Earlier this week, the Office of the NSW Small Business Commissioner published a report detailing the recent experiences and current perceptions of NSW small business owners about cybercrime.

Cybercrime is not unique to small businesses in NSW – it is a national problem.

Consequently, the report (and supporting factsheet) is compulsory reading for anyone who owns a small to medium business and can be download by clicking here (report and factsheet)

Some of the key findings of the report can be summarised as follows:
• Around half of the businesses surveyed felt their limited online presence meant that they’re protected against cybercrime. Unfortunately, this isn’t the case as the clear majority of attacks occur because of a staff member or business owner accidentally opening an infected email
• Around one in three small to medium-sized businesses in NSW have been victims of cybercrime in recent times
• Small business owners believe that Cybercrime is the fifth biggest risk to their business, yet many seem to under-estimate the nature and potential impact of this threat.
• The cost of cybercrime to businesses in Australia is rising exponentially, costing Australians an estimated $1 billion each year.

At a recent small business summit conducted in Canberra by the Council of Small Business Organisations of Australia (COSBOA), participants were told that 1 in 5 small businesses experienced a cybercrime attack during 2016 – with the government forecasting that 3 in 5 will experience some form of cyberattack during 2017.

When you listen to the case studies cited by small businesses that have lost money because of a cybercrime attack, you learn to appreciate how vulnerable small businesses are to attack, said ACAPMA CEO Mark Mckenzie.

“Typically, the attacks occur because of a staff member innocently opening an email”, said Mark. “This can often result in changes being made to the businesses financial systems where the bank account details for electronic invoices are altered without the knowledge of anyone in the business, resulting in payments being made to the hackers by the customers of the business”, said Mark.

Another common attack involves the hacker infiltrating the email system and sending internal emails to the accounts department requesting that payments be made to third parties. We experienced such an attack ourselves recently, with someone hacking into ACAPMA’s email system and issuing an instruction for a payment to be made to an international business, said Mark.

Fortunately, ACAPMA’s two step approval process resulted in the request being identified as bogus before the payment was made.

The key message here is that everyone running a business is vulnerable to cyberattack. “Computers are being used as the tool of choice by organised crime around the world”, said Mark.

It is vital that all businesses take precautions against this growing threat by:
(a) training staff in what to look for in respect of bogus emails as well as ensuring that business critical information is regularly back-up on an external drive,
(b) ensuring that all computer systems are regularly updated and that scamware is installed, and
(c) taking out insurance to protect against any losses suffered because of a cybercrime attack.

“ACAPMA is currently working with COSBOA to secure access to an online training programme for the staff and owners of ACAPMA member businesses”, said Mark.

The details of this free training course will be provided in coming weeks.

Meanwhile, members are advised to remain vigilant against cyber-attacks and report any cyber scams to the ACCC’s Scamwatch website (ACCC’s Scamwatch website).