Why SME’s need to improve cyber-security

Want to do business with the big end of town and government? Here’s why you need to improve your cyber-security risk profile and four simple steps to help you get there.

The 2017 attack on the Australian Defence Force’s multi-billion dollar Joint Strike Fighter program and surveillance plan projects where 30 gigabytes of data were stolen is a wake up call for Australian SMEs doing business with government and large corporates. Why? In the ADF case, the hackers accessed the information through a small contractor (Cout, 2018).

Cyber-attacks cost Australia more than AU$1 billion a year and rising with the vast majority of incidents falling on large corporates and government. Disturbingly, there is growing propensity for hackers getting into large companies and government organisations through their SME contractors where cyber criminals gain access to large amounts of sensitive data (Gordon, 2018).

These incidents not only place sensitive data in the wrong hands but also lead to a loss of trust in a company. Recent research suggests that as many as 74% of customers will switch suppliers in the event of a breach. As a result, large organisations and governments are scrutinising the security measures of their third-party contractors and suppliers. Smaller business must place cyber security higher on their priority list if they wish to engage with big business and government (Gordon, 2018).

Here are five simple steps that can greatly improve your cyber-security risk profile:

• Use strong unique passwords for each application and website login. This is a fundamental security practice. Strong passwords are at least eight characters long and have a mixture of lower and upper case letters, numbers and special characters. Having unique passwords for each system will protect other systems in the event that hackers gain access to your login credentials. Once hackers get their hands on a set of usernames and passwords, they scour the internet hacking into as many websites as possible. We'll discuss this practice in a future blog. Use a password manager to make it easier to remember all your passwords.
• Ensure that you regularly update all operating systems and software. This is arguably the easiest and most cost effective ways to protect your organisation from cyber attacks. Software vendors are continually fixing and patching security flaws in their software. So make sure you have the latest updates and patches.
• Ensure that you have robust anti-virus/anti-malware software and put in place firewalls. There are many anti-virus/anti-malware vendors on the market. It’s important to select the right software for the size and nature of your business – my advice is to get good advice. Remember, once you install anti-virus/anti-malware software, make sure it’s always up to date.
• Implement a robust back-up plan… and test it periodically. It’s also vital that you can recover your back-ups within hours. Waiting days or weeks will cripple your business. One way to satisfy yourself that your back-ups are working is to periodically test them. This is not an easy activity and depending on the size of your organisation, can be risky and time consuming. However, finding out that your back-ups haven’t worked when you need them most can spell disaster.
• Roll out a company-wide cyber-security education and awareness program.

Cyber-security education and awareness is designed to keep people on their toes with security top of mind – all day every day. In essence, people are the last line of defence and the more educated they are on the variety of threats out there and how to spot malicious attacks, the lower the risk to the organisation. There are many cyber-security education platforms in the market. The best provide simulated email phishing and other social engineering attacks to determine what level your employees are at in terms of cyber-security awareness. These platforms conduct a risk assessment of an organisation then tailor an education and awareness program. Engage Consulting Group has partnered with a global provider of cyber-security education and awareness programs. For more information, visit our website.

References:

Clout, J 2018, ‘More needs to be done by SMEs on cyber security: Angus Taylor’, Australian Financial Review, accessed 18 December 2018, <https://www.afr.com/technology/technology-companies/more-needs-to-be-done-by-smes-on-cyber-security--angus-taylor-20180809-h13qh3>

Gordon, A 2018. ‘GSISS 2018: Cyber security spotlight on small business’, PWC Digital Pulse, accessed 18 December 2019 <https://www.digitalpulse.pwc.com.au/gsiss-2018-cyber-security-small-medium-enterprise/>