Protecting yourself against cyber security is in the news every single day of the week. Yet every day I hear another story about a small business that has had a breach. When talking to the owners, the anger, frustration and disbelief is evident to see. The shock is expressed in the following words; this is costing me so much, it’s the inconvenience, it’s the damage to my reputation and worst of all I am losing customers and I know they will not come back.
What is the cost for small to medium business?
Is a small to medium business subject to fines?
All businesses no matter what size are subject to privacy laws. Currently our NZ Privacy Act which went into effect in 1993 contains breach-related penalties from $2,000 to $10,000. New Zealand’s privacy commissioner is now recommending new civil penalties against companies of up to NZ $1,000,000 for a “serious” data breach to keep NZ up with sterner penalties adopted by Australia and the European Union. Ultimately there is significant accountability on businesses to keep customers’ private information secure or face potentially large fines as well as bad publicity and damage to their reputation.
Why is small to medium business a target?
This may be obvious but every cyber- criminal is looking for a soft target, in effect every small to medium business has more information (data) to target than an individual consumer and, because of resource restrictions and lack of knowledge they have a less secure environment than a larger organisation. This is not only in terms of software but also in having security policies that are effectively implemented. For example; user training, passwords, network access, usage of personal devices and external storage devices such as USB sticks.
Too often small business owners are not proactive because they do not believe they have anything worth stealing. This is not the case as every small to medium business holds customer credit card information, customer personal details such as bank details and emails. Every bit of information is useful to a cyber-criminal who can make money, for instance, by selling an email address.
Are the hackers and cyber criminals becoming more sophisticated?
The short answer to this question is YES. In the 12 months to June 2016 the NZ National Cyber Security Centre reported a 78% increase in cyber security incidents over the previous year. Our Australian neighbours (Australian Cyber Security Centre Threat Report 2015) identified that the number of cyber criminals with capability will increase, that the sophistication of the current cyber adversaries will increase making detection and response more difficult, ransomware will continue to be prominent and there will be an increase in electronic graffiti such as web defacements and social media hijacking. All this is occurring because every day no matter what size business you are there is a greater reliance on technology to run and conduct a business. The cyber-criminal is aware of this.
How to minimise and protect your small to medium business against cyber – attack?
Suggested guidelines for protecting your business are:
From a technology viewpoint aim for the following:
The four key elements in thinking about preventing cyber security breaches are to know your environment, to secure your environment, effectively control your environment and proactively monitor your environment.
The best approach is to make sure that the challenge of cyber security is at the forefront of the business owner’s mind and that of employees.
Bank Info Security
National Cyber Security Centre
The Privacy Commissioner’s Office
Australian Cybercrime Online Reporting Network
Ponemon Institute; IBM sponsored 2016 Cost of Data Breach Study Australia