Business size not an issue in cyber crime

Any type of cyber attack can seriously undermine an SMB's reputation and discourage customers and suppliers from doing business with them.

With some of the biggest global brands having experienced data breaches this year, cybersecurity is more commonly seen as a major concern for businesses every day. The problem is that when a data breach happens to a small business, they often suffer more devastating consequences.

Larger brands have built up loyalty and credibility over a long period of time -- a luxury that small-to-medium size businesses (SMBs) don't have. Any type of cyber attack can seriously undermine an SMB's reputation and discourage customers and suppliers from doing business with them.

Research released by global security firm Webroot found that, on average, an Australian SMB faces costs of more than $1.3 million if their customer records or critical business data are lost. However, the costs to businesses of a cyberattack or email scam are not purely financial; there are reputations at stake too, which can be crippling for smaller businesses, not to mention the unwanted business downtime that inevitably follows a cyber attack.

The issue is that small businesses often lack IT resources, but are faced with the same security issues as large corporations who have specialised IT teams. For this reason, today's criminals, like bullies, tend to focus on SMBs, as they are generally an easier target with the weakest security resources to steal precious data that could then be used as an entry point to infiltrate larger enterprises.

Thankfully, SMBs are taking some measures to protect themselves.

According to MYOB's August SMB snapshot, 72 percent of businesses believe that their information is safe because it is stored in the cloud. Cloud-based technology is one of the safest systems businesses can invest in, as security is constantly being updated by service providers to ensure information is secure.

The MYOB snapshot also found that around half of these SMBs are planning to improve their cybersecurity over the next 12 months. So what other steps should SMBs take to protect themselves?

Regularly reviewing active accounts to ensure only the right people are given access to company information and adopting multi-factor authentication wherever possible is a great start. Keeping all software up to date with the latest security patches is also a must, while educating employees on cybersecurity would also be wise.

Security consultant at Telstra Global Enterprise and Services, Jeremy Requena, said security is a three-pronged dilemma that needs to be identified and addressed.

"When it comes to security, a lot of people are pointing towards technology as the saviour with too little focus on people".

An eye needs to be kept on end users, external parties and IT staff. Otherwise the security product a corporation will not be effective and it will be due to human error.

Also make sure that your cloud backup solution is setup to automatically backup data at frequent intervals. For instance, if you have some sort of malware issue on your computer but your customer and company information is backed up to the cloud every 15 minutes, then you will only lose 15 minutes of data.

The internet and the proliferation of connected devices such as smartphones and tablets has given employees freedom to work remotely, but this also creates a potential entry point for security threats. Whether you own a restaurant, a media agency, a law firm, or any other type of SMB, these devices should be protected. Even a computer that is kept disconnected from the internet is vulnerable if it accepts flash drives or rewritable CDs, or if its password is easy to guess.

That's why it is worth investing in a software security suite that works across data and devices. There are a number of reasonably priced security software solutions on the market that offer firewall, web protection, antivirus protection, and email security to reduce spam and phishing attacks in addition to encryption to guard critical business information.

Additionally, an SMB should have an IT security expert they can call on in the event of an attack. Regional director of Malwarebytes, Jim Cook, recommends that SMBs outsource their IT entirely, including security to an external managed service provider.

"For a monthly fee, you can have your business' IT security managed externally, which is not only much more affordable, but also likely to be much more capable than having an IT person in-house managing all of that for you," Cook said.

Meanwhile, Christie Lim, MYOB's Head of Information & Cybersecurity, said that most businesses can improve their cybersecurity by taking advantage of various tax incentives.

"Government initiatives such as the instant tax write-off are helping small businesses inject money into parts of their business that really matter, such as improving security measures," Lim said.

"This protects business owners and means they can invest more energy in developing other parts of their business such as innovation.