Small businesses in the cyber-crime firing line

Small businesses in the cyber-crime firing line

In its Internet Cyber Security Report for 2016, US computer security giant Symantec warns that it is small businesses that are increasingly bearing the brunt of cybercrime worldwide.

“In the last five years, we have observed a steady increase in attacks targeting businesses with less than 250 employees, with 43 percent of all attacks targeted at small businesses in 2015. It’s not just Fortune 500 companies and nation states at risk … even the local laundry service is a target,’’ the report warns.

Easy targets

The reason small businesses make such attractive targets for cyber-criminals is they have sufficiently valuable information to make it worth an attacker’s time, yet they often lack the protection level of larger organisations, says Chris Rodriguez, Checkpoint’s marketing manager in Australia and New Zealand.

“Small business owners just want to get on with running their businesses. I know this first hand, because my wife is one,’’ says Rodriguez.

“They are so busy with their day-to-day tasks, and they are often very trusting people. They buy an antivirus package and think they are covered – but they’re not.’’

High price

Unfortunately, the price of poor cyber-security can be extremely high. Rodriguez warns, for example, that many small and medium businesses in Australia are covered by the Privacy Act, which makes them potentially liable for a fine of up to $1.7 million should hackers access their systems and steal confidential customer data.

But there is no need to panic. Not only can practical steps be taken in the day-to-day running of your business to avoid cyber threats, but financial protection is also available.

For this reason, small businesses are increasingly turning to cyber-insurance such as CGU’s Cyber Defence policy, which offers protection against cyber-risks such as fines, penalties and third-party claims for privacy breaches.

On the front foot

There is no way for a business to know it is about to be targeted, says Rodriguez, so SMEs need to be proactive.

“We really need to build awareness,’’ he says. “Cyber-security is a state of mind, a way of thinking and a way of life.

“You lock your car, you lock your office, check the windows and doors - but have you locked your network?”

Easy way in

“Email is primary point of entry. These are legitimate-looking emails, with attachments that may say ‘Notification from Australia Post’, or ‘Click this link to pay your speeding fine’.

“If I know that I drove past a speed camera yesterday and I was going a little fast, it’s at the top of my mind, so I click – and then they’re in.’’

The single greatest threat to Australian small businesses right now is ransomware, says Rodriguez.

Ransomware allows hackers to gain access to your computer and encrypt your hard drive. They then send you get a message instructing you to pay, often in untraceable bitcoins, if you want your data back.

Protect against deadly attacks

One such attack recently infiltrated businesses across Australia after it was downloaded by at least 10,000 Australians, according to Checkpoint’s internet threat monitoring systems.

Disguised as a bill from energy company AGL, once installed the ransomware demanded a $US640 ($A880) payment. But even when the ransom was paid and the computer unlocked, the malware continued to monitor the infected computers, recording keystrokes and mouse movements.

A good cyber-risk insurance policy such as CGU’s Cyber Defence also provides protection against losses from business interruption and from lost IT records and data.

Someday, predicts Rodriguez, cyber-security will be regarded as an essential utility, such as electricity or water, that no one would consider going without. But until such time, the internet will remain a happy hunting ground for ruthless criminals. And all businesses need to ensure they protect themselves by insuring against potential losses and by using the latest and best cyber-security technology available.