Last year, Australians were shocked by data security breaches that took place across a number of major companies. Issues with insurers and telecommunications companies showed that no matter what size business you have, cyber-attacks are always a possibility.

Small business owners face the same pressures about data security as their larger counterparts. No matter how much customer data you collect as part of your regular operations, you are required to keep it safe from hackers. To add to this, there is the risk of a ransomware attack, which will leave you unable to access your online systems and platforms.

Even with everything else going on in the world right now, cybersecurity is such a big issue that KPMG reported it as one of the top issues keeping business leaders up at night.

Let’s take a look at some stats about cyber crime in Australia, tips on how to avoid falling victim to a cybercrime attack as well as the penalties you face in the event of a serious security breach. 

Cyber crime in Australia

According to security experts at the University of Canberra, cybercrime costs Australians $42 billion per year. While major companies are the ones that hit the news headlines, small and medium businesses are also very badly affected.

Crimes can be in the form of hacking, cyber-fraud and online scams. It can involve the theft of customer data or business funds. As reported by SBS, The Australian Cyber Security Centre received 76,000 cybercrime reports in the 2021-22 financial year, equating to one every seven minutes.

Reporting cybercrime is now mandatory. Your business faces a penalty if you fail to notify the Australian Cyber Security Centre (ACSC) of a data security breach at your small business. You are also required to let your customers know about their information being potentially compromised. The ACSC’s website explains how to report an incident here: https://www.cyber.gov.au/acsc/report/report-a-cyber-security-incident.

Steps to prevent a cyber attack

Reducing the risk and fallout of a cyber attack requires a combination of technology, awareness and investment.

Technology

• Ensure your business data is backed up somewhere off the cloud so you can access it in the event of a ransomware attack
• Work with a cybersecurity firm to ensure you have the right firewalls and protections in place for sensitive information
• Store customer data in the most secure ways possible, or explore the use of a digital id solution that means your clients’ personal information isn’t held by your business
• Set up multi-factor authentication, where people receive a code via SMS before they can log in to their accounts.

Awareness

• Hold cybersecurity training sessions for your team
• Remind people to use complex passwords and update their passwords regularly
• Be aware of the risks that come with people working from home and bringing their own device to work from, and educate people about best practice
• Inform your team about the risks of ‘working from anywhere’ and the importance of making sure business information can’t be read by other people if they are catching up on work at a cafe or while they use public transport
• Talk about never clicking on suspicious email links or attachments.

Investment

• Invest in the support of a cybercrime prevention service
• Invest in cyber attack insurance. The Conversation recently reported that only 25% of businesses have protection.

Avoid a financial penalty for a small business data security breach

An additional incentive to make cybersecurity a priority for your business in 2023 is the Privacy Legislation Amendment (Enforcement and Other Measures) Bill that was passed in November 2022.

The bill increases the maximum penalties for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of:

• $50 million;
• three times the value of any benefit obtained through the misuse of information; or
• 30 per cent of a company’s adjusted turnover in the relevant period.

The Bill also provides the Australian Information Commissioner with greater powers to resolve privacy breaches and quickly share information about data security breaches to help protect customers.

AFS & Associates are your partners in providing peace of mind. Get in touch if you would like some more advice about how your business can adapt and remain compliant with cybersecurity regulations.