It has been reported that over 20,000 struggling small businesses have sought after advice with cyber security related issues during the first few months of 2022. Small businesses are concerned as they are increasingly needing to protect their livelihood from online criminal activity.

Business Australia has experienced an increase in struggling small businesses searching for answers on how to protect themselves from cyber-attacks, after receiving an influx of 20,000 applicants searching for assistance so far this year.

Small businesses providing some of the nation’s most essential services have been affected with professional services top of the list, followed by manufacturing, retail and healthcare.

One of the small business owners that was forced to deal with such a cyber-attack was South Australia’s Kelly Noble, who was recently held ransom to thousands of dollars.

“It’s devastating. We lost access to ten years of work, thousands of hours and more than 21,000 posts promoting SA destinations and businesses. I started Adelaide’s first social media agency so I’m no newcomer to this, but they’re getting more sophisticated and believable each day,” says Kelly Noble.

Research shows that business owners are aware of cyber-crime, but they are just not prepared 90 percent of attacks are still successful due to human error.

The Australian Cyber Security Centre (ACSC) believes that a cyber attack was deployed every eight minutes over the past 12 months, and six in ten small businesses have been affected.

Business Australia general manager Phil Parisis says Australian small businesses are now waking up to the fact that they are easy targets for cybercriminals.

“SMEs account for more than half of all cyber-crime incidents; and they are becoming increasingly aware of this, searching for the best tools to help them protect themselves. Cybercriminals are savvy, they are taking on smaller businesses who knowingly have less resources, time and budget to protect themselves, unlike bigger companies with sophisticated security systems,” says Phil Parisis.

“Malware, ransomware and scam emails are among the top three, and cyber criminals don’t have to be IT experts to deploy such scams, with TikTok videos showing exactly how this is done within minutes,” continued Phil Parisis.

The increase seen in cyber security attacks across Australia highlights how important it is for small businesses saying while it can seem complex, some of the best protection comes in simple and consistent efforts, including training your staff who are your “best firewall.”

“Policies such as mandating difficult passwords for accounts, including where you store private data; and having a company policy of changing these every 3 to 6 months are simple and effective measures.

“Company policies and protocols such as avoiding public Wi-Fi for business are also essential, as is training employees on what suspicious emails look like, and what to do if you receive one,” says Business Australia general manager Phil Parisis.

ATO Encourages Accountants to Take Cyber Security More Seriously

The Australian Tax Office (ATO) has spoken out about the increased frequency of scams taking place across Australia. The ATO emphasising that accountants should be doing more to strengthen their digital systems as the risks for taxpayers rise.

Scams, identity theft and fraud are becoming an increased threat and the ATO said practitioners should review their cyber-security arrangements this year.

ATO assistant commissioner Darryl Richardson said accountants are already involved in system and process changes with new client verification guidelines developed by the ATO and TPB.

Mr. Richardson also believes that it is important for accountants to continually review the processes in place, both across the firm and for clients.

“It is worthwhile having to think about the controls that are in place, in your practice, and when you are interacting with clients. What does it actually look like, how does it feel,” says ATO assistant commissioner Darryl Richardson.

Unfortunately, we do see circumstances such as where the client is dismissive of the client verification process, or whether they are not forthcoming with information that is asked of them, or even things like applying pressure or documents that appear to be fake, or otherwise unusual. I think agents understand, and they apply at least the minimum guidance, or the minimum action, but it is worthwhile reflecting on the sorts of things that we do see,” continued Mr. Richardson.