While people often assume that cybercriminals only seek out large organisations and large paydays, attacks on small businesses continue to rise. In fact, small businesses and organisations make up 43% of cybercrime victims, and the average cost of these breaches are between $36,000 and $50,000.
In 2019, 1 in 3 Australians were affected by cybercrime; of the small businesses that experienced a breach, 22% of them were unable to continue operations. This blow to the economy, and our back pockets, is why it’s important to be vigilant, aware, and keep security front of mind.
Why is cybersecurity so important?
Your business is only as secure as its weakest link, so it’s important to ensure your entire organisation understands how to remain secure, and how to spot any potential threats. Small business cyber attacks can actually be extremely lucrative for criminals; small businesses often don’t have the same level of security or knowledge as larger organisations, so hackers don’t require sophisticated tools or processes to make a breach.
Cyber attacks can put your money, data, and IT equipment at risk. A significant amount of damage can be done if a hacker gains access to client and staff information, credit card information, banking details, product designs, and manufacturing processes. Not only does a hacker pose a risk to your business, but they can use you as a stepping stone into accessing other people or businesses within your networks. The knock on effect can cause both financial and emotional damage to you and those around you. Coupled with this, the reputational damage a brand can incur from a cybersecurity attack can be devastating.
What are the most common cybersecurity breaches?
The most common types of attacks are malware and phishing, which are both often sent from what looks like a legitimate source.
While you could probably pick that the email from a royal prince in a far-away land with millions of dollars to share is probably a scam, cyber criminals have made advancements in the way they craft and deliver emails, so it can be easy for the less informed to fall for the trap. However, emails are often the first breach of security because they are widely used to send invoices, banking details, and personal information, and many cyber attacks will mimic emails from legitimate organisations to trick you into giving them access. The tell-tale signs of an attempted cyberattack are misspelled words, uncommon phrasing, or unusual requests to provide information, click a link or perform a specific action.
Password breaches also make up over 80% of hacking incidents. For many people, they need so many passwords for so many programs and applications today that they become complacent and reuse passwords. For a cybercriminal, this is one of the easiest ways to gain access to a multitude of information and data – if you’re reusing passwords, hackers only need to find one to get access to your entire system.
How you can better protect your business and your team
Prevention is better than cure. There are a number of things that you can do to protect your business and your team from any potential cyberattacks.
- Create both a disaster response and incident management plan. Dealing with an incident is significantly less stressful if you’ve already planned for it. Think about what your business will do in order to continue and survive after a potential security breach, and ensure your team knows who to speak to if an attack or attempted attack occurs.
- Use an email spam filter. While spam filters are effective, some emails can still fall through the cracks. By marking any potential email attacks as spam, you will train your filter into becoming more effective. Some spam emails are obvious, but if an email seems out of place, you can call or text the alleged sender before clicking any links or following instructions.
- Keep your data secure. Only allow access to websites, applications, or client information to those who absolutely need it. It’s also important to ensure any work emails or applications cannot be accessed by any third-parties on employee phones or computers.
- Apply two-factor authentication on applications and programs. Two-factor authentication means that as well as your password, you need to provide a second authentication to log in – generally by providing a code from an app, or approving the request via text or email. This means that even if a hacker does gain access to your password, they’ll be unable to complete the log in without the rest of the information, making the chances of a security breach extremely low.
- Use a password management system such as LastPass. LastPass enables you to store all login details in one secure location, so the only password required for you to remember is for LastPass itself. It can randomly generate uncommon passwords to be used on programs and applications to keep programs and information as secure as possible.
- Regularly apply software updates and back up your data. Software updates exist to enhance the security and safety of your device, so it is recommended that you update regularly. Backups of your data, documents, and information should be stored on the cloud so they can be accessed from anywhere, not on USBs, hard drives, or directly onto your device.
- Use the cloud to store documents and information. Data is best stored on the cloud, as opposed to on the harddrive of your computer. Over 40% of malware attachments in cybersecurity attacks come from opening or downloading Microsoft Office files, so best practice is to use online office programs such as Google Docs and other G Suite applications instead.
Train your staff on cybersecurity best practices. Complete staff training regularly to ensure your team is up to date on security best practices, and understand what to look for in an attack or attempted cyber attack. Your organisation is only as strong as its weakest link, so keeping your staff informed and vigilant is essential to protecting yourself from an attack.