The Australian Small Business and Family Enterprise Ombudsman have published a guide to help small businesses prevent possibly disastrous cyber attacks, after research from 2016 has shown that 43 percent of cybercrime choose small businesses as targets. Although the research is more than a year old, the results are unlikely to be very different, if not worse.
The guide outlines what a business should do to prevent or deal with a cyber attack, as well as gives some rather worrying statistics for business owners to consider. While it is recommended to delve even deeper to make a company less vulnerable, it still is a good start for those businesses that have little cybersecurity awareness.
Small business are becoming a more likely target
An attack on a small business could have devastating consequences, and with almost half of cyberattacks targeting specifically those types of businesses, the chances of being affected increase. According to a research from 2015 cited in the guide, 60% of small businesses that have experienced a cyberattack go out of business within six months. For example, if a business suffered a ransomware attack, their files could be encrypted, and money demanded in exchange for a decryptor. If the company was targeted specifically, the ransom could got up to $100,000 or even more. And it is not even certain that after payment the decryption key would be sent. A company could lose not only important files but also critical money. Thus, it is not difficult to see how a small, completely unprepared business, would be forced to close its doors.
Another worrying number highlights the mindset that a business is safe if it uses anti-virus software. According to the guide, 87% of small businesses believe their business to be safe from cyberattacks because they use anti-virus.
Smaller businesses usually do not consider themselves as targets because bigger companies would be more profitable to attack, and while the mindset is not correct, it is not difficult to see why they may think that way. However, larger businesses have better security, and are less likely to comply with the demands when an attacks is carried out. Smaller businesses, on the other hand, oftentimes lack resources and time to ensure they are as resilient as possible, and cyber criminals know that. Because of that, they are choosing them as targets more and more often.
Ombudsman Kate Carnell explains that online threats are as real as physical threats are, and thus need to be take seriously, “like having locks on your doors and a burglar alarm”.
The Cyber Security Best Practice Guide
The guide encourages businesses to take their cybersecurity seriously and gives out useful tips about preventing or dealing with a cyberattack.
In a section ‘Three quick steps to serenity”, businesses are encouraged to protect their assets by backing up data regularly, installing application updates, setting complex passwords and two-step authentication, as well as limiting access to administrator accounts. Furthermore, talking about cybersecurity, browsing only secure websites and only installing trustworthy applications is suggested. Lastly, businesses are recommended to report attacks to authorities, and to consider cyber insurance.
In response to the 87% of small business believing that they are safe if they use anti-virus, the guide warns that there is no single-fix when it comes to cybersecurity. Anti-virus software alone will not protect from attacks. Business owners are advised to educate themselves and their staff about the possible attack scenarios so that everyone is ready if an attack was to happen.
After all, “when it comes to cyber-attacks, it’s not a matter of if, but when. If you use the Internet, you are at risk”.