With 2024 well underway, small businesses are assessing their opportunities and risks for the year ahead. The Australian economy is not immune from global headwinds such as high inflation and geopolitical shocks, and cyber-risk is becoming increasingly acute.
There is a common misconception that small businesses are less targeted than large companies when in fact many hackers and scammers see small firms as "easy prey".
The average cost of a cyber attack for a small business now exceeds $50,000 which in many cases is fatal.
The majority of small business owners are concerned about these risks, and two in five have now experienced a cyber attack.
Many small business owners feel that addressing cyber security is too hard, cost prohibitive and complicated to maintain.
However, the good news in our latest CyberWardens research in conjunction with Telstra and CommBank reveals that everyday vigilance can significantly reduce cyber risk.
Here are our top five cyber habits for small business in 2024.
Firstly, the importance of shutting down our computers instead of putting them in "sleep mode" cannot be understated.
When we shut down our computers, automatic software updates are installed that can help protect against a cyber break-in. Just as we would lock up our premise and cash registers at night, we should be locking down our devices.
Secondly, ensuring our passwords are strong and secure is an important habit to maintain.
By using long, strong and unique passwords or passphrases, we can stop cyber criminals from accessing multiple programs and services if they crack one of them - 16 per cent of small businesses are currently using short passwords, which increases the risk of an attack.
Thirdly, it is critical that we identify and report suspicious emails and spam. One in five small businesses are currently deleting suspicious emails they think could be scams without alerting IT or their manager.
Sharing suspected scams with the right people helps to ensure the senders can be investigated and blocked, and that other staff or stakeholders can be warned about these attempts.
Just as we would call in suspicious behaviour we see in our neighbour or local area, we should call in suspicious behaviour online. We should be notifying cyber police such as Scamwatch as soon as possible.
Fourthly, small business should give their team members unique logins.
When each team member has their own unique login, it means that if one staff member's password is compromised, multiple accounts aren't instantly compromised.
Just as businesses issue unique entry passes to their physical premises, entry passes to digital platforms (ie logins) should also be uniquely identified.
Last but not least, it is critical for small businesses to action system updates ASAP.
Almost one in five (18 per cent) of small businesses are currently "snoozing" software updates.
Whilst it can seem hard to action software updates when you're busy, failure to do so can be very costly. There is little point in having a smoke alarm if it is not up to date, and the same is true with anti-virus software.
Software updates mean that bug and security fixes will be made to your system as soon as they become available, meaning a better level of body armour against hackers. After all, small businesses have often paid for security software so it is only in our best interests to ensure they are providing value.
As these tips indicate, there are concrete measures that small businesses and consumers can take everyday to reduce their cyber risk.
Cyber security is a team game: your shield is only as strong as the good habits each team member practises.
That is why our CyberWardens program is being rolled out and can be undertaken for free by Australian small businesses with support from the Commonwealth government.
The basis of the program is that you don't need to be an IT guru to take sensible steps to protect your business, a message backed up by this latest research.
Small businesses have a major role to play in our national cyber strategy.
Failure to get into good habits only increases risk to small business and the economy of potential threats, data breaches and financial losses.
As we get back to work for 2024, let's stay vigilant and adopt cyber-safe habits this year.
