Australian SMEs have had a complex relationship of late when it comes to cyber security. Advised to ensure all aspects of their companies have a digital component, while investing in digital footprints and technology infrastructures to remain competitive. They need to be consistently evolving, ensure an always-on social media buzz and remove as many barriers (read: human interaction) as possible to maintain a seamless automated experience for customers. For those SME founders and CEOs who are not tech savvy, reliance on team members and very often, out-sourced third parties, to oversee these aspects of the business can feel daunting when you realise how little control you maintain just to remain on the journey of tech-progressive.
The risks of competition and client losses, however, pale into comparison when observing the statistics around how Australian small businesses are failing to prepare with the ever present looming risk of cyber security breaches, cyber crimes and human error. In 2017 alone, over half a million Australian SMEs have to overcome the pain of being a cyber crime victim with one in four SMEs losing on average 25+ hours in downtime and $1.9million in costs. The impact can be significant, and devastating. When surveyed, the SMEs admitted that 1/3 of them would not last a week without the critical information this data often holds. Despite these daunting risks, only 20% of SMEs back up their business data no more than once a month, and 32% backed up to cloud servers such as dropbox.Â
If the risks are so prevalent, and the damage is so severe, why aren’t Australian SME owners taking it upon themselves to understand critical information that can help save the company they often built from scratch.
In our experience, we have worked daily in analysing and resolving significant cyber attacks on major companies, and so often the devastation caused could have been avoided by two words: Cyber Hygiene.
With the impact of device addiction, we are fast learning about the impact of constant smartphone usage on our relationships, productivity and even health. Often SME founders will talk about the balance required to be effective in their companies, and digital detoxes are almost consistently at the top of that list. Alongside that, comes sleep hygiene, a dedication to best practice to ensure sustainable and rested sleep patterns. Part of this process often includes removing the smartphone from the bedroom, making sure the TV is only on for a short period of time, and not checking phones during the night in the dark. This all makes sense, but the commitment is misguided if it just stops there. A commitment to cyber hygiene is as critical, if not more so, for SMEs. Fortunately, maintaining a resilient cyber hygiene process is possible and accessible regardless of budget, growth trajectories and SME size. Here are our top 3 tips for maintaining premium cyber hygiene!
- Think of your smartphone in the same way you think of your office laptop
Many of us are dedicated to ensuring our laptops are secure, we wipe passwords away, often update and change passwords regularly and usually have some sort of Internet security software installed. But very few extend this to their smartphones, a device that often carries sensitive commercial emails, password managers, always logged-in social media accounts and the private contact details of many of your clients. By installing software on your phone, regularly updating your PIN and taking advantaged of biometric logins, SMEs are able to ensure their devices are secure and not a threat to the business.
- Choose to view cyber security as a commercial component, instead of an outsourced problem
You didn’t start your business to become the IT person, and you are often so time poor that working on IT problems is going to be a distraction from your core business. However, being cognisant of the risks associated with cyber attacks, as well as evolving and fast moving cyber challenges facing SMEs, is an important part of your knowledge toolkit. It does not mean you have to work on it personally, but you will be able to identify threats quickly, understand commercial sensitivities and have a higher probability of responding appropriately to an attack, when (not should) it happen.
- Be across best practice, and best tools that suit your SMEs needs
Whether it is a commitment to backing up to a cloud or hard drive on-site, or installing a password manager, SMEs should be consistently looking for tools and approaches in an ever evolving market. This includes market news around how hacks are occurring, when and what to do to mitigate risk and observing cautionary tales. It also includes being smarter about password security, for example it is common for passwords to be a combination of your birthday, phone number or basic sequences such as ABC123. It is frightfully easy to hack and best practice would be to ensure regularly changing your passwords, and using a combination of upper and lower cases, as well as a character such as an asterisk or question mark.
It’s important for SMEs to remember that cyber security cuts across departments and is the same regardless of the IT implementation or vertical. Trading in this digital age means that cyber security is certainly no longer an IT issue. It has become an I, You, Me, They, US and We issue.
Noushin and Negar Shabab are twin sisters and cyber security experts. Noushin is a security researcher at Kaspersky Lab and Negar is in application security at PS&C Group. Recently, the pair also collaborated with RMIT’s involvement with Cyber Security Challenge Australia (CySCA). Launched in 2012, CySCA is Australia’s only national hacking competition, Run by the Department of Prime Minister and Cabinet, the competition targets students in higher education to unearth the next generation of cyber security talent.