Small businesses are a big target for hackers (Paulsen, 2016). Symantec indicated that 90% percent of spear-phishing attacks targeted businesses with 1-250 employees. Small businesses store a lot of various sensitive information about their clients and since larger corporations invest more resources when it comes to cybersecurity, cyber criminals tend to focus on smaller businesses instead that have relatively weak security and are more vulnerable to an attack. According to the Australian Cyber Security Centre (ACSC), 99.8% businesses in Australia are small to medium and form a huge chunk of Australia’s economy.
1. User Training
User training is possibly one of the most important, simple and inexpensive way to mitigate cyber security risks in any organisation. It is absolutely important that staff at small businesses are trained before they interact with the company’s IT infrastructure. Every staff member can be a source of a security breach and must go through basic security training, whether the staff is customer facing or working in the IT department.
According to a recent cybersecurity report human error is the cause for 95% of security breaches and while technologies like MFA are an effective tool in preventing fraud and security breaches, staff training and education is equally important for all tax and accounting firms (Wiseman, 2017).
Unless staff is trained and informed about cybersecurity basics they will continue to falter and make critical errors such as plugging random USB drives into work computers, ignoring backups etc. which in turn will cause loss in productivity due to slow unresponsive computers, data breaches and ransom attacks on a more frequent basis.
2. Policy & Risk Transfer
An optimal cybersecurity policy is one that reduces the total cost of cybersecurity and is generally presented as the sum of total resources spent on cybersecurity and losses due to a cyberattack (Libicki et al., 2015).
A policy ensures the how, what and when can employees access data and applications and must be applied throughout an organisation in order to be effective. Policies outline the rules and expectations out of users (Akhgar & Arabnia, 2014). JL needs to invest in the creation and management of policies to avoid future data breaches, loss of service, revenue, trust and productivity.
3. Backup Infrastructure
An up to date backup of data is really important for any organisation. Backups provide the ability to easily recover and restore data in the event of an attack or hardware failure. As a matter of fact, the only way to recover from a ransomware attack without paying the demanded ransom is restoring from a backup (Lee et al., 2017).
4. Security Software
Software that can be used to detect, identify and remove malware such as worms, trojans, virus, spyware and other malicious programs is known as security software (Bradley, 2014). Examples of such software include but are not limited to antivirus, firewall, Unified Threat Management (UTM) etc.
Malware infections can significantly slow computers down and cause massive data leaks which in turn can lead to substantial financial and reputation losses for the business.
5. Data Encryption
Data encryption aims to protect the confidentiality of digital data while it resides on a computer and while it is transmitted over the internet. JL can be subjected to huge losses of both revenue and reputation if accounting records of their clients leak online. If the data JL handles get stolen they might be charged with negligence and may be forced to compensate clients. JL may also face hefty fines from government regulatory bodies such as ATO for not doing enough to protect their data. JL’s accounting licence might also be revoked in the event of a serious breach.