SMBs need to take more action against cyber crime

One year on from a series of data breaches culminating in Australia’s largest cyber security scandal, research has revealed that SMBs are much more vigilant about the security of their data, but concerned that their actions against cyber crime aren’t enough. 

In September 2022, Optus suffered a data breach that affected up to 9.7 million current and former customers, over a third of Australia’s population. Optus was only one of many companies of all sizes affected by breaches over a small period of time. Beginning in September 2022, several major data breaches impacted almost half of the population within the space of four months. 

PayPal’s 2023 Online Security Research found three quarters (76 percent) of those affected by cybercrime in that period said the breaches caused harm, and as a result 74 percent say they have ongoing concerns.

The government has taken a variety of actions in the 12 months following the attack. Earlier this year, it appointed Air Marshal Darren Goldie as Cybersecurity Coordinator. Home Affairs Minister Clare O’Neil has recently shared a preview of the upcoming Australia Cyber Security Strategy 2023-2030. Set to be released in detail at the end of the year, the strategy will build six cyber shields around the country involving citizens, businesses and governments to help better protect the country.

New research from PayPal reveals that almost three-quarters of Australian SMBs, at 72 percent, are more concerned about their online security than they were a year ago. 

According to PayPal’s 2023 Online Security Research, the top areas of increased concern for Australian small businesses revealed by the research are: scams becoming more sophisticated (53 percent), the safety and security of business data held by other organisations (43 percent), and cyber criminals impersonating suppliers, vendors and service providers (41 percent). 

SMBs also have heightened fears about their business bank account becoming compromised (41 percent), the cost and complexity of staying ahead of cyber criminals (40 percent), and credit card and customer fraud (40 percent).

Security concerns are the top reason Aussie consumers abandon purchases at the checkout with 37 percent abandoning online shopping carts when they question a site’s data security. 

Home Affairs Minister Clare O’Neil addressed the concerns of small business owners in her speech at the AFR Cyber Summit last week as she unveiled the Australia Cyber Security Strategy 2023-2030. “We have to work together here to help small business. We heard again and again that they know they need to change things. They know they need to tackle this challenge. The big issue for them is that they just don’t know where to start.”

PayPal’s 2023 Online Security Research found that 85 percent of SMBs have taken at least one step to bolster online security. including: backing up data and implementing a data recovery process (50 percent), encouraging employees to treat calls, emails and texts with more suspicion (48 percent), and enabling two-factor authentication or other controls for employee access to systems (38 percent). 

However, only one third of SMBs have enabled fraud protection for their e-commerce sites (34 percent) or introduced or increased employee security training (34 percent) and just 32 percent use encryption for important information. 

Daniela Fernandez, Head of Information Security at PayPal said, “Cyber security is an essential investment no matter how small your business is. While cyber criminals may not seek the same level of impact or notoriety by breaching small businesses, they are still targeting them for funds and data. That’s why protecting yourself and your small business should be a top priority.

“Simple steps like applying regular software security patches and keeping your software up-to date , using latest anti-virus software, using strong password, turning on multi-factor authentication, training your staff, and doing frequent back-ups can make your business a tougher target,” he advised SMBs.