New report coincides with warning by industry leader that brokers could be putting customers’ personal details at risk
Three in five small businesses that experience a significant cyber-attack go bust within six months, according to a disturbing new report by the Australian Small Business and Family Enterprise Ombudsman.
2017’s ransomware attacks alone were fatal to 22% of small businesses it affected, notes The Cyber Security Best Practice Guide.
“Surveys have shown that 87% of small businesses believe antivirus software alone is enough to keep them safe,” Ombudsman Kate Carnell said.
“Cyber criminals are becoming more sophisticated and small businesses are particularly vulnerable. Online threats are just as real as physical threats. Cyber security needs to be taken seriously, like having locks on your doors and a burglar alarm.”
Cybercrime costs the Australian economy more than $1bn annually, notes the Ombudsman.
Emails: Broking’s achilles heel
Given the large quantities of personal information involved in getting a mortgage, the Ombudsman’s report is particularly concerning to brokers.
NextGen.Net’s sales director Tony Carn told MPA that cybersecurity is “very front and centre for us as an organisation and somewhere we invest heavily in. It’s not just security such as firewalls and so forth, but sophisticated measures of virus detection and having robust plans in place to deal with any issues.”
Yet some brokers still make basic errors, warned Carn. “I’m still flabbergasted by the amount of email traffic that flows with personal details in them; credit card numbers; financials; tax returns; ‘I’ll email you my payslips’.
“That’s incredibly valuable personal information when it gets in the wrong hands and we still see people utilise email, which is bad security, unless of course, it’s encrypted.”
How you can protect yourself
The Small Business Ombudsman recommends that, as a first step, you give at least one person in your business responsibility for cyber security.
To protect your assets, you should back up information regularly; install security updates, use complex passwords and limit access to administrator accounts and sensitive information.
The Ombudsman suggests businesses communicate safe practice with their staff, such as browsing safe sites and only allowing trusted applications.
Businesses that suffer attacks should tell the authorities, restore backups from before the incident and consider cyber insurance.
The Government provides an extensive list of instructions for businesses to protect themselves: https://asd.gov.au/infosec/mitigationstrategies.htm