2 out of every 5 small businesses experience a cyber-security incident: Here’s what lawyers can do to protect their businesses
For many businesses that are heading back into the office and shaking off the dust from 2020, it’s now a great time to implement new processes and systems, especially if there are areas you’ve been putting off actioning in the past. For many small businesses, cyber security often falls into this category, writes Susie Jones.
With the changes COVID-19 has thrust upon our world, it is important that small-businesses owners understand the value that their customers place on the data that they’re giving them. We can no longer go to a pub without pulling out our phones and signing in with tech, so data security concerns are now right at the front of customers’ eyes, yet still at the back of business owners.
The size of the threat facing us in 2021 is much greater, with reports to Scamwatch up almost 25 per cent in 2020. Cyber criminals looking for ways to exploit the new digital economy have found them.
Every type of business from retail to professional services had to move online in 2020 to service the needs of their customers, as a result small businesses now store their most important data on digital platforms that, oftentimes, aren’t very secure.
Concerningly, almost 20 per cent of small businesses spent $0 on cyber security over the past 12 months, despite research showing that business owners consider cyber security as more important than physical security.
The latest data from our white paper shows that two out of every five small businesses experience a cyber attack, so now is the time to get on top of it. It’s time to review platforms and systems, assess what scams or cyber attacks might pose the biggest risk to your business, and take steps to improve the protection of this information.
The most common scams targeting lawyers include:
● Business email compromise (using stolen or easy-to-guess email usernames and passwords to access and redirect your emails) leads to invoice scams or data theft and breaches.
● Insider cyber attacks from ex-employees or outsourced support accessing your systems after they have left or changing passwords and locking you out of your own systems in order to cause damage or steal data.
● Identity theft is prevalent with scammers posing as trustees and other legal representatives in order to access trust funds.
● Ransomware attacks through phishing email campaigns that result in cyber attackers attempting to extort ransom payments in exchange for regaining access to your systems and files.
For all small-business owners, the most important thing to do is to understand what risk you currently face.
First 3 steps to take:
1. List all the places you store data (e.g., Google Drive, Hootsuite, Shopify etc.) – 84 per cent of Australian business owners rely on 30 separate technologies!
2. Check whether these different host platforms share the same passwords and change them (anything that’s easy to remember is easy to hack. When hackers use a password cracking tool, nine character passwords take five days to break, 10-character words take four months, and 11-character passwords take 10 years!)
3. Turn on multifactor authentication on everything! Using multifactor authentication can block 99 per cent of account hacks!
Luckily for us, cyber security is not a tech problem, it’s a human problem. We expose ourselves to risk through using the same, weak passwords or opening a dodgy looking file. By being more aware of digital risks and making a few changes we can greatly protect ourselves against a cyber threat.
Susie Jones is the co-founder and chief executive of Cynch, an Australian-owned small business focused on cyber security for small businesses.