For many small businesses, a sense of complacency is the biggest hurdle to overcome with technological security.
But Mat Hannan, a lead partner in technological risk services at BDO, has a warning. “SMEs need to stop thinking it won’t happen to them,” he tells SmartCompany.
He and his team are seeing more and more SMEs come under attack. These attacks are increasingly mature, and increasingly committed for commercial gain, he says.
“It’s old crimes being committed in new ways,” he says. “Things like extortion, fraud and misappropriation of funds are a huge issue.
“There’s a continued risk of internal fraud. And as for external attacks, the threat has always been there, but such attacks are more easily perpetrated now.”
Small businesses doing things in new and innovative ways are at particular risk, he says. “Often, small businesses and start-ups have extremely valuable intellectual property. But often, their security systems aren’t up to scratch and that property isn’t protected by patents. So they’re an easy target for corporate sabotage and theft.”
SMEs need to take the threat more seriously, Hannan says. And the first thing to do is to become familiar with the Defence Signals Directorate website.
“Their website publishes lots of notes for small businesses to help them keep abreast of the risks, and it’s continually updated,” he says. “It’s an easy place to start.”
“Apart from that, it’s important to regularly patch your systems, as software providers will close security loopholes as they find them and issue that as an update. It’s also important to be constantly reviewing your access privileges.
“People think they’re small, so they’re not going to be a target. That’s not the case.”
If you suspect your business has been attacked, Hannan recommends a careful approach.
“A trusted adviser in the IT space is a good place to start.
“The thing to be aware of is that you don’t want to destroy evidence that may lead to the capture of whoever is responsible. Even turning on a computer might destroy the evidence that can be obtained through a forensic investigation.”
The local police are a good point of contact, and for larger breaches, it can even be worth going to the Australian Federal Police.