Cyber security is a top business priority right now, so it may surprise you to realise that, despite the global publicity centred around big brand breaches, recent surveys reveal that 41 per cent of small business owners admit they aren’t prepared for a cyber attack, writes Kelly Johnson, Country Manager (Australia) at IT security specialists, ESET.

Another worrying trend is that many small business owners are leaving the management of cyber security responsibilities to younger staff or family members, mistakenly assuming that ‘tech savvy’ equals ‘security savvy’.

A recent ABC report identified that our Gen Z ‘digital natives’ are among the least security savvy and rate cyber security on the low- to medium-risk scale for business, including the one they work in. Additionally, Gen Z struggled to identify – let alone protect against – the three major breaches of identity theft, ransomware and malware attacks.

Research has also identified that cyber attacks on small businesses are increasing simply because of their vulnerability; they don’t have the resources to combat attacks like the bigger companies do.

Imagine it. You boot up your system to find it’s gone dark, your website is down, and nobody can access the system, data or network. It’s not an instant fix, and you could be offline and unable to operate for weeks.

Implementing security measures or being prepared may seem like hard work, but it’s not when you compare it with losing data, customers and money, the recovery of your operations and reputation, and perhaps even being hit with a lawsuit and data breach penalty.

Some of the hard facts about data breaches:

• Financial repercussions caused by a data breach can last years, depending on the nature of the business.
• While a hacker can get into systems in minutes and access everything in a few hours, it takes an average of 200 hours for a business to identify the cyber attack. This means they can be actively in your system for up to six months.
• Customer data is the popular target due to the fact that it usually has financial information attached to it, and then those customers are at risk.
• In Australia, data breach reports have risen by 712 per cent since 2018. In 2022, on average, 164 cyber crime reports were made by businesses daily, or one report every ten minutes.

It’s time for business owners to get smart and arm themselves against cyber criminals. Here are some of ESET’s tips for being prepared.

Awareness, training and vigilance

It’s a team’s responsibility to ensure business, customer and employee data is safe, and the first line of defence is your staff. It’s ineffective if 98 per cent of your entry points are locked and someone leaves a window open. It has to be all-in, particularly if you have a team of remote workers.

Employees need to be trained in what to look out for including emails, texts and phone calls to business AND personal devices used to access business systems and networks. Criminals are very good at appearing to be the real deal, so identifying typos and suspicious links can help. Deleting, blocking and reporting should be second nature to the whole team. If it doesn’t look right, it probably isn’t; curiosity is not your friend.

There are training courses available that everyone can undertake to raise awareness and educate your teams on the fundamentals of cyber security.

All employees should also be trained in any defence software you have in place and keep all systems and software up to date with real-time developer updates. Nobody should be dropping the ball.

Backup your data

Copy your data and store it offline and offsite. It can be as simple as using a removable hard drive, or considering cloud storage or paying for storage at a secure data centre. This protects against data loss, and provides recovery if stolen or corrupted.

If you have remote teams, professional backup services and security ensures encryption, testing and retention and can assist with policy implementation.

Use current technology and install updates

Make sure that your business is running current technology for both hardware and software; outdated technology increases your risk. Security software should always be kept up to date, much like you update your phone OS and your apps.

Security software continually updates to keep up with the current threat landscape, so be sure you’re leveraging the latest protection. Having the most current technology and protection is the best way to ensure you remain safe.

Layer your security

From your passwords to your system security, think of it like protecting your home. You don’t just have keys to your front door, do you? You likely have keys and/or codes for doors and windows, an alarm system, perhaps an intercom system for your front gate, and maybe a dog.

Invest in a password manager for your teams and business accounts. They offer strong encryption and allow you to control who accesses what.

Social media accounts are particularly vulnerable as they are attached to emails, so when social media isn’t required as part of the role, keeping personal accounts separate from the business tech and network is vital.

Engage two-factor authentication (2FA) or other multi-layer security measures for apps, websites and, critically, email accounts.

Finally, ensure your business networks are secure and keep your security software across the network and devices updated. An expert can also help to plan and implement a cyber security strategy.

Contingency plan

Unfortunately, as a small business operator, you are at a 30 per cent risk of a cyber attack or security breach.

Cyber criminals are notoriously crafty, so the best a business can do is be ready and protected to reduce the impact; having a contingency plan in place is part of that.

It’s much broader, and an expert is beneficial to the process, but fundamentally it’s important not to panic and instead get strategic. Identify what’s been breached – it could be a system or certain devices – and isolate them. You’ll then need to secure the evidence and then clean your system with a malware or security sweep. Reporting the incident will need to be undertaken, and you should know about the requirements in advance as part of your strategy.

In the aftermath, the weaknesses that allowed the breach should be strengthened and protected to ensure it doesn’t happen again. It’s an ongoing cycle and process, and the incident should be used to further educate your teams.

Hybrid work will have an ongoing impact on the challenges of cyber security for small to medium-sized businesses, but your employees are your frontline defence, and the strongest link to keeping everything safe.

Want more? Get our newsletter delivered straight to your inbox! Follow Kochie’s Business Builders on Facebook, Twitter, Instagram, and LinkedIn.