In 2022, Melbourne-based cyber security firm Kaine Mathrick Tech found that 43% of cyber attacks targeted small businesses and that only 5% of small business data folders are protected.
That same year, the Government increased funding towards the country's cyber security capabilities by $9.9 billion. The question for Australian SMEs now is to access support and training grants to bolster their own cyber security and what threats to be aware of.
For your business, how do you protect against cyber threats and what tips can you apply to safeguard the data of your team and customers?
Take advantage of the Skills and Training Boost
While this is by no means tax or financial advice, our first suggestion is to discuss the possibility of getting support from the Federal Government with your finance team or accountant.
The Small Business Technology Investment Boost and Small Business Skills and Training Boost by the Federal Government offers small business grants for employee training on cyber security.
According to the Australian Taxation Office (ATO), subject to law, small businesses (with an aggregated annual turnover of less than AU$50 million) can get an additional 20 per cent deduction on expenditures incurred for digitising its operations on business expenses and depreciating assets such as portable payment devices, cyber security systems or subscriptions to cloud-based services.
Businesses may continue to deduct expenditures ineligible for the bonus deduction under the existing tax law. The ATO will provide further details on eligible expenses once the law has passed.
An annual $100,000 cap on expenditures will apply to each qualifying income year. Businesses can continue to deduct expenses over $100,000 under existing law.
Deduct an additional 20 per cent of expenditures incurred to provide eligible external training courses to employees by registered providers in Australia.
Your business may continue to deduct expenditures ineligible for the bonus deduction per the existing tax law.
This measure will apply to expenditures incurred in the period commencing from 7:30 pm AEDT 29 March 2022 until 30 June 2024.
Beware of these small business cyber threats
Apart from applying for FedGov grants, you can learn about the kinds of cyber threats often used for small businesses.
Vulnerabilities from cloud and remote work
With the move to cloud-based systems come some vulnerabilities. To prevent breaches, you can start a cyber security policy for small businesses that includes staff protocols. Teams can explore using software purposely created for remote workspaces that have their safeguards.
Little to no cyber defences set up
Data from ASIC shows that Australian businesses reported a 260 per cent increase in scams in 2020 (vs. 2019) and a 200 per cent increase in 2021 (from 2020). With numbers rising, small businesses need to ramp up their cyber security.
Falling prey to spear phishing
Spear phishing is a type of cyber attack that targets a specific employee. Here, a threat actor takes over their account to communicate with partners and customers, social engineer staff and access sensitive data and financials. Executive assistants, CEOs, CFOs, Owners, Founders and Managing Directors are the most common targets because of their broad access to company data. Small businesses are 3x more vulnerable to this, according to Barracuda research.
Being held hostage through ransomware
Ransomware is a kind of malware that denies you and your team your own company's information through encryption. This information can include financial information, staff profiles and even customer information that you'll only be able to retrieve once you pay up. Apart from being an added expense, it can halt business operations.
Opening a can of malware
"Malware" refers to a broader scope of malicious software like worms, viruses and spyware. Through these programs, cyber criminals gain access to sensitive data, assisting them in committing fraud, identity theft, and disrupting your business.
How to protect your small business from cyber security breaches
Owners and leaders have to shoulder the responsibilities of being cyber safe, on top of their day-to-day tasks. We recommend holding team conversations on how to protect your SME. You can explore these cyber security tips for small businesses.
Installing security software
Make sure all work devices and computers have up-to-date security software installed. And while we discourage using personal devices for business, those too should have security software. Security software offers anti-spyware, anti-virus and anti-spam protection. These measures may add to your expense ledger but are critical to protecting businesses.
Creating awareness of cyber threats
It's best to have conversations about the latest breaches, the kinds of cyber threats out there and how to adjust your processes and operations to reduce the chances of being impacted by them.
Offering training and workshops for staff
Regular cyber readiness workshops help your team understand potential cyber threats and establish processes for cyber safety. At the same time, foundational cyber security training and certification builds up the skills of identified team members so they can specialise.
Incorporating security measures
Some simple but effective measures to keep your business safe include encryption and authentication like 2 Factor Authentication (2FA) for logging into apps. You can also secure passwords using freemium open-source password management services like Bitwarden or Last Pass. You should also back up data regularly and set software to update automatically to protect against the latest threats.
Getting support from experts
Cyber security can mean looking into many different areas of business. Consultants and cyber readiness instructors can point in the right direction when it comes to measures to implement and training to run.
Propping up defences against cyber crime with training
Gain the necessary skills and understanding through cyber security training for small businesses. We designed flexible delivery options, including self-paced programs and drop-in sessions. They balance taking time out of work with boosting your cyber skills.
Self-paced learning offers introductory materials you can study on your own. Materials include technical instructor recordings, course content and interactive exercises.
'Drop-in' sessions let students study the materials independently and then book 45-minute sessions with an instructor to discuss specific questions. Students can email questions beforehand to the instructor to maximise the consultation. Trainers deliver these sessions remotely.
Lumify's small business training for cyber security is available across Perth, Brisbane, Sydney, Melbourne, Adelaide and Canberra. Download the eBook on Digital Skilling for SMBs. Feel free to contact us about our customised training requirements for small businesses.