Story image

Are NSW small businesses too confident about their security?

15 May 2017

Almost a third of New South Wales small businesses have been victims of cybercrime, but they believe having a limited web presence limits their exposure, according to a new study from the Office of the NSW Small Business Commissioner.

Out of 1400 respondents, 50% limit their digital exposure to a business website with contact details and social media, believing they’re less exposed to cybercrime that way. 

Only one fifth of respondents use cyber insurance to protect their business from incidents, and only 10% considered cybercrime a number one priority.

They are also more averse to selling products online - 20% of businesses have an ecommerce strategy.

Robyn Hobbs, NSW Small Business Commissioner, says online business is about taking risks into account.

“Doing business online can open up huge opportunities but small businesses need to take full account of the risks – for example something as simple as using email every day or taking a phone call can present a big cyber security risk to any business,” she explains.

Two thirds of respondents believe they are well-informed about cybercrime risks and 80% said they could respond to a security breach.

Hobbs says that the 80% of SME owners seem confident they could respond to a security breach are more confident than most companies listed on the ASX.

“Going digital can be a fantastic way of growing your business but there's no room for complacency - the risks are real and we’re encouraging small businesses to be aware and stay safe,” Hobbs says.

Overall, SMEs rank cybercrime as the fifth biggest risk to their business.

Respondents did state explicit areas of concern, including email fraud, social media hacking, online banking fraud, malware and crypto-ransomware.

“They also want help when it comes to tackling cybercrime – more than 90 percent said they needed risk management tools to assist in protecting them from cybercrime,” Hobbs says.

However, 75% of them were influenced by their own experience rather than advice from a specialist, such as a lawyer or accountant.

The study found that 60% of SMEs consult IT forensic consultants; 40% consult Google; 35% consult the police; and 34% consult Government.

“Some simple ways for small businesses to manage cyber risks to their business include educating and training staff, continuously updating software, using two-factor identification for emails and payments, encrypting important customer files,” Hobbs concludes.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.