For many small businesses, a sense of complacency is the biggest hurdle to overcome with technological security.
But Mat Hannan, a lead partner in technological risk services at BDO, has a warning. โSMEs need to stop thinking it wonโt happen to them,โ he tells SmartCompany.
He and his team are seeing more and more SMEs come under attack. These attacks are increasingly mature, and increasingly committed for commercial gain, he says.
โItโs old crimes being committed in new ways,โ he says. โThings like extortion, fraud and misappropriation of funds are a huge issue.
โThereโs a continued risk of internal fraud. And as for external attacks, the threat has always been there, but such attacks are more easily perpetrated now.โ
Small businesses doing things in new and innovative ways are at particular risk, he says. โOften, small businesses and start-ups have extremely valuable intellectual property. But often, their security systems arenโt up to scratch and that property isnโt protected by patents. So theyโre an easy target for corporate sabotage and theft.โ
SMEs need to take the threat more seriously, Hannan says. And the first thing to do is to become familiar with the Defence Signals Directorate website.
โTheir website publishes lots of notes for small businesses to help them keep abreast of the risks, and itโs continually updated,โ he says. โItโs an easy place to start.โ
โApart from that, itโs important to regularly patch your systems, as software providers will close security loopholes as they find them and issue that as an update. Itโs also important to be constantly reviewing your access privileges.
โPeople think theyโre small, so theyโre not going to be a target. Thatโs not the case.โ
If you suspect your business has been attacked, Hannan recommends a careful approach.
โA trusted adviser in the IT space is a good place to start.
โThe thing to be aware of is that you donโt want to destroy evidence that may lead to the capture of whoever is responsible. Even turning on a computer might destroy the evidence that can be obtained through a forensic investigation.โ
The local police are a good point of contact, and for larger breaches, it can even be worth going to the Australian Federal Police.
Comments