With businesses moving towards a digitised workplace, a report suggests that SMB owners aren’t taking cyber security seriously.
Conducted by BDO and cyber emergence response team AusCert, the 2016 Cyber Security Survey has revealed how Australian and New Zealand businesses currently run their businesses, and the risks associated with having a connected workplace they may face in the future.
Leon Fouche, BDO national leader for cyber security, says that current online security standards for businesses are concerning.
“With such a big push to cloud-based systems, particularly in professional services industries, it’s concerning that not even half of the businesses in this sector have adopted and implemented cloud security standards,” Mr Fouche says.
Also mentioned in the report is the fact that even though businesses are using mobile devices, there is a lack of mobile device management systems.
“Another concerning observation is the low level maturity of mobile device management," says Mr Fouche.
“Professional services organisations tend to have a mobile workforce who often work outside the office where their mobile device is the main communications device used to connect back to the office.
“It is concerning that only 40 per cent of organisations currently have a mobile device management tool in place to manage mobile devices”.
Mr Fouche warned that business owners that do not take their device and online security seriously can face very real threats of financial and identity fraud by criminals.
“They can also ask for ransom payments or release confidential information in the public domain, similar to the Panama Papers scandal earlier this year, he says.
In order to avoid being targeted by these criminals, Mr Fouche recommends business owners should update their risk management procedures.
“Firstly, they should undertake regular cyber security risk assessments (only 48.9 per cent currently do this) and support this with a data loss prevention system (61.7 per cent already adopt this) and data leakage and monitoring tools to detect when sensitive information leaves the organisation,” he says.
“They should also ensure staff awareness and education regarding cyber security is up to scratch, as users and their mobile devices are prime targets for cyber criminals wanting to find ways of accessing to data held within this sector.”
Key statistics found within the report include:
- Security operations centre: 79 per cent of respondents said they do not have a security operation centre in place to maintain cyber security for their business, and 59 per cent of this say said they do not plan to have one in the future.
- Dedicated role to managing cyber security: 70 per cent of respondents said they were not looking to implement someone in their business to ensure cyber security risks are managed.
- Assessing risk: 48 per cent of respondents said they do not conduct regular cyber security risk assessments.