As more business services move online, cyber criminals have a greater opportunity to capitalise on the shortcomings of businesses’ protection. And it seems that they are – the Annual Cyber Threat Report published by the Australian Cyber Security Centre (ACSC) found that there is an average of 164 reports of cyber crime per day, or approximately one report every 10 minutes in Australia. Here, we break down some of the most common cyber security misconceptions – and look at how you can avoid falling for them.
Myth: “My business is too small to be targeted.”
Many small businesses and sole traders believe they are too small to be a target of cyber crime. But in the last year, almost two thirds of small businesses have reported that they have been a victim of cyber crime. It’s important to recognise that cyber criminals aren’t necessarily looking to catch the biggest fish in the sea. With access to greater financial and human resources, big businesses are more likely to be protected online – making smaller businesses an attractive target. Abigail Bradshaw, Head of the ACSC, says Aussie small businesses are far from immune. Small businesses can be big targets for cyber criminals,” says Abigail. “A 2019 ACSC Small Business Cyber Security Survey showed 62% of small businesses reported they had previously been a victim of a cyber security incident.”
Myth: “My business is located regionally, not in a city, so it’s unlikely to be a target for cyber crime.”
A business’s physical location doesn’t mean much to a cyber criminal. Wherever you are, your data is a valuable commodity. A cyber criminal can target a business on the other side of the world – so whether you are located in a metropolitan, regional or rural area is not a criminal’s concern. They will be looking for vulnerabilities and if they can easily get through your cyber security measures. . Even if your business is located outside of a city, you should ensure you have all the right steps in place to prevent an attack – like training for your team so they can identify potential threats, and secure internal processes, like multi-factor authentication when logging into workplace systems.
Myth: “I have purchased cyber security insurance for my business, so now it’s fully protected.”
An insurance policy generally provides financial protection, but it does not provide protection against a cyber attack. If you have car insurance you wouldn’t leave the doors unlocked when you are parked on the street – and the same goes with cyber security measures for your business. With some insurance policies, the terms may specify that a business will not be compensated when a breach occurs if adequate steps have not been taken to protect the business. It’s important to know exactly what you are covered for and have appropriate protection in place, in addition to your insurance. Without it, your business may be left exposed. Prevention measures are essential to the overall safety of your business, like team training and software. These fundamentals will help protect your business – and having insurance on top of this will help keep you covered if you do experience a breach.
Myth: “My business doesn’t collect valuable data, so cyber criminals won’t bother hacking me.”
Things like shipping addresses and even birthdays can be valuable to cyber criminals. Bite-sized pieces of information can be a way in for larger, more sophisticated operations. Customer data and business data should always be collected and stored with careful cyber security practices, no matter how seemingly slight the data is. If you manage your customer data with a CRM, your software supplier does not necessarily provide protection. It’s important to understand where weak spots might exist in your business, so you can follow best practice to keep your data secure.
Myth: “My business has an IT expert, so we are covered if there is ever a breach.”
IT expertise and cyber security expertise are two very different things. An IT professional is trained to manage operational systems, but when it comes to cyber security, you might need to seek specialised advice. An IT expert should be on top of things like software updates and managing computer tech issues for your business. Cyber security practices are continually evolving as cyber crimes become more sophisticated, which is why you may require the help of someone who is specialised in this area. While there are resources available to help you keep on top of new alerts and recommendations – like the ACSC small and medium business guides – a trained cyber security expert should be across these, and be equipped to manage the best course of action if you do experience an incident.
In a changing landscape – where we have multiple devices and many of us are working from home – the first step to cyber security is understanding where risks may exist in your business – and if there are any areas you may have overlooked. If you’re unsure about how your business fares, you could consider consulting a cyber security expert to help to ensure you have covered all bases.