What does each of the 36,000-strong real estate businesses in Australia have in common? They all rely on their computers and the internet to do business. Indeed, the internet is so integral to the real estate profession that it would be hard to imagine doing business without it.
So imagine the cost a major technological outage would bring. Like a majority of small business owners in Australia, you probably can’t. Something which, according to research by the Ponemon Institute, a majority of Australian businesses are struggling to grapple with.
In their report 2014 Cost of Data Breach Study: Australia, it was found that Australian businesses are losing an average of $2.8 million each year due to cyberattacks and data breaches. Critically, the cost of data breaches is also rising, up to $4 for every lost or stolen record. On the face of it, this may not seem like much, but think of how many records your system keeps and it’s easy to see the cost of how a breach of between 10,000 to 100,000 records can escalate.
Over half of Australian businesses are victims
While it may be easy to dismiss cyber-criminal activity only happening to large businesses like Sony or Target, the reality is over 50 per cent of small businesses have reported a cyberattack in the past 12 months. Worse still, it’s believed many more have been attacked but weren’t aware of it.
Research by the Australian Crime Commission has shown that small businesses have become the main target for data breaches. That’s because most small businesses don’t have adequate security measures in place, making them a lot easier to hack into, meaning there’s less risk to criminals.
But what is a cyberattack exactly? It’s easy to think it is someone sitting in the dark hacking into our systems, but cyberattacks can take many forms, including:
• An unauthorised person gaining access to your system
• The theft or corruption of your data
• Viruses or malware infections on your system
• A denial of service attack that leaves your entire system unusable
Sometimes, even if your business hasn’t been attacked, it can be affected by an attack on another business, such as an internet service provider, contractors or even your electricity supplier.
Importantly, since March 2014, new Australian privacy legislation means potential penalties of over $300,000 for individuals and $1.7 million for businesses breaching privacy laws.
Penalties aside, the cost of a cyberattack can be enormous and, in many cases, the damage to your brand can be catastrophic, with almost 85 per cent of Australians saying they would stop doing business with a business if their data was breached.
According to the report, consumers are abandoning companies following a data breach in record levels. The costs stemming from customer turnover, reputational losses and diminished goodwill average $840,000 per data breach.
So what can you do to protect your business and livelihood?
The best way to protect your business and your customer’s data is to be proactive about your security:
• Take a good look at where your information is being stored and used and protect it accordingly
• Ensure you and your staff use passwords with eight characters or more and use a combination of letters, numbers and symbols (such as # $ % ! ?)
• Create a disaster plan - identify your critical resources, use updated security and backup solutions to archive important files, and test often
• Use encryption technology on desktops, laptops and removable media to protect your confidential information from unauthorised access
• Spend the money on a good security solution. Modern security software not only checks for viruses and spam, it scans files regularly for unusual changes in file size, programs that match known malware, suspicious email attachments and other warning signs
• Make sure you keep backups of all important data offsite to protect your business from all forms of data loss
• Keep your security software updated. Thousands of new viruses, worms and malware are created daily. The only way you can protect yourself is to keep your system up to date
• Develop and implement internet security guidelines and ensure employees understand them, as well as what to do if they misplace information or suspect malware on their machine
• Take out cyber insurance. Data breaches are incredibly costly. Aside from the cost of notifying your customers, you may also face costs for PR, credit monitoring, investigations response and compliance-related activity, compensation for affected customers and engaging experts. Most of these costs aren’t covered by normal business insurance, which is why it is important to speak to your insurance provider or broker to make sure you are covered in case of a breach or attack.
Edward is a content expert at the Know Risk Network. He has enjoyed navigating the risks associated with the twists and turns of a varied career in communications in a number of different industries, including the community sector, government and the finance industry.
Edward uses his unique understanding of the risks associated with life and its vicissitudes to help consumers and small business alike.
The Know Risk Network is a non-profit, entirely independent community education program designed by the Australian and New Zealand Institute of Insurance and Finance to improve our understanding of practical risk management and insurance. It is supported by community and emergency services groups, risk experts, insurers and government.