In 2019 Gillian Franklin (founder of The Heat Group, a Melbourne-based wholesale cosmetics company) was in London preparing to knock the socks of Tesco’s representatives during a presentation. All was going well, until Franklin’s colleague logged on to complete some work for the presentation and found that the company’s shared folder was empty.
In fact, the entire business was gone—save for the company’s emails. The Heat Group had been hacked.
Franklin’s IT team reacted quickly, setting up a new firewall and shutting down servers. Even so, the hack cost the company $2M. And despite knowing the hacker was in Russia, there’s no clear answer as to who was behind the attack and no way for the hacker to compensate for this loss.
This is the reality of cybersecurity in this day and age. Even for businesses who think they are protected, if a hacker wants to get your information they can. And there’s often no recourse for the victim. Since the attack, Franklin has warned other businesses to stay vigilant and to develop a contingency plan in the event of an attack.
But what if you’re a small business, smaller than The Heat Group, and you don’t have $2M to spare in the event of the attack or a team of IT experts who are able to get your business back up and running relatively quickly? What then?
In 2020 Australian authorities expressed an intention to crack down on cybercrime. They also pointed out that small – medium-sized businesses are at high risk of cyberattacks, particularly in response to phishing emails arising from COVID-19. But as Franklin’s experience demonstrates, hackers can come from anywhere and they may not be identifiable. For small businesses then, there’s only one option: be prepared. In this blog we’re outlining how you can protect your business against cybercrime.
- Prepare for an Attack
When it comes to cybersecurity for small businesses, it pays to assume the worst. As cynical as it sounds, this is the only way to ensure you stay protected and in the event of a compromise are in the best position to recover and/or minimise damage.
As Franklin explained, when the attack hit The Heat Group, there were two concurrent plans the company had to execute. The first was a technical plan, in which the IT team worked around the clock to recover anything they could. The second was a communication plan. Customers, trading partners and suppliers all needed to know what had happened, and they needed to know quickly.
- Put in Place Decent Security Measures
It’s hard to imagine businesses aren’t using passwords and being safe online, but here are a few pointers that often go amiss and are necessary to protecting your business:
- make sure you have strong and unique passwords (avoiding using the same passwords over again);
- upgrade your software and operating systems whenever you can;
- back up your company’s data; and
- refer to the Small Business Cyber Security Guide by the Australian Cyber Security Centre found here.
- Educate Your Staff
Simply having a staff member open a malicious email can expose your business to a range of online threats. It’s essential that your staff is up-to-date with what cyberattacks look like and what to do in the event of an attempted attack. Franklin suggests testing your team by creating your own phishing emails and sending them to the business as a dummy, so you can see how employees respond.
- Beware Phishing Emails
Phishing emails have been identified as a particular risk for small businesses by the Australian Federal Police. Cleverly-designed emails which entice an employee or business owner to open malicious files or malware have been identified as a significant threat to small businesses. In fact, cybercrime activities cosr Australian businesses an estimated $29B each year.
To protect against phishing emails, firstly know what they look like. Phishing emails typically say things like:
- there’s been some suspicious activity or log-in attempts on your account;
- there’s a problem with your account or your payment information;
- you must confirm some personal information;
- you’re eligible to register for a government refund; and/or
- you’re offered a coupon for free stuff.
- Seek Professional Advice if Needed
If necessary, seek professional advice from an IT expert surrounding your cyber protections.
At Green & Associates, we can advise on any legal remedies which may be available to you in the event of an attack. Contact us today on +1 (02) 8080-7585 so we can help advise you of the best course of action.