It might feel like something out of a made-for-TV movie, but cyber criminals are ruthlessly targeting small Australian businesses and experts are warning that these Aussie business owners need to protect themselves, or face the possibility of financial ruin.

Small to medium businesses are now the target of 43 per cent of all cyber crimes, according to a recent report by the Australian Small Business and Family Enterprise Ombudsman (toting the tricky acronym ASBFEO). And even more distressing is the report that 60 per cent of those same small businesses go bust within six months of the sabotage.

“Attackers are realising that larger organisations have better levels of protection whereas smaller organisations don’t,” said Professor Matthew Warren, deputy director of Deakin University’s Centre for Cyber Security Research.

“Small business don’t have the cyber security expertise, they don’t have the budget to spend on cyber security and they’re not up to date with all the different types of threats.

“The problem a small business has is that as soon as you lose the trust of your customers they are never going to come back.”

Even though the amount of money that can be stolen from small businesses is significantly less, there are far more of them for hackers to target and they can act as a backdoor to the larger businesses they interact with.

“Small businesses are also being attacked for their customer base to harvest their passwords because people tend to use the same passwords in different systems,” Prof Warren said. “There is a wide range of threats that small businesses are now facing.”

These include stealing the credit card details of customers, making business owners pay fake invoices, or holding small business owners to ransom after blocking them from their own systems.

Jeff Morris, Dell’s senior director of product management in the Asia Pacific, urged small business owners to have a “security mindset”. “It is very important, because you need to protect your business. If you don’t you could be out of business,” he said. “Cyber crime is definitely a growing threat, especially in the Asia Pacific market.”

More than just money

A cyber crime syndicate in February hacked and held to ransom the medical files of 15,000 patients from the heart unit of Melbourne’s Cabrini Hospital, a department that employs under 20 people, and therefore is categorised small business.

Prof Warren said the organisation paid the ransom several times hoping to get access back into the system – “but they weren’t able to”.

“They are scared, they don’t know what is going on and they think it’s just the easiest thing to do to get access to their data, not realising that they are going to have to keep on paying,” he said.

Cyber crime now costs the economy more than $1 billion each year, and last year alone Australia experienced a 30 per cent jump in the number of cyber attacks. “We are going to see an increasing number of cyber attacks against everything. It’s the new normal. And small businesses are now one of the attack vectors,” Prof Warren said.

How to protect your business  

Mr Morris said the first thing that small business owners needed to do was to have a plan of action ready to go in the event of a breach.

“People don’t need to be cyber crime experts but it is important they have a policy in place,” he said, adding that small businesses should also be across the mandatory data breach reporting laws which can attract fines of up to $2 million.

“It’s a lot of money for a small business. A lot of them don’t have that kind of money.” Small businesses are being encouraged to think about their cyber security in the same way as they would locking the door when they leave their office or when they park their car.

Mr Morris said it was important for small business owners to make sure their information is backed up and to always use patch management. He also urged them to use advanced password systems, such as when a fingerprint is bonded to a regular password and changed every 90 days.

“It is incredibly important that you have a secure endpoint,” he said. “Information is like water, it likes to flow, so you have to make sure you are protecting that information as it moves around.”

Prof Warren said the biggest problem was that the average electrician, plumber or café owner doesn’t consider themselves to be a potential target. “This is actually a major challenge,” he said. “There is a number of easy steps that businesses can take. The problem is that they don’t have that awareness.”

Dell’s key tips for small business

• Secure your endpoint by using strong passwords and have anti-malware and antivirus installed e.g. Dell Safeguard and Response
• Backup your data regular, store in a safeplace.
• Protect data that moves inside and outside of the business using encryption and or password protect the document or use Dell SafeData
• Never compromise your security for an end user.

To make sure your startup is a success, keep cyber security at the heart of your business. Check out Dell’s one-stop-shop for all your Data Security needs.  

Originally published as Small Business cyber security threats: How to protect your business