Small business owners who don't prioritise the online security of their business risk becoming one of the 60 percent that close down within six months of a cyber attack.
Research commissioned as part of last week’s Stay Smart Online initiative shows that only 2 percent of Australia's two million small business owners see the online security of their business as a priority -- and cyber criminals are cashing in.
The Australian Cyber Security Centre last year responded to 11,073 cyber security incidents affecting Australian businesses, and that figure is rising.
One small business that did not survive a devastating cyber attack was domain registrar, Distribute It, which was targeted by a hacker in 2011.
The Melbourne-based business had been built up over 10 years by brothers Alex and Carl Woerndle and at the time of the attack, managed almost 10 percent of domain names ending in .com.au and had 30,000 hosting clients.
The attack came in waves, with the hacker managing to save keylogging malware on a staff member's laptop which built up a password database allowing him to bypass all of the company's security protocols.
Within 2 weeks of the initial attack, 4800 websites were lost and the business was no longer viable.
Through his role as Commercial Manager of CQR, Alex Woerndle now helps business owners understand the importance of effective information security.
AVG security advisor Michael McKinnon said the government's estimation of the number of small businesses that close after a cyber attack may be "a bit skewed", but he wasn't shocked by the low number of businesses that prioritise security.
“When I see these stats I’m never surprised,” he said.
“Whenever I speak to small businesses, I find they are all very concerned about security, but there are other things they have to worry about as well.”
The effects of a cyber attack on a business can vary, but last year's 2014 Cost of Cyber Crime Study: Australia showed:
- 40 percent experience business disruption
- 29 percent lose information and experience a loss in productivity
- 25 percent lose revenue
- 4 percent have damaged equipment
Cyber attacks can include stealing an organisation’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers and posting confidential business information.
It showed that small businesses experience a higher proportion of cyber crime costs relating to web-based attacks, malicious insiders, malware, viruses, worms, trojans and botnets.
COMMON CYBER THREATS:
Malicious software (malware)
A catch-all term used to describe software designed to be installed into a computer system for the purpose of causing harm to you or others. This would include viruses, spyware, trojans, worms, etc.
Software that is covertly installed on your computer and designed to deliver advertisements or other content which encourages you to purchase goods or services.
Software that is covertly installed on a computing device and takes information from it without your consent or the knowledge of the user.
Malware designed to infect and corrupt a computer and to copy itself. Viruses can disrupt programs installed on a computer.
A commonly used term to describe a confidence trick, relying on email or a website to deliver the trick to unsuspecting users.
A self-replicating virus that does not alter files but resides in active memory and duplicates itself.
‘Ransom Software’ is a type of malware which handicaps computer functionality, for example, through browser hijacking or encrypting personal data, and offers to restore the functionality for a fee, which is extortion. Paying the fee does not guarantee removal of the ransomware, which can lay dormant ready for attack in the future.
Fraudulent email messages or websites used to gain access to personal information for illegal purposes such as transferring funds or purchasing goods over the internet.
Malicious code that is hidden in a computer program or file that may appear to be useful, interesting, or at the very least harmless to you when using your computer. When this computer program or file is run, the malicious code is also triggered, resulting in the set up or installation of malware.
Malware placed on a legitimate website to compromise website or users.
A keylogger is a program that records the keystrokes on a computer. The log may be saved to a file or even sent to another machine over a network or the internet.
Unsolicited email. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or illegal services. Users are advised that if an offer in an email appears too good to be true, then it probably is and should not be actioned in any way.
To help small businesses stay safe, the Department of Communication and the Arts has released The Stay Smart Online Business Guide.
Here are the guide’s top tips to help keep small business safe:
You shall not pass
- Creating good passwords is essential to the online safety of your business.
- Choose passwords that are 10 or more characters long and include a mixture of numbers, letters, special characters, upper and lowercase.
- Longer passwords are stronger.
- Change passwords regularly and never re-use the same one.
Back it up
- Regularly back up all your business information including accounting files, invoicing and quoting systems, letters and emails, information and resources, and even your website files.
- Back up your data to a removable storage device such as a hard drive -- don't use your computer as the backup as it may become compromised.
Information is power
- Stay vigilant and up to date with news on the latest scams and spam and internet threats.
- The more informed you are, the better positioned you’ll be to protect your business should a threat arise.
- Know who has access to your business information and make sure employees have their own logins and passwords.
- By limiting access on a need-to-know basis, you reduce the risk of an ‘insider’ accidentally or maliciously releasing confidential information.
Secure that network
- Anti-virus software that is automatically updated is essential for small business, and don’t trust any wi-fi network you don’t control.
- When it comes to mobile phones, keep them locked when not in use in case of loss or theft.
- Try to limit the business information stored on them, including email.
You can hear Carl Woerndle talk about the hacking incident at length here.