It might sound like the stuff of science fiction, or at least a problem for big corporations, but cyber crime is a serious and growing challenge for small businesses. It costs Australian companies a whopping $29 billion each year and small businesses are the target of almost half of all cyber attacks—up from just 18 per cent in 2011.
So what can you do to protect your business from cyber crime? Clue: there’s a lot more to it than installing antivirus software. Cyber criminals use computers and the internet to break the law. They steal information, money and disrupt businesses through identity scams and fraud, online scams and attacks on computer systems and websites. There’s a lot at stake: everything from customer records and personal information to email records, business plans and employee records can be at risk. Worryingly, as more companies go online—to sell goods or services through a website, store client data or simply use email and internet banking—cyber criminals are becoming smarter and better resourced. Susie Jones, CEO of Cynch Security, which provides cyber security services to small businesses, says the number of hackers that go after small companies is increasing every year as such businesses become more reliant on technology.
“Small businesses are more and more adopting new technology,” she says. “It obviously helps with efficiencies and it can really help you keep your costs low, but it also means that there’s more things for a cyber criminal to go after in order to access your data or money.” And as big businesses adopt more stringent cyber security measures, cyber criminals are increasingly using the small businesses that work with them—such as subcontractors and suppliers—as a way in. “It’s a very common attack chain where hackers leverage low-hanging fruit—small organisations that are more vulnerable and can be a pivot point into a larger organisation,” says Zoaib Nafar, security sales manager at IT consultancy The Missing Link.
So how exactly do cyber criminals steal from small businesses? Nafar estimates 80 to 90 per cent of cyber breaches start with a dodgy email or ‘phish’—a fake message that tricks the receiver into giving out private, personal, commercial or financial details. Online banking logins, credit card details, business login credentials and passwords are common targets. “One of the reasons these emails can be so effective is we are trustworthy by default—we often don’t question when we get an email from someone we know,” says Nafar. “Your natural instinct is to trust the person and open it.” It’s easy to get duped because the emails often look very real. They may use company logos and branding, and link to authentic-looking websites.
“They’ll often try to convince you to transfer money to the wrong place,” says Adam Selwood, chief technology officer at Cynch Security. “They might send you a dodgy invoice or an email pretending to be one of your clients and encourage you to change your account details.” Ransomware—when dodgy software, often spread through phishing emails, locks your computer’s content—is another common form of cyber crime that affects small businesses, says Selwood. “Once they’ve destroyed the information on your computer, they’ll send you a message along the lines of, ‘We destroyed everything or locked it up. If you want to get it back, you’ll need to pay us a whole bunch of money’,” he says.
Cyber crime might sound techy and overwhelming, but the good news is there are lots of simple, practical cyber security measures you can implement that won’t break the bank. First, protect your data by installing anti-virus, anti-spy ware and anti-spam filters and firewall security on your computers and devices—and set them to update automatically. The same goes for software like Microsoft, Chrome and the like—make sure you always run the latest versions. Regular back-ups will help you recover anything that’s lost in the event of a cyber attack.
“Make sure you’re backing up all of your systems and critical data on a regular basis, at least daily or you might want to do it hourly if you have high-volume transactions,” says Jones. An estimated 80 per cent of hackingrelated data breaches involve weak or stolen passwords and the most effective way to protect your business is with long, strong passwords. Enabling two-factor authentication, when there’s an extra check in place to prove your identity like a code sent to your phone, wherever possible provides an extra layer of protection.
Before transferring large sums of money, check the invoice is legit before you pay. “If someone sends you an invoice through email, don’t just take it at face value—contact the person to verify the email and check the account numbers,” says Selwood. And always, always keep an eye out for dodgy emails, says Nafar. “Some of these phishing emails are not very well crafted in terms of language and grammar. As a general rule: if it sounds dodgy, it’s best not to click on it.”