While the news cycle is full of cyber-attack horror stories affecting enormous corporations like Medibank and Optus, it’s important to be aware that small and medium sized businesses can be just as susceptible to these threats as the big players.
Holiday season is prime time for cyber attacks
According to a 2022 report by Verizon, 82 per cent of data breaches occur due to a human element. In other words, it’s the mistakes made by everyday employees that put businesses– and their customers– at risk.
Despite SMEs generally having less money, time and expertise to spend on cybersecurity than larger companies, they still need to implement safeguards so they don’t expose themselves as easy targets.
This is especially true as we head into the holiday season, with research from Kapersky Lab finding financial phishing grows by 9.5 per cent during the holiday season, with spam and scam activity also growing in numbers and variety. Cybercriminals are aware that businesses may be sitting empty, not paying the usual attention to their systems and websites, making them the perfect target for a wide range of sophisticated scams and hacks.
Be on the lookout for cyber scams
So, what should SMEs be watching for when it comes to cyber threats? One popular ‘email spoofing’ scam involves hackers imitating legitimate suppliers by sending photoshopped invoices to businesses. These invoices can often look so professional that many unwitting employees end up making payment, losing the company money, and potentially exposing important financial data in the process.
Incorporating security discussions at every staff meeting is a great way to ensure that employees at all levels are aware of recent scams, how to identify them, and what processes they need to follow to protect company data. It’s also a good idea to put regular training in place, so that your entire team knows what to look out for.
Close any gaps in your website’s security
Failing to update website extensions or plug-ins can leave gaps in a website’s security that hackers can easily take advantage of, leaving customer data vulnerable and causing far-reaching implications. While this is a relatively simple task that can be easily managed on the backend of a website, far too many businesses let it fall by the wayside.
For small online stores using self-managed platforms like WordPress and WooCommerce, this means manually checking that all extensions running on a website are up to date. Reputable web developers will make updates to programs and apps to ensure they meet important security requirements, so make sure you always have the latest version installed.
Activate password protection protocols
As we’ve seen in the news cycle over the last few months, password leaks are a credible threat to business, and can result in user information ending up in the hands of hackers. While a single breach may not seem like a major issue, the reality is that many employees use the same password variations for numerous logins – meaning hackers will inadvertently be able to access a plethora of additional login details in one fell swoop.
To mitigate this risk, SMEs should have a password policy in place to ensure all login details are as secure as possible. A reputable and secure password manager app will store all passwords securely, incorporating unique words or phrases that cannot be easily guessed and using a variety of characters, symbols, and numbers. Where possible, enable double authentication to provide an extra layer of protection if a hack is attempted.
Build customer confidence in your data protection policies
Finally, it’s critical to show customers that their data is safe in your hands. This can be as simple as incorporating a ‘trust seal’ at checkout signifying the secure nature of the website or creating a data policy page outlining how the business securely handles customer information.
By putting the right policies and processes in place, SMEs can provide peace of mind to cyber-conscious customers, while minimising the risk of financial and reputational damage in the wake of a data breach.
About the author
Navii is an Australian-government backed, independent organisation that helps small businesses navigate going digital. With more than 20 years’ experience helping businesses build their digital capabilities, Liz is a committed advocate for tech innovation.