Why do criminals target small businesses?

The media regularly reports companies being hacked into, suffering data breaches and online service attacks. While attacks on large, multinational corporations make the headlines, small and medium businesses (SMBs) are often the forgotten victims. But in fact, SMBs are more actively targeted by cyber criminals than large businesses.

This is because SMBs often lack the resources of large companies, and have fewer security measures in place, making them an attractive target for cyber criminals.

The good news is, there are simple things all SMBs can do to prevent being a victim of cybercrime.

What cyber criminals want from your business

Cyber criminals are mostly motivated by money. They can make money by:

  • holding your data to ransom in exchange for payment
  • selling your data to a competitor or other criminal
  • stealing funds from your accounts
  • stealing your identity.

How cyber criminals go about their business

Cyber attack techniques fall into the following categories:

  • Obtaining your details by deceptive email, text messages or telephone calls, such as:
    • spam or phishing - find out more in How to identify spam and phishing messages.
    • spear-phishing - this takes phishing one step further by targeting one person about a topic directly relevant to them; spear-phishing is one of the main ways cyber criminals get in to organisations to steal data, conduct corporate espionage or steal money.
    • wire fraud - this is where cyber criminals trick financial staff into transferring your money to an external bank account.
  • Stealing your business data or identity by:

How to minimise the risk of a cyber attack on your business

Like managing any business risk you can put the right controls, processes and tools in place to protect your data. Here are some practical ways to prevent a cyber attack turning into a costly cyber incident.

Basic computer security controls and software can protect your business

Computer security controls are administrative settings on computers and internet devices that can help minimise cyber safety risks.

Always keep the following up to date:

  • Operating systems.
  • Applications and web plug-ins.
  • Anti-virus software.
  • Internet browsers.

A patch is software designed to update a computer program to fix or improve it. This includes fixing security vulnerabilities and bugs. You’ll find an option in the software update settings options of your computer or device that will enable you to turn on or check automatic updates and installation of the latest patches.

Schedule some time each week to check all updates have been successfully applied. You can do this by performing a search of your programs and viewing the latest installed updates on your computer or internet device.

Manage access to your network and payment controls by:

  • limiting access to your network - only grant access based on each employee’s roles and responsibilities
  • using two-factor authentication (2FA) to secure access to your network - 2FA is where you add at least one more secure verifier of your identity on top of a username and password that only you know, such as a security token or an SMS code sent to your smartphone
  • setting up dual authorisations for all online payment transactions - this means there is always more than one person that must approve money moving out of your business
  • setting up daily payment limits on all your financial accounts - this limit can help alert you to any financial transaction activity that is not usual.

Good security processes can protect your business

The best way to protect your business is to practice good security processes. Minimise your cyber security risk by:

  • having an incident management plan in place - identify and document all your key contacts, processes and business continuity plans; store your plan securely and outside of your business network
  • ensuring each employee has unique login credentials - employees must never share their username or password under any circumstance
  • always locking your computer or device in your absence - develop a habit of always locking your computer or device if you’re not using it; make sure your employees do the same
  • protecting your information with a secure back-up solution - you’ll find more information in Understanding the value of your business data
  • educating your employees on good security practices - you’ll find more information in Understanding the value of your business data
  • regularly review the programs installed on your computers and devices - always uninstall programs that are not being used.

Information to help keep your business stay safe

Here are some helpful online resources to explore to help you keep your business safe.

Microsoft security information

Apple / iOS security information

Android security information

Australian government cyber security tips and support

Helpful resources

How to protect your website from being compromised

Your website is your face to the world and is a target for cyber criminals 24 hours a day. How safe is it from a cyber attack?

Building employee awareness of cyber safety

When it comes to managing cyber safety risks and protecting your business your employees are your first line of defence.

The basics of computer security

There are simple measures every business can put in place to avoid the risk of cyber-attacks.

Managing cyber security as a business risk

Ensure you are aware of, and managing your cyber safety risks.

Cyber Safety

Stay informed

Report a suspicious NAB message