A small business' cyber security is only as strong as the good habits each team member practises, yet four in five small business owners (78 per cent) have observed everyday habits occurring that inadvertently make them more vulnerable to cyber crime.
As workers return to the office and get back to work for 2024 it's crucial small business teams stay vigilant and adopt cyber-safe habits this year.
New research from the Council of Small Business Organisations of Australia's Cyber Wardens program has revealed the top 5 cyber security bad habits prevalent among Australian small businesses.
The study, based on a survey of more than 2,000 Australian small businesses, highlights common pitfalls that could expose them to potential threats, data breaches and financial losses as they return to work from the summer holidays. The findings aim to raise awareness and empower small business owners to enhance their cyber resilience by building simple cyber-safe habits into their daily business lives.
"It's hard to remain vigilant, so this is a reminder on how to avoid slipping into bad habits and instead build good habits that improve your business culture of simple cyber security," COSBOA CEO Luke Achterstraat said.
"Through the Cyber Wardens program, we are encouraging small business owners to make simple swaps in the everyday habits of your business as the easiest way to kickstart your new year cyber safety plan."
Kirsten Lynch, Owner of Plato's. Wonder. Create. Discover - a gift and toy shop in central Hobart - said she and her staff had been guilty of sharing passwords amongst themselves and across different programs, but after completing the Cyber Wardens training, they had made changes to ensure everyone had their own strong, unique passwords.
"Running a small business, I know just one attack could mean the end of my business, so I take cyber security very seriously," Ms Lynch said.
"I think the Cyber Wardens program is an informative, simple tool all businesses can use to help prevent cyber crime affecting their businesses. I'll be asking all my staff to do the training."
Rebecca Warren, Executive General Manager Small Business Banking at Commonwealth Bank said that scams and fraud can have a devastating impact on small businesses, both financially and emotionally.
"While the prevalence of scams continues to rise, recent CommBank data shows anti-scam initiatives announced by the bank over the past year are making a real difference for customers, with CommBank protecting retail and business customers from more than $228 million scam attempts through its early prevention and detection program.
"People are the first line of defence when it comes to payment scams which is why the Cyber Wardens program to upskill small businesses in cyber safety, so small businesses can build resilience from the ground up, is such an important initiative."
5 good habits to help keep your business safe from cyber-attacks
Shut down your computer instead of putting it in 'sleep mode'
1 in 4 (27 per cent) small businesses puttheir computers in 'sleep mode' rather than shutting them down, increasing the risk of out-of-date software giving access to cyber criminals.
- Cyber-safe habit #1: When we down our computers, automatic software updates are installed that can help protect against a cyber break in. Try to shut down your computer every night when you finish work.
Use long, strong and original passphrases
Passwords are your first line of defence, yet 1 in 4 (26 per cent) small businesses are reusing the same passwords across multiple systems and platforms. 16 per cent use short passwords making them easier to crack.
- Cyber-safe habit #2: When we use unique passwords we stop cyber criminals from accessing multiple programs and services if they crack of one our passwords. Change your passwords, including for your company email, financial services, business files and any accounts storing your payment details, and save them in a secure password manager.
Report suspected scams
More than 1 in 5 (21 per cent) small businesses are deleting suspicious emails they think could be scams without alerting IT or the head of their business.
- Cyber-safe habit #3: Sharing suspected scams with the right people helps to ensure the senders can be investigated and blocked, and that other staff can be warned about these attempts. You can also report scams to the National Anti-Scam Centre - Scamwatch - or the company being impersonated, such as your bank or phone company.
Give team members unique logins
1 in 5 (20 per cent) small businesses share passwords between team members.
- Cyber-safe habit #4: When each team member has their own unique login it means that if one staff member's password is compromised, multiple accounts aren't compromised. You are also better protected from insider threats.
Action updates ASAP
1 in 5 (18 per cent) of small businesses are 'snoozing' software updates.
- Cyber-safe habit #5: It is hard to action software updates when you're busy - they always seem to pop up when you're the most stressed! But making updates a priority means you will deliver important bug and security fixes as soon as they become available. Hackers use these security weaknesses to attack your systems, so the sooner you action updates, the sooner you'll be protected.
Cyber Wardens urges small businesses to make simple swaps in the everyday habits oftheir businesses to kickstart their new year cyber safety plans and foster a culture of awareness.
The free, Australian Government-funded Cyber Wardens program provides training to small business owners and employees on how to digitally safeguard their businesses. This includes essential upskilling on the fundamentals of multi-factor authentication, password management, device updates and backups.
According to Scamwatch, Australians lost more than $429 million to scams in 2023, with phishing, false billing, online shopping scams and identity theft the most commonly reported scams.
Last year the ACCC reported the number of businesses losing money to scams had increased by 73%.
The latest Australian Signals Directorate's (ASD) Annual Cyber Threat Report revealed the average cost of cyber crime per incident rose by 14 per cent from 2021-22, to $46,000 for small businesses.