Only 13 per cent of small businesses have a plan to protect their money and valuable client data, 87 per cent of SMEs believe their business is safe from cyber attacks because they use antivirus software, 72 per cent believe their information is safe when stored in the cloud and only half of SMEs plan on improving their business security in the next 12 months.
These are the findings of MYOB SME Snapshot, a monthly survey of 400 small business owners by the online business management solutions provider. MYOB chief operating officer Andrew Birch said all types and sizes of business were susceptible to cyber attack, but attackers might consider smaller businesses more vulnerable because they are unlikely to be as well prepared.
Head of Information & Cyber Security at MYOB, Christie Lim said that while anti-virus software was an important measure that businesses invest in it was not fail-safe. “It’s great to see that small businesses are embracing technologies such as the cloud and taking some measures to protect themselves from cyberattacks, however there is still more that can be done to reduce online threats,” she said.
Cyber attacks can involve individuals in a business being tricked into clicking on a download, email or attachment that may contain a virus or ransomware. A cyber attack may also involve a false invoice being sent and money being paid to a fraudulent party.
Birch says cyber attackers are typically after money already in a business’s bank account or looking to divert money that should be flowing into that account. A business can have its bank account emptied in a cyber attack, which could force the enterprise to close down. Also, cyber attackers seek client information which can be used in identity fraud.
Small businesses don’t have big budgets to spend on securing their online systems and the survey found that the biggest barrier SMEs feel they face when improving their cybersecurity is not having sufficient expertise (38 per cent), followed by not having a strong online presence (32 per cent), closely followed by a lack of understanding and finding the whole issue too complex (28 per cent).
Lim recommends that businesses familiarise themselves regularly with best-practice approaches through websites such as Stay Smart Online Small Business Guide and seek advice from the Australian Government via the Australian Cyber Security Centre.
Businesses that turn over more than $3 million a year are obliged under the Privacy Act to protect information and if they have taken no measures to protect themselves, they may be liable for prosecution plus clients who have personal information stolen may have a case to take legal action against the business that was attacked.
The Australian Cybercrime Online Reporting Network received 11,851 reports of cybercrime in the three months to June, 51 per cent of which related to scams or fraud and 19 per cent to purchases or sales.