Cyber-attacks fatal for 60% of small business victims

New report coincides with warning by industry leader that brokers could be putting customers’ personal details at risk

Three in five small businesses that experience a significant cyber-attack go bust within six months, according to a disturbing new report by the Australian Small Business and Family Enterprise Ombudsman. 

2017’s ransomware attacks alone were fatal to 22% of small businesses it affected, notes The Cyber Security Best Practice Guide.

“Surveys have shown that 87% of small businesses believe antivirus software alone is enough to keep them safe,” Ombudsman Kate Carnell said.

“Cyber criminals are becoming more sophisticated and small businesses are particularly vulnerable. Online threats are just as real as physical threats. Cyber security needs to be taken seriously, like having locks on your doors and a burglar alarm.”

Cybercrime costs the Australian economy more than $1bn annually, notes the Ombudsman. 

Emails: Broking’s achilles heel

Given the large quantities of personal information involved in getting a mortgage, the Ombudsman’s report is particularly concerning to brokers. 

NextGen.Net’s sales director Tony Carn told MPA that cybersecurity is “very front and centre for us as an organisation and somewhere we invest heavily in. It’s not just security such as firewalls and so forth, but sophisticated measures of virus detection and having robust plans in place to deal with any issues.” 

Yet some brokers still make basic errors, warned Carn. “I’m still flabbergasted by the amount of email traffic that flows with personal details in them; credit card numbers; financials; tax returns; ‘I’ll email you my payslips’. 

“That’s incredibly valuable personal information when it gets in the wrong hands and we still see people utilise email, which is bad security, unless of course, it’s encrypted.” 

How you can protect yourself

The Small Business Ombudsman recommends that, as a first step, you give at least one person in your business responsibility for cyber security. 

To protect your assets, you should back up information regularly; install security updates, use complex passwords and limit access to administrator accounts and sensitive information. 

The Ombudsman suggests businesses communicate safe practice with their staff, such as browsing safe sites and only allowing trusted applications. 

Businesses that suffer attacks should tell the authorities, restore backups from before the incident and consider cyber insurance. 

The Government provides an extensive list of instructions for businesses to protect themselves: 

Add your comment
  • AB12/01/2018 3:51:58 PM

    Totally agree Bruce, the only problem being the 'Privacy (Tax File Number) Rule', which comes from the ?Tax Administration Act - Unauthorised recording etc. of TFN clause ?Penalty: ?100 penalty units or imprisonment for two years or both. Maybe every time an accountant sends a Tax Return with TFNs on it we should get them locked up for a couple of years - solves a couple problems in one!

    As for taking photos of ID, why are any brokers still doing that? Scan using your phone directly onto client folders (or use one of the ID Apps). Photos are likely to be synced with other media, sideshows, etc. I know I would never let anyone take a photo of my ID, so why would I do that to a client.

  • Bruce Mawson12/01/2018 3:25:31 PM

    Include the practice of taking photos of client ID on phones. Do you have adequate protection on their, or are you deleting immediately.
    Of course if anyone can find a visible tax File Number, the universe will collapse. Sorry for the last part, but when we are holding HD copies of Passports and Licences isnt it time to get over the Audit Hysteria of TFN.

  • AB12/01/2018 1:01:30 PM

    Totally agree with this. I'm surprised by the number of brokers holding personal information on laptops, no chance to wipe / delete if lose or stolen.
    The damage these broker will cause themselves and the industry as a whole when (not if) a whole client base has its identity stolen just staggers me. Personally I believe the MFAA and aggregrators should be taking a harder line and making sure members have data secure as a part of being a member. This is not a nice to have but real risk to the industry and needs to be addresses as such.
    Time to get rid of the cowboys.


Your comment

By submitting, I agree to the Terms & Conditions