If you are a business owner, you may have found the headlines a little confronting over the last 12 months around the cyberattacks and security breaches in big-name businesses, and you should be aware of the rise in cybercrime across the SME landscape.
Network security provider Proxyrack recently revealed through their research the world’s most at-risk countries. This is the list that no country wants to come out on top, and Australia was named the fourth most vulnerable nation with eight victims per 100,000 people, behind UK (450), US (138) and Canada (15).
The ranking was calculated from the US FBI Internet Crime Report published in 2021, notably before the major breaches on Australian shores through Medibank, Woolworths and Optus. Regardless, it paints a grim picture.
The Australian Cyber Security Centre (ACSC) says that a cybercrime is reported in Australia every 8 minutes, and they are increasing and evolving, enabled by the ever changing landscape of communication technologies, remote working arrangements, and our own consumer behaviours. Online shopping and online banking scams account for around 54 per cent of all reports.
The ACSC also found that 2022 saw a massive increase of 13% in cybercrime reports. The increasing digital dependence that countries, including Australia, are experiencing is making crimes such as extortion, fraud and espionage easier for cybercriminals to imitate and scale.
If you’re thinking, “Oh I’m not a large enterprise, they won’t target me …”, perhaps some of the other cybercrime and SME statistics might spur you to action.
- 10% of incidents reported are in the hospitality and retail sector.
- 43% of cyberattacks target SME businesses.
- Business email compromise (BEC) alone cost $81.45 million in the 2020-21 financial year.
- BEC or phishing attacks occur across all industries.
- Industry experts report that up to 60% of SME operators use the same personal and/or email passwords for their business critical systems.
- Fraud, such as account and email manipulation, data breaches, and ransomware attacks, make up the majority of reported cybercrime.
In one way, it’s correct to assume that cybercriminals won’t directly target you specifically – mostly, you’re likely to become the accidental victim of a larger, broader scale attack – similar to what happened to Optus.
In the wake of the Optus scam, many experts warned SMEs of their exposure through the personal information of 10 million Australian customers stolen, and the potential of a BEC tidal wave.
Here are some of the things that SMEs need to be doing to protect themselves in 2023 against scammers and cybercrime.
Train your staff and put policies in place
Cybersecurity for any business is everyone’s responsibility, so how much do your team members know about protecting your business, and themselves? This is a critical factor in the landscape of remote works, particularly if they are using their own personal equipment and internet connection for their daily work.
Even while securing your remote business infrastructure, there is still the need to build the awareness and skills of employees. These are your frontline defence and can be the strongest link when it comes to cybersecurity for your business.
Staff need to be educated and understand their responsibility also, as they are the gateway to your business. Policies can reinforce use, expectations around suspicious activity, and recognition of the risks. Businesses must also simulate phishing attacks to test employees’ awareness.
ESET offers a free online training course that covers all of the basics and that you and your team can benefit from. You can even take a free cybersecurity assessment to identify gaps in your IT infrastructure so you can take action to keep your business protected from cyber threats.
Secure your passwords and implement multi-factor authentication
Many data breaches were caused by bad password choices. This simple but critical layer of protection for data and privacy can also be the weakest. Making it a policy for employees to use complex and unique passphrases, and implementing multi-factor authentication, which adds another layer of security, ensures good password hygiene.
Backup your data
Make a copy of it and store it securely offline and offsite. This will protect you from data loss and ensure you can recover it if it’s encrypted by ransomware. Policy implementation to support this action can cover the endpoints and devices that your teams use to do their jobs. Additionally, you can consider professional backup services and security to manage this.
Secure your systems and devices
One of the most effective things you can do is keep your software and systems updated via automatic updates in downtime, as clicking ‘remind me later’ may be too late. Software developers are always making their platforms, apps and systems more secure to stay ahead of cybercriminals. Security software that includes antivirus, antispyware and antispam features across all devices is another layer – just ensure they are turned on. Firewalls can also protect your internal network from external internet threats.
Don’t wait until it’s too late
It’s more important now than ever to protect ourselves, and in particular, our businesses and clients. We realise that SME operators are busy, but investing the money and time to plan and deploy your cybersecurity systems is one of the smartest business moves you can make in the current landscape.
In fact, you can’t afford not to.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.