Hackers don’t worry about company size; they look for ease of access to networks and company data. Many SMEs think that cyber-crime only involves large companies and global players. Not so: 60% of all targeted attacks last year involved small and medium organisations.
SMEs can build solid defences even with a limited IT budget. Awareness of the threats underpins any initiative. The Australian Cyber Security Centre (ACSC) website is a good place to start. The cocktail of potential threats includes malware, ransomware, spear phishing, malicious use of remote access tools, “watering hole” and denial of service. Many new solutions meet these challenges and some of them, such as P2PE or tokenisation, offer SMEs a cost effective strategy.
With ninety per cent of attacks associated with poor basic remediation such as firewalls, default passwords, VPNs and double authentication, some simple security steps punch above their weight. All too often security passwords, a rudimentary defensive step, are the company’s name, or simply “password”. Strong passwords don’t cost a cent and can strengthen cyber defence considerably.
Another basic defence is PCI compliance. Many small Australian businesses are not PCI compliant, so putting this into place is a must. A breach attracts sizeable fines and significant damage costs. If data-at-rest complies with PCI, in the event of a cyber hack, any data found will be useless. An even more secure option, and often the easier strategy, is to outsource the processing of financial transactions.
Information security needs to be a concern to everyone in the business regardless of his or her role or seniority. A clear communication program about data-protection policies and what personal PCs can, and cannot, store only requires an investment of time. Another simple defence insurance is to protect all PCs with automatic software updates, enable antivirus updates and maintain firewalls. If it all sounds too complicated, consider managed security services to take away any doubt.
In April 2015, the Australian Federal Police (AFP) revealed that there were more than 3,500 breaches in that one month alone. The risk is ever-present but with a disaster recovery plan in place, damage is mitigated. Offsite back-up allows for speedy recovery and some insurance policies cover certain expenses associated with hackers.
SMEs can leverage even a limited IT budget to combat cyber-attacks. Armed with some knowledge and willingness to take basic security steps, every business can minimise the risk of a cyber breach.