Too often business owners think that malicious cyber-attacks won’t happen to them. But, unfortunately this isn’t the case. The team at Realise Business know businesses who have been the subject of cyber-attacks, in turn, spending weeks and in some cases months just trying to recover their money and get their business back on track.
Cyber-attacks are now one of the world’s leading security threats and it is only those who have been impacted that know just how crippling those attacks can be. While there are systems set up to deal with an attack, their effectiveness and speed still leaves a lot to be desired.
Earlier this year Realise Business and the Sutherland Shire Business Chamber put together an event that focused on cybercrime and small business. A number of speakers on the day raised some very worthwhile issues and these were captured on video by Realise Business member Paul Sheaffe.
We have summarised some of the key points of the presentations below:
I’m a small business; it won’t happen to me | Skye Theodoreau
Cybersecurity can no longer afford to be ignored as an integral business practice for SMEs and small businesses. Many small business owners are clouded with a false sense of security, mistakenly believing that they will be overlooked by hackers in favour of bigger businesses with more cash and assets.
Skye Theodoreau, an advisor for the office of the NSW Small Business Commissioner, provided the audience with statistics that revealed that over 60% of cyber events impact SMEs, and 50% impact small businesses.
Theodoreau says that far from being looked over as targets, small business and SMEs are actually preferred victims due to their usual lack of thorough security measures, time constraints and ignorance. Many small businesses and SMEs have a limited digital presence and believe that this makes them exempt from the clutches of hackers. Not so: almost anything sent or accessed from your IP address can be used against you, such as receiving and responding to emails and sending off Tweets.
You can watch the full video of Skye’s presentation here:
SSBC Cyber Crime Forum – Skye Theodorou from Pauls Productions on Vimeo.
While there is no way to protect your business 100%, there are actions you can take to shore up your security measures to best protect yourself against cyber hackers.
Hackers posing as potential clients | Samea Maakrun
Sometimes, cyber hackers can pose in forms you’d least expect. Sasy n Savy skincare business owner Samea Maakrun can attest to this.
The Sutherland Shire local businesswoman fell victim to a cyber-attack which cost her over $130,000 and months of putting her business on hold. Ms Maakrun told the audience she was unassumingly breached by four men posing as potential clients. The men had visited her office and created diversions to bug her office.
All of Ms Maakrun’s private information had been comprised. The hackers broke into her email and managed to recover her passwords and banking details, passport and credit card details.
It goes to show that no matter how small or what category your business is in, everyone can be at risk.
Watch Samea’s presentation:
SSBC Cyber Crime Forum – Samea Maakrun from Pauls Productions on Vimeo.
Don’t take the bait | Jeremy Nelson
While in the past phishing scams have been looked upon as a joke only the truly foolish can fall for, Director of Minos Technology Jeremy Nelson says they’ve vastly improved in recent years. Hackers have found ways to almost completely emulate official emails from banks and other personal providers. If the recipient clicks the link to follow up on the request the email asks, they’re then taken to a website that looks completely real, where they can easily enter their personal details and compromise their identity.
While the scams are getting better, there are still signs to look for when establishing between official and fake. Poor grammar is a big red flag, and the URL of a hacker’s mock website will never be the same as the official one. Comparing previous legitimate emails from an organisation to an email you think may be a scam is a good practice also; there may be missing pictures or signatures that are dead giveaways of a phishing scam.
Constantly update your software
As Nelson told the audience, purchasing and owning website software is akin to owning a car. It’s an investment, and as with all investments, you should continually have it serviced, ensure the warranty is up to date, and generally care for it to ensure maximum performance.
Nelson explains that your software tools are only as good as your last update. The longer you wait between updates, the more likely that cyber hackers will be able to identify holes in your security field and exploit them for their benefit.
Choose 8, not 6
Many of us seem to think that website hosts are being a little pedantic when they insist that you choose a password that is eight characters long and comprised of upper and lower case letters.
But, Nelson says, this is for good reason. Hackers are usually able to crack 6 character passwords in just ten minutes, no matter the complexity (and no, your pet’s name isn’t defined as complex anyway!), leaving you extremely vulnerable. Adding two extra characters, however, extends this time frame out to five hours. Given that hackers are searching for a quick hit, if they can’t barge through your password in a short frame of time then it’s in their best interest to move on and try their luck elsewhere.
Having to remember a longer password might be a pain, but it can save you your identity and money!
Be careful with who you allow admin access to
Small businesses often run using a variety of online hosting sites, such as WordPress, Harvest, and other cloud based software that requires admin access to use.
Most business owners give their employees admin access without as much as a second thought. However, the fall out can be catastrophic. If any of your employees are hacked, then your business information – and the personal information linked to those accounts – is up for grabs as well as theirs.
Backup, restore, repeat
Backing up and restoring your computer’s files is paramount. Not only can this be a lifesaver in the case of a computer crash when typing an important document or pitching a presentation, but it could save your business.
Having a secure backup allows you to reclaim important files from your websites and cloud based programs, meaning that if anything is compromised by hackers, you can easily restore them to their original form without bother.
Nelson says that it’s extremely important to test your backup restoration process before you actually need it: there would be nothing worse than realising a fault when trying to reclaim important files.
Watch Jeremy’s presentation:
SSBC Cyber Crime Forum – Jeremy Nelson from Pauls Productions on Vimeo.
Know your laws | Louise Bavin
Finally, knowing the laws around small businesses and cyber security is important for any business owner. Some little known legislations include:
- Public Liability doesn’t cover cyber-attacks
- Business owners are legally responsible to take adequate steps in managing cyber risks – you must take steps to protect the information you hold.
A full understanding of cyber security laws as a small business owner can help you realise your responsibilities and protect your business. Louise Bavin, a top lawyer with a specialised interest in IT, gave business owners a great overview of their obligations. You can watch the full video here:
SSBC Cyber Crime Forum – Louise Bavin from Pauls Productions on Vimeo.
Realise Business members who can help you
If you would like to know more about the correct steps to take to protect your business against a cyber-attack, Realise Business has a number of qualified members including lawyers, IT specialists and more who can help you with the various elements required to keep your business safe online. You can find them in our Business Directory.