sb-au logo
Story image

Small business and cyber security: what you need to know

Australian small- and medium-sized enterprises need to be aware of security breaches typically reserved for individuals, according to new information from RSM Australia.

The company says busy businesses often fall for scams that look plausible because they don’t have the time to look into them more cautiously.

According to the Cost of Data Breach Study: Global Analysis, Ponemon Institute (sponsored by IBM) last year, the cost of a security breach in Australia can run into the millions of dollars, which doesn’t take into account the reputational damage a high-profile breach can cause.  

RSM Australia says that while large enterprises can often recover from a security breach, the smaller operating margins of SMEs means that a significant breach can have severe ramifications, even hampering the business’s ability to continue operating.

Recent threats have included online banking scams where customers receive a text message asking them to login to their banking site to confirm details. The message includes a URL, which takes the customer to a fake page, set up to access their account details. The attackers can then use those details to gain full access to the business accounts, potentially wiping them out.

“These scams are successful because they look plausible, and busy business owners may not have time to carefully consider and examine the links they’re clicking on, particularly if they’re on a mobile device screen rather than a larger, easier-to-read screen,” explains Michael Shatter, Risk Advisory partner, RSM Australia.

“One way SME owners can protect themselves from these scams is to use business banking services rather than consumer services,” he says.

“They tend to offer more sophisticated security options and additional security for multiple account users.”

Fraud is another key risk area for SMEs, Shatter says.

“Some employees with access to the business’s bank accounts, for example, could potentially sums without getting caught. It is essential for business owners to be actively involved in business banking and to check the accounts regularly for any anomalies,” he adds.

Shatter says some cyber breaches are likely to happen regardless of how vigilant the business owner is.

“These cyber attacks can include hackers gaining access to systems to steal commercially-sensitive information, customer payment details, or actual money, and ransomware,” he says.

“The costs of these losses can be enormous and, if the intrusion isn’t detected straight away, the losses can mount up over time.”

Additionally, SMEs are subject to the same privacy legislation as larger companies, Shatter explains.

This means they must, by law, keep customers’ private information secure or face potentially-large fines as well as damage to their reputation.

“Customers are increasingly demanding that the companies they do business with are secure,” Shatter says.

“To compete effectively and to avoid the losses that come with security breaches, SMEs must review their security measures regularly and update them as required.”

RSM Australia has identified eight ways SMEs can protect themselves:

  • Keep software updated, since updates often include security patches
  • Educate all staff regarding the risks and how to protect themselves and the business
  • Demand strong passwords for all applications, not just key applications like banking or invoicing
  • Use up-to-date security solutions including anti-virus, firewalls, intrusion detection, and threat detection
  • Never click on links to banking sites in emails or texts. If in doubt, call the bank directly
  • Treat mobile devices the same way you would treat computers; they are equally if not more vulnerable to attack
  • Ensure your files are backed up regularly and reliably
  • Get professional, external advice to improve your security posture, and conduct a risk assessment
Story image
SOC as a Service market on the up, driven by greater focus on security
The global System On a Chip (SOC) as a Service market is set to reach US$676.8 million by 2026, according to a new study from Valuates Reports. More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
SASE vs zero trust – or the best of both worlds
Zero trust and SASE work together by converging a least-privilege access strategy with an architecture that simplifies how highly distributed users, BYOD, and cloud resources are secured.More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More