There’s been an alarming rise in cyber attacks against Australian small businesses with experts warning their social media accounts are an easy target.
Business Australia general manager products Phil Parisis says they have seen a surge in the number of small businesses losing access to their entire social media accounts, crippling their businesses, as hackers use them as a platform to try and scam their customers as well.
“Many small businesses rely on Instagram, Facebook and Twitter for a big part of their marketing or staying in touch with their clients – and cyber criminals are increasingly seeing this as an easy target,” says Parisis.
“One click is all it takes to lose everything.”
95 per cent of cybersecurity breaches are caused by human error, according to global cyber education company Cybint.
“We often hear from businesses that ‘I’m just a retailer, a designer, why would anybody target me?’.”
“The reality is that cyber criminals don’t necessarily target you. Mostly you become an accidental victim of a large, broad scale phishing attack. Then all it takes is one employee to make a mistake and it triggers an interest in your business.”
“Attackers are also incredibly creative at playing on human emotions, creating links someone is most likely to click.”
“We’ve seen a huge increase in phishing campaigns that revolved around trending topics like coronavirus vaccines or clicking a false Zoom meeting invite.”
Australians lost more than $8M to social networking scams last month, nearly four times what was lost in the same period the record breaking year before, according to the latest data from the ACCC’s Scamwatch. There’s also been a 40 per cent spike in the number of attacks being reported.
Parisis offers 6 tips to small businesses to avoid being hacked:
- Create a human firewall: Building a human firewall or educating yourself and employees is the most effective way of preventing a cyber-attack.
- Password protection: It’s important that passwords are not easy to guess. All businesses should consider a password manager or multi-factor authentication, with passwords regularly updated.
- Limit exposures: Logging on to public Wi-fi is one of the easiest ways to get hacked, hot spotting to a secure account is a safer option. Likewise be careful with cheap imitation cables and upgrade your systems regularly.
- Be prepared: Have a back-up account ready and know how to access it. Know what will be required to get your account back – have that information ready before the attack happens.
- Pay for an expert: The government is now offering cyber protection insurance to small businesses. This significantly reduces the financial impact of a cyber-attack and can help a business recover faster.
- Update business policies and procedures: Ensure your business processes are up to date to protect, prevent and recover from any suspicious behaviour.
Parisis says SMEs account for more than half of all cyber-crime incidents and in most cases it’s not possible to retrieve the lost accounts or information.
“Cybercriminals are savvy, they are taking on smaller businesses who knowingly have less resources, time and budget to protect themselves, unlike bigger companies with sophisticated security systems.”
“There are two types of social media attacks – firstly when hackers take over accounts by guessing passwords or buying them on the dark web then holding the account to ransom or using it to gain access to more valuable information.”
“Secondly, they use the social media account to target people within a company and create an email phishing campaign, often to scam money.”
Last July the Australian Cyber Security Centre reported a 60 per cent increase in ransomware attacks against Australian entities, with organisations quietly paying millions in ransoms to hackers.
By September, the federal government agency estimated Australian organisations and individuals had paid an astonishing $33B in the past year, either to hackers or in costs associated with their attacks.
Business Australia’s Cyber Security Training, has attracted the attention of thousands of small businesses, which is specially designed to help small businesses learn how to spot cyber risks and prevent attacks with a Cyber Security Health Check. The Cyber Security Training is specifically designed for smaller businesses and includes the top preventive measures and checks.