The Cyber Security Best Practice Guide
The Australian Small Business and Family Enterprise Ombudsman has published a Cyber Security Best Practice Guide, hoping to help small business operators in Australia prevent, or better prepare for, a cyber attack.
According to the guide, small business is the target of 43 percent of all cybercrime, with the government citing research published early 2016.
Following the WannaCry and Petya ransomware campaigns that caused havoc globally in 2017, the ombudsman said 22 percent of small businesses breached by the attacks were so affected they could not continue operating. While 60 percent of small business that experience a significant cyber breach go out of business within the following six months.
Another statistic highlighted by the Cyber Security Best Practice Guide.pdf is that 87 percent of small businesses believe their business is safe from cyber attack because they use antivirus software.
Ombudsman Kate Carnell said many small businesses lack time and resources but cannot afford to be complacent about cybersecurity.
"Cyber criminals are becoming more sophisticated and small businesses are particularly vulnerable," she said in a statement.
"Online threats are just as real as physical threats. Cybersecurity needs to be taken seriously, like having locks on your doors and a burglar alarm."
Carnell said small businesses shouldn't be afraid of "going online" because the opportunities and benefits could be immense.
"Many small businesses have successfully blended their physical and virtual shopfronts to establish sustainable operating models," she said.
"It would be an incredible shame if small businesses shut themselves out of the online market because of fears about cybersecurity.
"There are risks attached to most activities, even crossing the road. Taking sensible precautions broadens opportunities and heightens the rewards."
The guide offers up three "quick steps to serenity": Prevention, well-being, and response.
The guide encourages small businesses to undertake regular backups, patch applications, use complex passwords and use two-step authentication, and to limit access to administrator accounts and sensitive information.
In attempt to do things "safely" the guide asks small businesses to communicate safe practice and talk about cybersecurity frequently within the workplace, browse safe sites, and only install trusted applications.
"If you think an attack has happened, tell staff and tell the authorities," the guide states. "Restore backups from before the incident. Consider cyber insurance."
Speaking last year at the ASIAL Security Conference in Sydney, Carnell said a lot of small-to-medium enterprises (SMEs) operating in Australia don't think they have anything warranting a cyber attack, believing criminals instead would target the "big guys".
"They know the big guys have really cool systems and they know the little guys haven't," she explained. "Cyber criminals now are attacking small businesses as a result, very, very regularly."
30 percent of small businesses reported experiencing a cybercrime incident in the year to mid-2015 -- a 109 percent increase over the year prior. Carnell, however, is certain that figure was a lot higher as a lot of small businesses don't want to admit they've fallen victim.
Australia is a nation of small business operators -- defined by the ombudsman as business employing less than 20 employees and by the Australian Taxation Office as businesses turning over below AU$10 million.
As of July 2017, 97 percent of business in Australia were small businesses employing less than 20 employees -- that is 2.1 million individuals employed by a small business.
Carnell added that many do not have a chief operating officer, in-house lawyers, or IT folk. They don't really get cybersecurity even though they know it's a problem, and the CEOs are often actively running the day-to-day business with an office structure around them. As a result, cyber protection is often forgotten.
"This is starting to be a bigger impact among our economy ... than some traditional forms of crime," she explained, but noted that the challenge for many SMEs is they don't know how to protect themselves.
"The reason they don't know how to deal with it is that there's so much stuff in the space across government ... there's a lot of different parts of the federal government dealing in the cybersecurity space."