Cybersecurity is front of mind for big business, and while small businesses arenโt immune, being unprepared could also damage their enterprise relationships.
The World Economic Forumโs Global Cybersecurity Outlook 2022, released in partnership with Accenture, found 87% of executives in big business are planning to invest in cyber resilience in their organisations.
For SMEs, itโs not always that easy to throw money at the problem.
However 88% of respondents said they see their small business partners as a key threat, expressing concern about their cyber-resilience and the effect a breach on them could have on their own supply chains, networks and ecosystems.
The research comes as cyberbreaches continue to hit the headlines.
In December last year, the Log4j vulnerability was unearthed in a piece of Java code.
That code is used across software applications all over the world, and malicious actors were quick to take advantage of it.
According to Robert Healey, head of business development at cloud-based cybersecurity services provider Peakhour, we may not have seen the worst of the damage.
In December 2021, Log4j attacks made up about 4% of cyber incidents in Australia, Healey said in a statement. In January 2022, that increased to 40%.
โEvery Australian organisation with anything connected to the internet โ business websites, enterprise web applications and more โ needs to be aware of this and pull out all stops to protect against it immediately,โ he said.
Lessons from the NewsCorp breach
Just weeks ago, a breach โ unrelated to the Log4j โ was discovered at media group NewsCorp. Hackers had managed to access US and UK email accounts, reportedly compromising the data of journalists and other employees.
That breach was made through a business email compromise, says Ajay Unni, cybersecurity expert and founder of StickmanCyber.
In attacks like these, hackers are often able to acquire usernames and passwords from the dark web. If an employeeโs password for another service has been leaked, hackers will try that same password to log into their work email.
If thereโs something to be learnt from the NewsCorp breach, itโs the value of multi-factor authentication, Unni tells SmartCompany โ a secondary measure using a mobile phone or app to verify that the person logging into the account is in fact the account owner.
Itโs worth noting that the NewsCorp attack is suspected to be the work of a state actor, which may have been sophisticated enough to bypass MFA systems.
However in many cases MFA will stop malicious actors from accessing company emails, and taking advantage of what they find there.
Quick cybersecurity wins for small business
For small businesses that donโt have a heap of cash to invest in cybersecurity, what are the quick wins that can help them stay safe?
Multi-factor authentication
Multi-factor authentication is a first easy โ and usually free โ line of defence, Unni says.
Itโs essentially a no-brainer, he adds.
โSmall business should immediately implement multi-factor authentication, which most email providers now offer as part of the package.โ
Manage your passwords
Of course it is also safer not to reuse passwords between various platforms, instead creating complex and hard-to-guess passwords and using a password manager to keep track of them all.
This reduces risk, but should be treated carefully, Unni says. If someone can access your password manager, โit’s like opening your wallet and giving access to everything including your bank detailsโ.
Password managers should also require multi-factor authentication, and users should update their master password regularly.
On this note, Unni also warns against having more than one person sharing a username and password. The more people have the same credentials, the harder it becomes to know who is logging in and when, and to detect a bad actor.
Training and awareness
The next step is to get clued up about the kinds of tricks and tactics cybercriminals might use, and to train staff members on best practices for cybersecurity โ as well as the risks.
โThere is a lot of free material available online,โ Unni says.
Test your defences
This may cost a small amount of money occasionally โ perhaps even only once a year โ but Unni also recommends undergoing some kind of penetration testing, to gauge the strength of your security and improve it if necessary.
Detection response
Again this doesnโt come for free, but if youโre going to invest in anything, Unni says it should be a kind of digital alarm system.
Often, cyber breaches go unnoticed for weeks, months or even years. If you know someone has accessed your systems, โat least you can take actionโ.
Know your dataโs worth
Finally, Unni notes that a lot of small businesses write off cybersecurity as something thatโs too expensive or out of reach for them, without necessarily considering the value of what theyโre protecting.
A physical jewellery store might have more security than the grocery store next door, he explains, not because itโs a bigger business but because its contents are priceless.
โA lot of businesses undervalue themselves,โ Unni says.
If a hacker is able to take over your social media pages, what will that cost the business in terms of accessing customers? How damaging would a breach of a client email list be?
Itโs also not uncommon for hackers to access emails and change invoice details, causing businesses to send payments to the wrong accounts.
Small businesses donโt always fly under the radar, Unni warns.
โStart somewhere,โ he says.
โDon’t just sit there and say you are not a target.โ
Comments