines of connectivity can seem as important as trying to keep out invisible dragons.
If you could see actual bad guys with crow bars and hacksaws wearing balaclavas attempting to break into your shop, your safe and your computers, the threat would no doubt seem more real and more urgent. Worthy of finding some extra protection money at any rate.
Unfortunately, cyber-attacks on SMBs are all too real. The Cyber Security Review – from the Department of the Prime Minister and Cabinet - reports that small businesses are the target of 43% of all cybercrimes.
And there’s a reason for that. SMBs are the low hanging fruit due to their lack of attention and investment in cyber protection. Not only is it easier to access their networks, they also can provide gateway access to connected networks of large corporates, governments and other big targets.
‘Cyber underclass’, is a term that has been coined in reference to SMBs due to their lack of resilience against hackers and high risk of cyber invasion.
According to the Australian Cyber Security Centre, the most common types of cyber threats for small businesses are malware, phishing and ransomware.
HOW YOUR SMALL BUSINESSES CAN IMPROVE CYBER SECURITY
Stay safe, stay up to date, and improve your reliance with these safeguards.
Understand your risks
When you can identify your potential vulnerabilities, you can take action to protect them. Conduct a comprehensive risk assessment to figure out areas that warrant extra security.
Create an official company security policy
Make a record of your rules and procedures for staff to review and return to whenever a cyber incident occurs. Also create strict policies around mobile work devices or anything to do with data access by employees or customers.
Automatic Updates and Automatic Back Ups
Set and forget app and operating system updates that regularly improve safety. Set and forget digital back-ups of your most important business information that will ensure fast recovery should you get hacked.
Train your people
Awareness is a good start. You can’t win a fight that you don’t understand. If your people aren’t across malware, phishing, ransomware and even internal human error, there is less chance of avoiding it. Regularly updated cyber security awareness training will only strengthen your defences.
You will have experienced multi-factor authentication (MFA or 2FA) when logging in to a system or app that requires a password and then sends you a confirmation code via SMS or email for extra verification. This should be a prerequisite for anyone to access your sensitive data or systems.
Invite the hackers in
Officially, this is called ‘penetration testing’. It involves simulating a cyber-attack on your business to identify weaknesses. You can get your in-house or outsourced security team to carry this out.
Even when you have proper measures in place to protect your security, complacency can be dangerous. New ways to breach networks are dreamed up all the time, so regular reassessments are a must.
Learn more about protecting your business from cyber crime at SMB Digital – a virtual event 20-21 October.