New technology and the rampant rise of the internet has made running a small business so much easier over the last five years. With pretty standard software and mobile devices you can access anything, anytime, from anywhere.
The trouble is, without the right protection, other people can easily access your data too. And they do.
A recent survey of Australian small business owners found that almost half have experienced a cyber-attack in the last 12 months, with a third copping a ransomware attack by internet pirates.
I was blown away to hear these numbers. Sure, you hear about a few people getting hacked or contracting a virus, but half of small businesses in Australia? Wow.
Talking to Bill Rielly, Senior Vice President of SMB at McAfee, it’s largely because cyber-criminals are equal opportunity crooks – they attack any business with money or customer details, regardless of size.
“There’s been a recent spike in cyber-criminals going after SMEs because they don’t have the same investment in security as big corporations,” Rielly tells me. “Don’t be mistaken, it’s very organised crime.”
There are hackers that are hobbyists, but the majority are organised criminals as the cyber-crime industry has developed and become more lucrative.
A good example close to home is the string of Sydney based physio businesses that were recently hacked and ransomed for $5,000 to unlock or return their data. It sounds small time, but for a small business that’s a big cash hit to take out of the blue.
This ransomware is on the rise, according to Rielly, who says the speed and sophistication of these programs mean it’s often undetectable. Needless to say, the risk must be taken very seriously.
“When you leave your business every day, you lock the door. The same approach needs to be taken to cyber security.”
What does that approach look like? Thankfully Rielly dished out the steps for a small business to get prepared.
1. Know that you’re at risk.
2. Have a trusted IT partner look at your setup and assess how strong the defences are.
3. Review how people are using the information the business holds. Mitigate risks posed by employees in particular by thinking through access and IT policies.
4. Take a holistic view of your security. Anti-virus might not be enough, so work with a trusted IT partner about the full spectrum of your security.
And if you’ve already been attacked, or suspect there might be a worm or two in your system, he recommends taking these immediate steps.
1. Work closely with your IT partner to understand how you may be at risk and to eliminate the threat.
2. Immediately contact law enforcement and your bank to mitigate any financial risk and get the business back on its feet.
McAfee has a team of PhDs and computer scientists who look at 64 billion queries a day to understand what’s happening in cyber space and the new threats emerging.
Backed with those mind boggling numbers, Rielly speaks with a lot of authority on the area, so it pays to listen.
“The reality is that almost all businesses have some level of technology, but as long as you’ve thought through security properly, the risk can be managed. That’s the key – thinking through the risk.”
Have you been the victim of cyber crime? Share your story.