Cybersecurity and data protection are important issues that many small to medium enterprises often ignore. As the incidence of cybercrime continues to grow in Australia, businesses must pay more attention to online security to reduce the risk of privacy breaches, scams, and fraud. Applying appropriate security measures will protect your business from malicious activities, saving you both time and money from having to deal with the aftermath of cyber attacks. The implementation of GDPR (General Data Protection Regulation) also affects many Australian SMEs who deal with customers from the European Union as they are required by law to be GDPR compliant or face large fines.
In the August 2018 edition of the AICD magazine, the backlash from the Facebook and Cambridge Analytica debacle and its impact on public trust were examined. Here is our perspective on what small businesses can take away from this situation.
Awareness of Cyberrisk is the Start
Many small businesses are unaware of the dangers of inadequate cybersecurity. Most business owners don’t invest in effective security measures because of the perceived lack of affordable solutions. There is also the element of complacency because small business owners believe they are too insignificant to be a target for cybercrime. This perception is flawed. If your business interacts, transacts, or hold information online, you are a potential target. In fact, SMEs are an easy target for cybercrime because many small business owners don’t have the awareness, resources, and technical experience to implement effective cybersecurity measures.
As many would have seen from the Facebook privacy scandal, how a business manages its data will ultimately affect consumer trust in its brand. The question then to ask is, are you doing enough to protect your data and those of your customers?
What is at risk?
A small business, like any large corporation, possess valuable information in the form of:
- customer records and information
- financial data
- business and marketing ideas
- supplier database
- intellectual property such as product designs and manufacturing processes
- staff records
Past and present employees, suppliers, clients, and competitors are all potential threats. Information can be leaked out unknowingly or intentionally. There is a growing activity from cybercriminals who steal information from business owners, holding them to ransom or selling information to competitors.
How are SMEs being compromised?
Common methods include:
- Phishing emails – these are emails from hackers that are disguised as someone you know or trust. It could be your bank, your supplier or your colleague. These emails look authentic to try to trick you into providing your details to them.
- Poor passwords – many people use simple, easy to remember passwords, and often the same password for every single website.
- Weak IT infrastructure.
- Lack of financial and technical resources – small businesses often do not budget for IT security services.
- Theft or unauthorised access to your hardware and devices.
- Attacking your websites and business systems.
What impact will a Cyberattack have on your Small Business?
In the event of a cyber attack on your business, the impact can be devastating. You can suffer from financial loss as a result of leaked bank details, leaked sensitive information that gives your competitors the market advantage, business disruptions, costs involved in getting your systems up and running again, and possible fines incurred if you are guilty of breaching data security laws.
Aside from the financial loss, you can also expect your business reputation to be negatively impacted. Customers and suppliers could become apprehensive when dealing with your brand and you can lose customers to your competitors.
Ways to improve your cybersecurity
You are never risk-free, but you can reduce your risks by adopting appropriate security practices. The following is a simple checklist to help reduce online risks to your business and your customers:
- Protect your devices with the appropriate software – install and keep your security and antivirus software up to date.
- Use safe passwords – this means using passwords with a combination of random letters, numbers and symbols. You might find that helpful to use a password manager to generate and store passwords.
- Delete all suspicious emails and don’t open attachments from people you don’t know.
- Manage employee access to business information – restrict staff access.
- Keep your IT equipment in a secure place to prevent unauthorised access and reduce the risk of theft.
- Limit access to websites that are not work-related.
- Back up and encrypt your data.
- Ensure your business complies with privacy regulations.
- Staff training – ensure your staff has a good level of awareness for security issues.
- Develop a security policy and protocol such as changing passwords on a regular basis, reviewing your systems and processes, and deleting staff accounts when their employment ceases.
- Have a contingency plan – know in advance what steps you need to take to keep the business running in the event of a cyber attack.
Good cybersecurity earns the trust of your customers and enhances the reputation of your business, and should form part of a risk management plan for your business.
Contact Emergination to discuss your concerns and find out how you can improve your business operations.
For more information on cybersecurity, you can visit the following links: