The highly anticipated first tranche of the federal government’s reforms to privacy laws were introduced into parliament last month, including 23 of the 25 proposals agreed to by the government in its response to a comprehensive review completed last year.

For small businesses, the material changes are likely to come in the second package of reforms which are expected following further consultation.

Notably, those changes are expected to include the removal of the small business exemption that currently exempts businesses with a turnover of less than $3m from complying with the Privacy Act.

Removing the exemption would create new legal obligations for small businesses around the collection, use, disclosure and protection of customer and other personal information.

However Kaseya APAC vice president and general manager Daniel Garcia said many small businesses were unaware of the looming reforms, and the potentially dramatic changes to their legal obligations.

“The directors of those businesses are becoming more liable ... and therefore every organisation needs to be very aware of the data that they hold for their end customers, how they manage that data, and putting the right protections in place, and the right processes in place, so that information can’t be accidentally lost or shared,” he said.

“It’s becoming more obvious, and more common, that organisations that never used to have to be concerned with cybersecurity have to be, from all sorts of different compliance frameworks or compliance standards.

“I don’t think they’re (small businesses) necessarily prepared for what’s coming. The MSPs (managed serviced providers) - it’s going to be up to them to educate their customers.”

Miami-based Kaseya provides AI-powered cybersecurity and IT management software to MSPs and medium-sized businesses, and has close to 3000 customers in Australia.

Speaking to The Australian during the Adelaide leg of the ‘Kaseya 365 World Tour’ – an annual event where management meets with customers to discuss the latest tech trends – Mr Garcia said one of the most pressing trends facing small business owners was the new approaches cyber criminals were adopting in the malicious online activities.

“These organised criminals and cyber criminals, they used to target the big end of town – they used to target the banks and try to go for those bigger organisations,” he said.

“There’s been a huge shift for those cyber criminals, and they’re attacking the SMB space. They’re casting a huge wide net, and whenever they do get something, they’ve been really realistic in what they can get out of that and they’re making a really big turnover.

“We need to make sure that our partners are providing the right sets of tools for their end customers and are more educated as well.”

Mr Garcia said many businesses remained unaware of the heightened cyber risks, while others were reluctant to make the investment needed to beef up their internal protections.

“Attack vectors has more than doubled in the course of the last 24 months, yet the budgets have certainly not been able to keep up to protect from the level of attack vectors,” he said.

“So it’s around both the awareness and the budget to be able to protect these businesses.”

More Coverage

Common office tool hijacked for ‘malicious’ attacks on SA govt

Andrew Hough

Originally published as Kaseya IT leader warns of rising cyber threat facing SMEs