Recognising and protecting your business from cybersecurity threats
Every day small businesses in Victoria could become the target of a cybersecurity attack.
Find out how your business could be at risk and the steps you can take to protect your business from online attacks.
Is your business at risk?
The short answer is yes. According to the Australian Signals Directorate, a cyber crime is reported every 6 minutes in Australia. It’s also costly – the average cost per attack for a small business is $46,000.
Cyber criminals can use various tactics to access your accounts and steal your information. These include:
- hacking: unauthorised access to your systems or networks
- malware: malicious software is installed into your devices
- ransomware: a type of malicious software that makes your computer or files unusable unless you pay a fee to unlock them
- phishing emails/texts: fake messages to trick you into giving out your private personal, commercial, or financial details
- scams: calls or messages pretending to be from an organisation, business or even an individual.
A 2024 report by Cyber Wardens (an Australian Government program) found that the most common online threats to small businesses include:
- access to emails: with access to your emails, criminals can find sensitive information like logins, identification documents/information, bank statements and much more. This may allow them to access other parts of your business or impersonate you.
- fake invoices and payments : criminals may send fake invoices and payments to small businesses, typically using a simulated or hacked email address from one of your suppliers or clients – who may not even know they have been hacked.
- access to bank accounts: using your stolen information, criminals may be able to access your bank account and transfer your money to their account.
For more information and to read the ‘Building a culture of cyber safety in Australian small businesses’ report, visit the Cyber Wardens research report page.
CrowdStrike and potential scams
On Friday 19 July 2024, US cloud service provider CrowdStrike tested an update that led to worldwide outages of Microsoft services. Businesses experienced Blue Screens of Death (BSOD), sudden shutdowns and other usability issues impacting everything from flights to payment terminals and personal devices.
It was a large-scale technical outage impacting a number of companies and services across Australia. While it was not a cybersecurity incident, when an IT problem like the CrowdStrike outage becomes mainstream news, cyber criminals can use the confusion to scam small businesses as they race to fix the problem.
It’s a timely example of why businesses need to be aware of scams and look at their cybersecurity measures.
Since the outage, there have been reports of cyber criminals using fake websites, phone numbers and emails to impersonate CrowdStrike and IT support businesses, to try and scam businesses and gain access to their information.
The Australian Government has advised the public and businesses to be on the lookout for contact from potential scammers offering their ‘help’ relating to CrowdStrike.
If you are experiencing technical difficulties, go to the official CrowdStrike website, and call the contact number listed instead.
Am I too small to be hacked?
You might think that hackers only go after the ‘big guys’ with lots of money or big databases, but no business is too small to be attacked.
Only 35% of small business owners feel vulnerable to a cyber attack (Cyber Wardens). This false sense of safety may be because we only hear about big companies like Optus being hacked.
Criminals don’t discriminate – cyber attacks can and do happen to small businesses. Criminals will go after anyone with money, from sole traders to multi-national corporations. It only takes one lucky strike to make their attempt worth it.
As a sole trader, micro or small business, you may be more at risk. It’s likely that you don’t have an IT department and your cybersecurity is not as strong as it could be. And, unlike the ‘big guys’, you might not have the resources (time and finances) to recover from the impact.
If you feel like you aren’t on top of keeping your business safe, you are not alone. Typically, small businesses:
- feel overwhelmed and don’t know where to begin
- find it hard to keep up with the latest trends and threats
- think cybersecurity isn’t for them (it’s for IT people), or
- are aware but don’t have the time to set up security measures.
If these sound familiar, remember that a criminal may only need access to your email to hack other areas of your business – they are opportunists and skilful at getting these details. So daunting as it may be, cybersecurity is critical for all businesses and needs your time and attention.
Bad habits could increase your risk
It’s easy to overlook cybersecurity. Does it really matter if you use the same password just this once? Can’t you just update the software next time you get the reminder?
Unfortunately, any kind of poor practice can become a bad habit and cybersecurity is no different. If you let something slip, the behaviour could stick and you could be leaving your business vulnerable.
According to another Cyber Wardens research report, the most common cybersecurity bad habits that 78% of small business owners display every day include:
- keeping a password document
- putting a laptop in ‘sleep mode’ instead of shutting down
- using short passwords, re-using or sharing passwords
- sharing a single login between casual staff
- paying for one software licence and sharing logins between people
- snoozing a software update
- downloading personal software onto a work phone or computer
- allowing a family member (non-employee) to use a work phone or computer.
To help protect your business, put these bad habits on your ‘Don’t Do’ list.
For more information and to read the ‘Risky Business: The everyday habits increasing small business cyber risk’ report, visit the Cyber Wardens research report page.
Looking to improve your cybersecurity?
It can seem daunting to know where to start to protect your businesses. Whether you are starting from nothing, or you’re looking to upgrade and implement better systems, the Digital Solutions program and the Cyber Wardens program can help.
The Digital Solutions program
The Digital Solutions – Australian Small Business Advisory Services program helps support small businesses to be part of the digital economy while staying cyber secure.
The subsidised program can provide you with up to three hours of one-on-one digital advice from a qualified and experienced business advisor for $110, as well as unlimited access to workshops, webinar presentations and self-directed online tutorials.
Cybersecurity is one of the topics covered in the program and with a recent increase in scams, it’s highly recommended.
The Melbourne Innovation Centre (MIC) provides the Digital Solutions program in Victoria. To find out more and enrol, see MIC’s Digital Solutions Program.
The Cyber Wardens program
The Cyber Wardens program provides small business owners and employees with free, easy-to-use online training to identify cyber safety practices you can implement in your business.
You (or your employees) don’t have to be tech-savvy or an IT wizard to become a cyber warden. Just like training up a work health and safety officer to protect your business from physical threats, the program teaches new skills, to help your business prevent and protect against digital threats.
For simple, cyber safety solutions enrol now to Become a Cyber Warden.
Stay alert
Developing an awareness of how hackers gain access to your data is critical for small businesses. Improving cybersecurity across your business is one of the most important things you can do.
For up-to-date information about scams, alerts and advice, we recommend bookmarking the Australian Signals Directorate's alerts and advisories page.
For more resources to help protect your small business from cyber threats, check out the Australian Signals Directorate's small business cyber security page.