Table of Contents
Click the links below to move quickly to that section.
- Should small businesses worry about cyber attacks?
- Prevention is better than a cure
- How to recognise a phishing scam
- Security tips for your payment process
Should small businesses worry about cyber attacks?
You might think only large corporations have to fear cyber threats. But it’s like imagining there are only high end jewellery thieves in the world. Of course, the prize is immensely more valuable if counted in royal jewels, but the skills needed are considerable.
It’s much easier for a thief to try his hands on a grocery store. In the same way, hackers go for small companies. 90% of breaches impact small businesses.
The Australian Cyber Security Center (ACSC) reported an estimated loss of $300 million to cybercrime in the country every year. And that’s just on the financial side. It doesn’t take into account reputation damage, which is so important to family businesses. They further estimate 62% of small and medium businesses have already suffered a cyber breach in Australia.
But there’s no reason to panic. The key is to educate yourself, have the right cost-effective protection, and be aware.
Read on to find out what to look out for. We will examine what are the risks to your business and what precautions you should take. In a follow-up article, we will plunge more deeply into how to evaluate what cyber-security stage you’re at and the minimum protection you should aim for.
What does a cybersecurity attack look like?
Signs of a breach
The first step for a working small business cybersecurity plan is observation skills. Be aware when you have been compromised and act immediately.
Five obvious signs to watch out for
- If you start receiving emails that look like they come from colleagues / collaborator / clients, but they don’t. Or if external customers are receiving emails from you that you haven’t sent.
- New programs that you did not install appear on your screen or in Task Manager.
- Your computer slows down and it takes you longer to do all your usual tasks.
- You lose control of your mouse and keyboard.
- Your online password isn’t working.
Those are all bad signs. Your small business may be under cyber attack and you may have a security breach. It’s time to call for professional IT help to mitigate the problem and save what can be saved.
Prevention is better than a cure
As your sports coach of choice might say, the best defence is a good offence. In technology terms, it translates to: the best cyber protection consists in preventing any infiltration into your system in the first place. The most important one to watch out for is the phishing scam.
How to recognise a phishing scam
Cyber attacks start small, with a lure on a hook. At first contact, it seems like the real deal. In fact, it often looks better, plumper and shinier. It wiggles just enough to create a sense of urgency. Both lures and phishing scams often make you feel like you have to act now, before your brain fully kicks in, because if you don’t jump, you might just miss the prize.
So now, do you know how to recognise a phishing scam, or might you accidentally bite and swallow hook, lure and sinker?
The truth is, it’s much harder than it might seem. Scammers are becoming better and more sophisticated.
The key to remember when evaluating any messages you receive in your mailbox is:
- Be wary of messages that create a sense of urgency.
- Be wary of special offers and deals that sound too good to be true.
- Always check email addresses of sender / user name consistency or phone numbers if you received a mobile text.
- Government agencies never ask for your personal data in email texts or through messaging on mobile devices.
- Inconsistencies in font size and colour / writing style / signature / logo are a warning sign.
- Don’t click links you are not sure about.
Phishing messages are refining over time and getting increasingly tricky to distinguish. It is essential to be aware and to have a preventative process in place.
Take the quiz. Can you spot a phishing message?
The Australian Government created a test you can take to evaluate your skills. This is a great way to see how aware you are, and if you are looking for the right information when evaluating a message.
What are the other cyber-security threats to small businesses?
The next most significant threat is the use of insecure passwords.
It is very easy for a hacker to get access to a password. If you are only using one across multiple websites and accounts, or a small pool of them, and have been using them for a long time, chances are your password is floating somewhere in a database for sale on the dark web.
Another problem is if your company is using one server and you share a password with multiple people. For small companies, getting multiple accounts for one program might be too expensive. A good way to cut corners is by sharing an account.
But the more people know the password, the more it is at risk. You are likely to find yourself in the situation where your password is handed around on a post-it with no second security barrier.
If you add to that logging in from multiple unsecured Wi-Fi sources, breaches become much more likely.
You might be a cautious person and regularly change your password. But some programs are designed to guess them. Passwords only comprised of none-capitalised letters are easy to decipher. The longer your password, the more it includes jumbles of numbers, symbols and letters, the harder it is to hack.
2020 highlighted the risk of non-secure WIFI access points
With a large number of people now working from home, breaches have increased. Working remotely, on unprotected home WIFI, has allowed all kinds of spyware to boom. Without an IT department looking after cyber-safety in their employees’ house, many companies realised they needed boosted security.
This problem is not limited to private users’ networks being inadequate protected. All kinds of off-site working places are unsecure. If you are setting up in a café / library or on public transport, logging into the public WIFI network opens you up to cyber threats. If your business doesn’t have adequate cloud protection, its security can be seriously compromised.
There are many risks to consider, and most need adequate IT solutions. But a few basic enforced processes can go a long way in steering clear of phishing messages.
A preventative process to put in place
Without looking at the technical side, you can do things to make sure your company doesn’t fall victim to phishing scams and impersonation.
It is good practice to educate your employees. Staff should all know what to look out for and have a security strategy. Have a process to report a phishing scam attempt.
Security tips for your payment process
Last but not least, have a clear set of steps to take before you make a payment, click on a link or give out information.
Add those two processes to your payment routine:
- When you are making a payment to a collaborator, always look for the purchase number. Match it to your invoice before paying.
- When you receive an invoice from a collaborator with different bank details than usual, always confirm the new information over the phone with them.
Financial account passwords must have a unique combination of numbers, letters and symbols. Complement that with multi-factor authentication.
Also, have a firm backup policy in place. In case anything goes wrong, you want to be able to restore your data, use your programs and get back to work quickly after a breach.
For more reasons small businesses should particularly be wary of cyberattacks, and what essential protections you should have in place, subscribe to our newsletter.
Have cyber breach questions?
Don’t hesitate to contact us. We can help you with a cybersecurity audit.