Cyber attacks are up 30% in the past six months as cybercriminals exploit the shift to remote working – with experts warning Australian small business owners to watch out as they are now the primary targets for cybercrime.

My Business General Manager Products Phil Parisis said despite all the warnings, most SMEs were still unprepared for a cyber attack.

“Australian small businesses can be easy targets with SME’s accounting for nearly half of all cybercrime incidents,” Mr Parisis said.

“Research shows that business owners are aware of cybercrime, but they are just not prepared – 90% of attacks are still successful due to human error.

“We often hear from businesses that ‘I'm just a small law firm, a building company, why would anybody target me?’

“The reality is the cybercriminals don't necessarily target you. Mostly you become an accidental victim of a large, broad-scale phishing attack. Then all it takes is one employee to make a mistake and it triggers an interest in your business."

Causes of cyber security risks for small businesses

Mr Parisis said that lack of training and awareness were the biggest risk factors when it came to cybercrime.

“Attackers are also incredibly creative at playing on human emotions, creating links someone is most likely to click.

“We’ve seen a huge increase in phishing campaigns that revolved around trending topics like coronavirus vaccines.

“It’s the easiest way to infiltrate a business and hold it hostage – and there are TikTok videos showing exactly how this is done within minutes."

My Business has launched My Business Cyber to help small businesses learn how to spot cyber risks and prevent attacks with a Cyber Security Health Check.

Mr Parisis said there were two main types of cyber attacks, and both could be equally detrimental to a business.

“Man in the middle, also known as a monster, monkey or machine in the middle, is a cyber attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.

“Ransomware is the other one. It’s a form of malware that encrypts a victim’s file, and the attacker then demands a ransom to restore access to the data."

There has been a 60% increase in ransomware attacks against Australian businesses in the past year, according to the federal government-funded Australian Cyber Security Centre.

Mr Parisis said, even more concerning, one-third of Australian organisations hit by ransomware attacks paid the ransom.

“The average ransomware of a business is $280,000, and we're seeing a ransomware attack every 11 seconds, and this is escalating.

“Both methods are extremely common and all too easy to execute with many businesses, quite simply, sitting ducks."

‘Hire A Kombi’ owners Alyce and George Gorgievski lost 70% of sales following a cyber attack when their Instagram page with more than 30k followers was taken away after they refused to pay a ransom.

“We learnt the hard way how badly under-prepared our business was for a cyber attack, which is why initiatives like My Business Cyber are crucial in helping SMEs understand, prepare and defend against any such attacks,” Mr Gorgievski said. 

How to prevent cyber attacks

Mr Parisis shares seven practical steps for businesses to prevent a cyber attack.

  1. Create a human firewall: Building a human firewall or educating yourself and employees is the most effective way of preventing a cyber attack.
  2. Protect your passwords: It’s critical that passwords are not easy to guess. It might be worth considering a password manager and a multi-factor authentication, providing a second wave of authentications.
  3. Beware of public WiFi: Logging on to a public WiFi is one of the easiest ways to get hacked. If working remotely, a safer option is hot spotting to your phone.
  4. Careful with what you buy: Cheap cables for iPhone charges have been found to have malware, best to go with store-approved products.
  5. Upgrade your software: Ensure all your devices’ operating systems are upgraded regularly. These will include recent security patches.
  6. Consider insurance: Cyber insurance doesn't reduce the risk, it reduces the financial impact of a cyber attack. It can also help a business recover faster.
  7. Update business policies and procedures: Ensure your business processes are up to date to protect, prevent and recover from any suspicious behaviour.