Conventional wisdom would suggest that only large companies ought to worry about online threats and risks. After all, they are the big fish to fry. However, the Cyber Security Review led by the Prime Minister and the Cabinet found that cybercrimes cost the Australian economy up to $1 billion annually, and this includes attacks on SMEs and individuals. It seems that conventional wisdom doesn’t hold any water these days, and cybersecurity for small business should be a priority.
WHY IS CYBERSECURITY FOR SMALL BUSINESS IMPORTANT?
When we break down a whole variety of statistics focused on online protection, cybersecurity for small business should become a requirement without question.
• In 2017, 516,380 small businesses in Australia were affected by online attacks
• On average, an SME would have to pay $4,677 to free their data from ransomware.
• Around 25% of businesses could see their website and network go down for a day due to an attack.
• An attack could cost a medium-sized entity $1.9 million on average. This includes costs directly attributable to a digital breach, along with intangible costs affecting a company’s reputation and goodwill.
A quick snapshot shows that you need to beef up cybersecurity for small business, and the reasons are twofold. First, there are legitimate direct and indirect costs arising from a digital breach itself. Secondly, there are costs associated with inaction from a regulatory standpoint, should a breach occur.
In 2018, amendments were made to the Australian Privacy Act, where entities are now compelled to disclose any breach of personal customer data. A firm must inform the individual customers affected by the breach and the Office of the Australian Information Commissioner (OAIC) within 30 days of the event. Failing to comply can cost a firm up to $1.8 million in fines while an individual can see penalties of up to $360,000.
When we look at the rules and regulations in place along with the potential costs, cybersecurity for small business is a necessity.
WHAT SHOULD SMES DO?
If your SME doesn’t have a plan in place for digital attacks, there are some basic tips to strengthen online protection.
• Every organisation should have a set of documents detailing its online safety policies. Provide training, checklists, and information to help employees familiarise themselves with company protocols.
• A firewall is the first line of protection an SME should use to place a barrier between its data and criminals. It will separate your safe and secure internal network from the threat-laden external network that is the internet.
• The majority of employees now carry out work-related functions on their mobile devices. A protection plan should encompass mobile phones and even other items such as smartwatches.
• Inform employees of changes or updates to your SME’s security protocols. Creating contractual obligations related to compliance will ensure that they adhere to the rules and regulations.
• Enforce the best possible password practices with regular updates and changes. Most data breaches occur through lost, stolen, or weak passwords.
• Use multi-factor identification so that employees are notified of a possible breach as soon as it happens. Using email and phone numbers as the point of notification is a great place to start.
• Use anti-malware applications to combat phishing attacks by email.
• Back up your data regularly. You could take all the precautions possible but still, fall prey to a cyber attack. It’s vital to have both physical backups and cloud backups to have all your bases covered. There isn’t a data storage format that is immune to attacks, so this is crucial.
KEY TAKEAWAYS
Looking at cybersecurity for small business as an optional component is a grave mistake in this day and age. Digitisation of the commercial landscape is progressing at an exponential rate, so turning a blind eye to online protection can create a multitude of business costs in the future.
At Triskele Labs, we offer a range of services to provide comprehensive protection measures keeping your organisation safe and secure. From penetration testing to more holistic service offerings taking an expansive look, our team can help you assess the strength of your existing infrastructure and improve it.
