SMEs falling victim due to lax cyber security

SME owners have been urged to look at their cyber security arrangements, as attacks on small businesses soar and the government announces a $230 million cyber security strategy.

SME owners have been urged to look at their cyber security arrangements, as attacks on small businesses soar and the government announces a $230 million cyber security strategy.

“The federal government’s investment of $230 million to enhance Australia’s cyber security capability demonstrates the scale of the issue at hand and a clear focus on meeting the challenges of the digital age and protecting all Australians online,” said BDO risk advisory partner Leon Fouche.

“The strategy’s strong focus on collaboration and education also highlights the role every business can play. While the federal government is leading and innovating, businesses need to ensure their security practices are robust and up to date, and to better educate and empower employees to use sound online practices.”

But despite the focus being on large corporates, SMEs have been warned that their cyber security is just as much at risk.

“The strategy’s recommendation of voluntary governance health checks for ASX 100 organisations certainly highlights the particular risks faced by these high-profile organisations. However, private, small and mid-sized companies make up the vast majority of the business community and can be just as vulnerable to cyber attack, especially those with an online presence and less mature IT security measures in place,” Mr Fouche said.

“I urge all businesses, including SMEs, to undertake some level of self-assessment on a regular basis in order to understand their cyber risk exposure and their ability to respond to and recover from a cyber incident.”

Jenny Thornton, partner at law firm Clyde & Co, and her colleague Tim Searle, recently told My Business’ sister publication Lawyers Weekly that SMEs actually appear to be more of a target than their larger business counterparts, given their more lax standards on cyber security and the high-volume, low-value nature of the attacks fraudsters are able to get away with.

“One of the things we've been talking about is that a lot of the encryption attacks – where they put in this malware that effectively locks up the data for a ransom  I always suspected that those would be with larger companies. But apparently the bulk of those cases are small-to-medium businesses, and especially not-for-profits. The hackers are asking for just $1,000,” Mr Searle said.

Ms Thornton added: “It’s often between $200 and $600 and it’s day care centres or small community organisations. You don’t hear about [these hacks]; they’re not registered.”

Australian Small Business and Family Enterprise Ombudsman Kate Carnell also weighed in on the issue, stating that there has been an alarming trend of SMEs having their websites breached by Islamist extremist sympathisers.

“More and more, small businesses are turning to e-commerce to help grow their customer base and boost their bottom line,” Ms Carnell said.

“Latest statistics reveal 84 per cent of small-to-medium businesses (SMEs) are online, with one in every two SMEs receiving online payments.

“Recent reports of small businesses having their websites breached with disturbing pro-Islamic State messages reinforces the importance of cyber security in this digital age, and I welcome the government’s collaborative approach to help ensure both businesses and consumers are protected against online threats.”

She added: “Small business owners need to make sure they are aware of cyber risks and have measures in place to prevent and respond to attacks. This includes drawing up an online security plan, ensuring their point-of-sale systems are protected, backing up their data and implementing robust password practice.”

promoted stories