Security

Cyber security isn’t a big business imperative, it’s an everyone necessity

- January 24, 2024 3 MIN READ

Beware small business cyber criminals are gunning for you. It is not just the big corporations or tech giants getting attacked. Annette Densham sat down with Taminda Polle, founder of Cyber IS to get the lowdown on how businesses can better protect themselves.

Any business that uses the cloud, email or has a website can fall victim to these insidious invisible infiltrators. They steal data, sell it to the highest bidder, and expose the confidential information they capture for their own nefarious purposes. Cyber criminals are sophisticated, clever, and don’t care who they damage in their grab for data to fill their bank accounts.

This is not a scare tactic. This is the frightening reality of living in this interconnected digital world.

Yet, many in small business think it will never happen to them.  Small businesses often underestimate the dangers lurking in cyberspace, but they are equally vulnerable to cyber threats. Recent statistics from the Australian Cyber Security Centre show that 62% of small businesses have experienced a cyber security incidence. Half have an average or below average understanding of cybersecurity and the Essential Eight Mitigation Strategies.


Taminda Pollé, founder of Cyber IS said that since the Australian parliament introduced the Notifiable Data Breach (NDBS) scheme in 2018, data breach reports have risen by a shocking 712%.

“A business is hacked every seven minutes in Australia. This can cost a business anywhere from $39k to over $1m to a business,” Taminda said. “Sadly, 66 per cent of small businesses never recover.

“That is years of work down the drain, because they didn’t take the threats seriously or were unaware of how to protect their business from cyber criminals.”

It’s unsurprising that small businesses are targeted, with the average spend of $500 a year on cyber security.


Taminda said far too many small businesses are taking the DIY approach. “Cyber security is a complex space. Technology is rapidly evolving, and the criminals are keeping up. Unfortunately, their victims are not. The head-in-the-sand approach many adopt doesn’t cut it, especially given the cost of recovering. Cyber breaches do not just cost a business money, but also cost small businesses in reputation,” she said. “Being unprotected is not just about having your data stolen, it’s the ripple effect on your credibility, reputation, trust factor, fines and can impact your insurance.”

“Cyber criminals are not like they are portrayed in movies. Cyber criminals are not kids huddling away in their garages. This is big business with brokers who specialise in selling data and lists to big spenders.”

Taminda said it’s no longer if, it’s when. “We’re all at risk,” she said. “It is not complicated to protect your business. It is like insurance. It is not until you need it that you realise how important it is. So, before becoming a victim, it is time for small businesses to become more cyber security proactive.”

One of the best ways to protect your small business starts with people. Taminda said it is vital to invest in education and training. “Cybersecurity starts with people. Small businesses should educate their employees and themselves about cybersecurity basics, including recognising phishing attempts and following secure password practices,” she said.

“Then invest in security software, not just the free version, but the paid version, to ensure full protection. Businesses should be looking at implementing antivirus, firewall, and intrusion detection systems to provide a basic layer of defence against cyber threats,” she said. “Then the key is to keep these tools updated to stay protected against the latest threats.

“Make sure you do regular updates and patch management, because cybercriminals often exploit vulnerabilities in outdated software. Ensure all software and operating systems are regularly updated to patch known security flaws.”

Taminda’s seven steps to ensure full protection of your data and business from cyber threats

  1. Data encryption: Encrypt sensitive data, both in transit and at rest. Encryption ensures that even if data is intercepted, it remains unreadable to unauthorised users.
  2. Secure remote work: If remote work is part of your business, secure remote access with VPNs and enforce strong authentication measures.
  3. Backup and recovery: Regularly back up essential data and have a robust disaster recovery plan in place to minimise data loss and downtime in case of a cyber incident.
  4. Vendor security: Evaluate the cybersecurity practices of vendors and partners in your supply chain, remove the weak links in your supply chain, so you are not leaving a back door open for attackers.
  5. Incident response plan: Create a clear incident response plan outlining the steps you need to take in the event of a breach, because response time can mitigate the damage.
  6. Regular audits and assessments: Just like you check your house at night before going to bed to ensure you are all locked up, doing cybersecurity audits and assessments to identify vulnerabilities and weaknesses in your business will add another layer of protection.
  7. Cyber Insurance: Yes, there is insurance for cyber security, but make sure you put it in place before you are attacked, otherwise many insurers will not touch you. Insurance helps mitigate financial losses in case of a data breach or cyber incident.

 


Want more? Get our newsletter delivered straight to your inbox! Follow Kochie’s Business Builders on FacebookTwitter, Instagram, and LinkedIn.

Now read this

Small businesses to receive million-dollar cyber security boost