SMEs are becoming increasingly targeted by cyber-attacks. This is largely because of the sense of 'security fatigue' among business owners, resulting in lax cyber security standards.
SME owners are being urged to review and update their security arrangements in light of the increase in attacks, to avoid the largely preventable attacks.
As more small and medium enterprises (SMEs) turn to e-commerce as a tool to boost their bottom line, exposure to cyber risks has soared. The trend in attacks has been low value and high volume, with the majority of attacks involving encryption - locking up business data though malware and holding it for ransom. Though it may seem the lower turnover of SMEs make them less of a target, in reality they are just as vulnerable as their larger business counterparts, if not more so. This is because they tend to have more lax cyber security standards and less mature IT security measures.
The Federal government has recognised this threat and invested $230 million into enhancing Australia's cyber security capabilities. However, businesses are encouraged to work with the government on the issue, with SME owners being urged to 'adopt the basics' and ensure their security practices are robust and up to date.
Regular self-assessment should reveal cyber risk exposure and ability to respond to or recover from cyber incidents, and provide the basis for security reform. Simple steps SME owners should ensure are taken include:
- drawing up online security plans
- backing up data
- implementing robust password practices
- instigating regular software updates
- installing anti-virus and anti-malware software on company devices.
Business owners should also ensure their employees are educated on how to use secure online practices.
For more information on the Government initiatives in this area, read Australia's Cyber Security Strategy.
For information on how to optimise password security, read our previous blog post here.
* * * *
This Newsletter, of necessity, has dealt with matters of a technical nature in general terms only. Clients should contact us for detailed information on any of the items in the Newsletter. No responsibility for loss occasioned to any person acting or refraining from acting in reliance upon any material in this Newsletter can be accepted by any member or employee of the firm.