Home >  Blog >  Cyber Security and Small Business: Are You Prepared?

Cyber Security and Small Business: Are You Prepared?

Posted on 19 December 2023

We’re all now only too aware of the risk of cybercrime after the well-publicised data hacks of Medibank Private and Optus.

Although these crimes involved large organisations, email scams, cyberattacks and online scams also represent a major risk for small businesses, particularly if you don’t have the funds or knowhow to strengthen your digital security.

The latest Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report warned no-one was immune to cyber threats, with a cybercrime reported every seven minutes on average.

Simple scams, big costs to business

According to the government’s ACSC, small businesses in particular are at increasing risk of cyberattack, with 43 per cent of all Australian cybercrime now targeting these entities.

Cyberattacks often involve fairly straightforward scams. The ACSC highlights the example of a small construction business that received an email from a supplier saying they had changed banks and providing new account details. The construction firm didn’t call their supplier to check and twice paid an invoice for over $70,000.

The supplier was unaware one of its email accounts had been hacked and was sending out fraudulent bank account details. No funds were recovered.

New tools and training to counter threats

To counter growing cyber risks, the government allocated funding to upskill small business owners and employees in the May Federal Budget.

Run by the Council of Small Business Organisations of Australia, the new $23.4 million Cyber Wardens program aims to build small business cyber resilience by training 60,000 non-technical employees.

Cyber Wardens will help other employees prevent digital threats in a similar way to workplace safety officers.

ACSA has revamped its Cyber Security for Small Business Guide and accompanying video. One of its key recommendations is for small businesses to create a cyber emergency plan and test it using the ACSC’s Exercise in a Box tool.

The ATO is also emphasising the importance of business cyber security and has released a checklist of tips for businesses, such as turning on automatic updates.

Covering your risk with cyber insurance

Aside from the obvious inconvenience resulting from a cyberattack, small businesses also face other considerable risk exposures.

There is a mandatory reporting obligation under the Notifiable Data Breaches scheme requiring a business to report data breaches to the government and its customers if the breach is likely to result in data being misused.

The financial losses resulting from a cybercrime can also be considerable, making cyber insurance a worthwhile investment for many small businesses.

These policies cover a wide range of cyber-related financial risks, including losses suffered by third parties (such as customers), cyber extortion, public relations expenses, system and business interruption expenses, and data breach notification costs.

Cover for business continuity

Expenses resulting from a cyberattack are not the only potential risks a small business can face, making appropriate insurance cover invaluable if the worst happens.

While most small businesses have traditional business cover for building, contents, theft, commercial vehicle and general property, other business risks such as business interruption are often overlooked.

Management liability insurance protects the company and the people managing it against the risks and exposures of running the business, such as allegations of misconduct or legislative breaches.

It can also be worth considering key person insurance to compensate your business for financial losses arising from the death or extended incapacity of an important staff member. The lump sum payout can be used to offset costs such as recruiting a successor, or losses such as a decreased ability to transact business in the event of losing a key person.

Public liability insurance covers you and your employees for potential liabilities to third parties if your product or service cause bodily injury or property damage, while professional indemnity protects against liability for damages and legal costs arising from claims due to acts or omissions.

Review your insurance annually

Your business risks can shift over time, so it’s important to ensure your insurance cover is updated to reflect any operational or staffing changes. This can be done as part of your annual business review to check you are fully protected against common and emerging risks like cybercrime.

Most insurance premiums are rising at the moment, and it makes sense to evaluate your in-force policies to check the premiums remain competitive.

With small business budgets tightening, it’s also essential to ensure you are not wasting money on expensive policies that do not provide the cover you need, and that you’re aware of any special conditions that could invalidate your claim when you make one.

The current fluctuations in asset values (particularly property prices), also make it essential to regularly review market values to ensure you are not left under – or over – insured if the worst happens.

In a constantly evolving risk landscape, taking proactive steps within your business can work to reduce the likelihood of a cyberattack or limit damage should the unfortunate occur.

 

Cybersecurity tips for small businesses

Key threats to small business

  • Scam messages
  • Email attacks
  • Malicious software

Ways to protect your business

Secure your accounts

  • Turn on multi-factor authentication

  • Use strong passwords or passphrases

  • Manage shared accounts

  • Implement access controls

Prepare your staff

  • Educate employees

  • Make and emergency plan

  • Stay informed

Protect your devices and information

  • Update your software

  • Back up your information

  • Use security software

  • Secure your network and external services

  • Harden your website

  • Reset your devices before selling or disposing of them

  • Keep your devices locked and physically secure

  • Protect your business data

Source: Australian Cyber Security Centre

Every effort has been made to offer the most current, correct and clearly expressed information possible within this document. Nonetheless, inadvertent errors can occur and applicable laws, rules and regulations may change. The information contained in this document is general and is not intended to serve as advice. No warranty is given in relation to the accuracy or reliability of any information. Users should not act or fail to act on the basis of information contained herein. Users are encouraged to contact Rhodes Docherty & Co professional advisers for advice concerning specific matters before making any decision.

Rhodes Docherty Financial Advisors Pty Ltd ABN 43 122 391 315 is an Authorised Representative of RDC Advisors Pty Ltd, Australian Financial Services Licensee No. 396268 (Ph. (02) 8294 0988). Any advice contained in this document is of a general nature only and does not take into account the objectives, financial situation or needs of any particular person. Before making any decision, you should consider the appropriateness of the advice with regard to those matters.

Copyright Rhodes Docherty & Co © 2018. Liability limited by a scheme approved under the Professional Standards Legislation

Tags:Rhodes DochertyEmployersBusinessSecurityCyberScaminsuranceMalware
BOOK A

No Obligation Consultation Today

LATEST NEWS

KEEP UP TO DATE
Nov 20 2024
SMSFs - Keeping it in the Family Self managed super funds (SMSFs) can offer their memb...
Aug 29 2024
  Since the lockdowns of 2020-2021, the idea of working from home has become much...
Jun 27 2024
How to end the financial year on a high note   As the financial year draws to a ...
Suite 1.01, Level 1
828 Pacific Highway
Gordon NSW 2072
Locked Bag 1011
Gordon NSW 2072
Call Us: 02 9988 4033
Fax: (02) 9449 4229
Rhodes Docherty | Chartered Accountants Gordon Sydney North Shore