With more businesses becoming digitised and instances of cyber-crime on the rise, new research has revealed that nearly a quarter (24 percent) of SMEs have been a victim of a cyber-attack or malicious cyber activity.
Of those SMEs who have been targeted by malicious cyber activity, nearly half (49 percent) said they had experienced a phishing attack, 44 percent had been targeted with malware, and a quarter (25 percent) had experienced a ransomware attack.
The findings, which were uncovered in the MYOB Technology Snapshot, also highlighted that most SMEs are taking basic precautions to protect themselves online.
Nearly three quarters (74 percent) of those polled said they have anti-virus protection, 60% said they have firewalls in place in their business, and more than a third (37 percent) have two-factor authentication. However, just 27 percent of SMEs have had specific staff training to protect the business and themselves from scammers or online phishing.
MYOB Senior Sales Manager SME – Krissy Sadler-Bridge, explains that while technology can provide SMEs with protection from cybersecurity threats or attacks, security programmes aren’t the only option for businesses.
“Learning how to be cyber-safe and how to identify red flags should become regular, essential training for business owners and all employees,” said Sadler-Bridge.
“Starting with the basics, such as creating unique passwords, backing up data and ensuring the business has two-factor authentication is important, but understanding what to look out for as different types of cyber-attacks evolve is key.”
The experience of cybercrime is also having large repercussions for SMEs, their employees and their customers. More than two-in-five (42 percent) SMEs who had experienced a cyber-attack said their private files were accessed and 30 percent revealed that their customer or client data was made available on the dark web.
“Being a victim of a cyberattack can be incredibly scary, particularly if private documents get accessed or personal threats are made,” said Sadler-Bridge.
“Even beyond the impact to a SMEs’ business and customers, going through these experiences can also affect the wellbeing of employees involved.”
“Preparing for worst-case scenarios by having plans in place to report suspicious behaviour immediately, or a list of people to call should the business encounter an attack – like the Computer Emergency Response Team (CERT NZ) or even the police – can help ensure a business moves swiftly and correctly to respond to any attack before it has an even bigger impact.”
When MYOB asked SME owners and decision-makers whether they had any preventative and reactive cybersecurity processes in place, just over half (54 percent) of those surveyed said they did, while more than a quarter (28 percent) did not and the remaining 18 percent didn’t know.
Actively monitoring for cybersecurity threats also isn’t happening as often as it could be. While this could perhaps be due to a reliance on their security technology, only 19 percent said they check and update their security measures weekly, while 18 percent check this monthly and one-in-10 (10 percent) do this every 4-6 months. Nine percent of SMEs said they check and update their cybersecurity protection measures every few days.
“Regularly reviewing the business’s cybersecurity protection is essential to spot any gaps in the software, or important updates or bug fixes that the program may have released. As SMEs are in control of a lot of private information, continuously monitoring and testing safety measures will help ensure they are getting the best possible coverage,” said Sadler-Bridge.
“What’s also concerning when it comes to business protection, however, is that more than a quarter of SMEs (27 percent) said they didn’t know if their business was covered for cyber-attacks under their current business insurance policy. While there is no shortage of costs SMEs need to manage to run their business with insurance being one of these, having the right protection in place here could save them thousands of dollars in the long run, so I’d strongly encourage any business owner to check in with their broker or provider about this.”
To help boost knowledge and confidence levels around cybersecurity and preparedness, the insights showed that SME owners and decision-makers are eager for more education around cybersecurity to protect their business.
Nearly a third (32 percent) of SMEs said more education on the types of cybersecurity threats affecting businesses and what to look out for would be most beneficial, and 30 percent said they would benefit from more education on how to plan and prepare for a cybersecurity incident.
Krissy Sadler-Bridge said that bringing in cyber-safety specialists that offer training could be extremely useful for businesses, especially since many SMEs see education as a tool that could be beneficial to their business.
“As scammers and hackers are becoming increasingly sophisticated, regular training on new cybercrime techniques could be key to keeping them at bay. There are a number of specialists that operate programmes where the training sees them target a business with fake scams or phishing attacks, to see if employees can identify malicious activity and understand how they would respond. Running through real-world scenarios might seem intimidating, but they can really help identify strengths and weaknesses in an organisations’ response.”
Any SMEs looking to report cybercrime or malicious activity should contact CERT NZ either via the online reporting tool: https://www.cert.govt.nz/report-an-issue/ or by calling 0800 2378 69.