Managing risk

Cyber security threats: is your business an easy target?

Cyber attacks against Australian businesses are rising and the risks are spreading, particularly with the rise of small and medium-sized organisations storing data and using online services.

The impact of a cyber attack on a business can be extremely harmful –  exposure of customer details, reputation damage, forensic examination, crisis and PR management, fines and penalties, litigation and other liabilities. The recovery can be costly and lengthy.

Business cyber security threats – are you a target?

As your business stores more data and uses more online services it becomes a prime target for criminals.

Consequences of external attacks, internal security breaches, and internet abuse can be serious for your business and your customers.  

In the 2019 ACSC Small Business Survey, 62% of respondents had experienced a cyber security incident.  The report showed the main barriers for implementing good practices in cyber security included having a lack of dedicated IT staff, planning and responding to incidents, underestimating risks, inability to identify security weaknesses and simply not knowing where to begin.  

What was once random, cyber attacks in recent years have become more organised and targeted with the goal of financial gain. 

Size is really irrelevant when it comes to online crime and fraud and smaller businesses can be easier targets because of stretched IT resources.

Make your business difficult to target

The internet is a fantastic business enabler, but protection against recent web threats has become increasingly complicated and it’s vital to have a robust cyber security strategy in place. Here are some guidelines for cyber security best practices:

  • Protect against malware, the malicious software designed to infiltrate or damage a PC or network. Secure your computers with adequate firewalls and antivirus software. The on-board firewall on your internet router isn’t enough nowadays with the complexity of malware. 

  • Protect PCs with security software that resides on the PC and doesn’t hinder your PC, laptop or network’s performance. The best protection against a data breach will encompass identity theft, risky websites and hacker attacks within a single solution. 

  • Ensure you’re using the best available threat intelligence. Manual or infrequent updates for your security software open the door to threats. 

  • Penetration testing will simulate a cyber attack to test for vulnerabilities. Run a ‘pen test’ once your cyber security strategy is in place to test its effectiveness on your information security.

  • Select a single console solution with location awareness to keep tabs on mobile users, PCs and servers. 

  • Employ anti-spam software to block risks and prevent distractions for employees. 

  • Develop a comprehensive policy and include awareness training. Teach and re-teach employees about security requirements. Make risks and security transparent. More than 80% of all data loss is caused by human error, either sending out confidential or sensitive information to the wrong people, or in an unsecured way.

  • Advise employees about the type of information that’s confidential and what potential problems can arise if this kind of information gets out. 

  • Have a social media policy with enforceable guidelines for employees. Empower employees and customers with best practices and guidelines.  

  • Protect using strong passwords. Time out old passwords and require password changes frequently. Automate updates. URL filtering can limit access to unproductive or risky sites completely. 

Cyber security awareness: other important considerations

  • Choose a security partner with a proven track record of defence against multiple cyber security threats, with experience of small and medium businesses. 

  • Build a solid relationship with your vendor so you always have a trusted and unbiased adviser when needed, particularly in emergencies. One who’ll help you choose a solution that will grow with your business needs and protect your IT investment. Consider a vendor who can remotely manage your security solution for you.

  • Share and advocate best practices across the business.

  • Look for solutions that make the vendor’s data centre do the work for you by using hosted capabilities. 

  • Don’t rely on old antivirus tools. New methods of detection perform the equivalent of background checks on email senders, files, and websites to protect better and faster without slowing your PCs.

  • Automate operating systems (OS) updates so they deploy quickly and automatically. Make it simple for your PCs to have the latest patches. The vulnerabilities in your OS are key enablers of attacks. Ensure to deploy these patches quickly and automatically. 

  • Require and check patch compliance. Give your users details about versions of software they need and how to check which version they have. Provide links and directions on how to update to the correct version.


Mark Sinclair

former Regional Director ANZ at WatchGuard Technologies

Passionate about helping organisations grow their cyber security requirements with the best network, authentication and Wi-Fi security solutions.


Explore our next-gen cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.