Create a free account, or log in

Are we destined to lose? How SMEs can protect customers from cyber crime

Small businesses are being encouraged to be proactive about helping their customers get control of their online privacy as scam losses spike.
Matthew Elmas
cyber crime

Small businesses are being encouraged to help their customers get in control of their online identities by making privacy policies more accessible and bolstering their defence against cyber crime.

This week (October 7-13) is Stay Smart Online Week, a national initiative raising awareness among customers and businesses about the growing number of threats associated with information security.

As the digital economy grows, and Australian society becomes increasingly reliant on cloud-based services and information storage, experts believe the community remains unprepared for emerging threats from cybercriminals and even state-sponsored hackers.

New Deakin University research released on Monday finds one-in-three Australians can expect to be affected by cyber crime, or a data breach that released their personal details.

Damien Manuel, director of Deakin’s Centre for Cyber Security Research and Innovation, noted this has increased from one-in-four Australians only a few years ago.

Manuel tells SmartCompany small businesses, which represent the vast majority of companies consumers interact with, aren’t doing enough to make privacy and information security accessible.

“[Companies] bury everything within the terms and conditions that most people just scroll through,” Manuel says.

“It doesn’t really provide people with a good understanding.”

Manuel says businesses can take steps to ensure their privacy policies are up to scratch. This includes prioritising plain-English explanations.

“Less is more, the simpler you can make it the more language can be legible,” he explains.

Broadly, businesses should prioritise telling customers what information they are retaining, who they’re passing it on to, and how they’re storing it.

It’s also essential to ensure any information stored is encrypted, and not in plain text.

Firms should have a plan in place dictating what they will do when they are hacked, and this should be communicated to customers.

Manual stresses that it is a case of ‘when’ a business is breached. Not ‘if’.

“At the end of the day, everyone is going to be breached, it’s just a matter of when and how well they [a company] can manage that breach,” he says.

Australians lost more than $10 million to scammers last year, while small businesses lost more than $4.5 million, according to ACCC figures.

Cybersecurity experts have previously linked the increase in scam activity to the prevalence of data breaches driving down the price of personal information on black markets, globally.

Manuel’s research asks an increasingly common question among cyber security experts: whether communities could be “destined to lose” the battle against digital criminals.

This echoes concerns outlined by Jaya Baloo, chief information security officer of Netherlands-based telecommunications giant KPN, at a recent conference in Brisbane.

Baloo noted the advent of state-based cyber attacks, namely the WannaCry ransomware attack, which was allegedly sponsored by North Korea (according to the United Nations). It has become “nearly impossible” for people and business owners to be safe online, she suggested.

“If the problem is Kim Jong-Un sized, good luck with that,” Baloo said.

Other cybersecurity experts have argued Australia’s own privacy laws, which are backed by a set of priorities called the Australian Privacy Principles, are inadequate and need to be strengthened.

Manuel agrees Australia’s privacy laws are in need of an update, but says the problem is much broader, going back to the way the structures underpinning the internet were built in the first place.

“All the systems we rely on, particularly the internet and the protocols used to communicate and transfer information, were all based around trusted lists of people,” Manuel explains.

“No one really built a system on the understanding that it could be manipulated.”

With the proverbial ship now sailing, Manuel says human behaviour needs to catch up to digital realities.

“We’ve had this huge explosion of devices getting more digitally integrated into our lives,” he says.

“People really haven’t adjusted culturally from a behavioural perspective.”

The Australian Taxation Office (ATO) has also issued a warning about cybersecurity risks as they relate to taxation fraud, saying Australians need to be careful about the information they share online.

The guidance came after a man was sentenced to five years in jail at the Brisbane District Court for lodging 62 fraudulent income tax returns, by stealing the identities of more than 50 people using an online job scam.

“To protect taxpayers’ information, we are also encouraging myGov users linked to the ATO to update their myGov sign-in options and opt to receive a security code by SMS,” ATO assistant commissioner Ian Read said in a statement circulated on Friday.

“You can help stop refund fraud. If you suspect someone of being involved in tax fraud, you should report it,” Read said.

Common cyber crime examples

Courtesy of Deakin, here are some common scams researchers have identified that you can watch out for:

  • Being asked to pay unexpected fines or invoices on penalty of jail;
  • Being asked by a government agency to login to update details, with links provided in the same email;
  • Being directed to urgently act to prevent fraud on an account, such as a bank account; and
  • Logging in to a cloud service to access a document from a person you don’t know.

NOW READ: “Nearly impossible”: As nations wade into cyber crime, how can businesses keep up?

NOW READ: Bit by bit, day by day: How to play the long game with cyber security