SME’s – The Nation’s Cyber Weakspot

It’s no secret that Small and Medium Enterprises (SMEs) are on the ‘hit list’ for cybercriminals, due in large to 3 key factors: 

1. Lack of understanding when it comes to Cybersecurity 
2. Inadequate security parameters and frameworks make them an easy target 
3. Limited access to expensive staff and cybersecurity solutions – out of reach for most SMEs 

Combined, these make it far easier for hackers to steal sensitive data which not only risks reputational damage, but the flow-on effect could bring your supply chain to a complete standstill. 

Each day, hundreds and thousands of Australian SMEs are at risk of being attacked, and possibly unknowingly already have been. It’s not only your business at risk, but those you do business with – think of every company you interact with. When your network is breached, they too become a target. 

Cybercriminals are always looking for ‘easy access’, targeting small fish to gain access to the bigger ones; it’s often easier to attack a small business than the national Defence contractor  

The 2019 ACSC Small Business Cyber Security Survey showed 62% per cent of small businesses reported they had been a victim of a cybersecurity incident. And these are only the ones who are aware of the breach.  

As business shifts towards new technologies aimed to streamline processes and become more efficient, removing the ‘human’ element can both help and hinder. Over 35% of cyber incidents in 2019 were due to human error. However, just as staff can cause an event, if trained to know what to look for, they can also help prevent one. 

Staff education is paramount. Combined with a secure approach to new technologies, staff can be your biggest asset knowing what to look for and what steps to take should they make a wrong move. 

However, before you install a Google hub in the office or a new wireless printer, remember this technology can also be hacked. 

Hackers are imaginative, in 2017 hackers gained access to a Casino’s data and financials via a fish tank, so getting into your printer or internal network protected by a simple anti-virus is a piece of cake. 

‘It’s on the cloud, it’s safe, right?’ 

Wrong.

One of the most common ways cyber breaches occur today is poorly configured cloud storage systems. Hence, as businesses move to a remote workforce, with that flexibility comes a broader attack surface.  

91% of businesses reported an increase in cyber-attacks when teams moved to a remote working approach during COVID-19. 

With the click of just one link by an employee, outsiders can gain entry to your ‘secure’ cloud backup and network. In turn, accessing private data, financials, client information and other confidential documents that can be circulated on the web, held for ransom, or even worse deleted, unable to be recovered. 

Since early March 2020, there has been an enormous increase in COVID-19 themed malicious cyber activity targeting everyone – from MyGov emails to the Australian Taxation Office (ATO) text scam, people are unwittingly falling victim.  

The recent attack on Twitter, believed to be the most significant breach on social media in history, was due to human error. Someone simply left the wrong information in the wrong place, and the Twitter profiles of Obama, Kanye, Uber and Amazon’s Jeff Bezos were hacked claiming millions in scammed dollars. 

Security breaches can happen to any business, anywhere. Would your business survive an attack? 

What’s next? Key steps 

1. Train your staff – Cybersecurity Awareness training can be the difference between a buster profit year and going bust. Making them accountable with a corporate policy means there’s no room for ‘I didn’t know’ excuses. 

2. Secure your network – A standard anti-virus alone won’t cut it. If you had to put a figure on the value of your data – client information, financials, plans, documents, all your IP – could you? Can you afford to replace it? Prevention is better and cheaper than cure.  

3. Get your house clean – Make sure everything under your roof is ‘clean’ from viruses and malware. Audit everything! Consider every device in your company – if they can access your Wi-Fi, they can potentially access your data—all of it. 

4. Have a spare – Back up EVERYTHING. Very regularly and keep a copy offline and off-premise. While it may seem time-consuming, if you suffer a breach and don’t have a backup, you’ll be back to square one 

5. Consider Third-Party Risk - Even after you have completed the first four steps, how much risk are you exposed to from business partners?  Does your MSP have ISO/IEC 27001 Certification, a clear indicator they have adequately implemented Cybersecurity. 

Feeling a little overwhelmed? 

Let us lighten the load and share the burden. Our Business Survival Assessment Service is designed to prepare you for the unexpected; evaluating your current level of readiness, guiding you to a solution that’s both cost-effective and easy to deploy. So, you can focus on getting on with things with peace of mind, knowing your business, employees and supply chain remain fully protected with Australia’s best.