The Australian government’s small-business security guidance is only the beginning.

Cybersecurity has become a complex undertaking, but too many small businesses have fallen so far behind the curve that a successful attack could seriously impact them.

It’s already happening to many small businesses, according to the Australian government’s newly-published Small Business Cyber Security Best Practice Guide, which notes industry statistics suggesting some small businesses hit by ransomware last year were so badly affected that they had to cease operations immediately.

That level of cyber risk reflects the exposure of modern businesses to email security issues that still mean an entire company can be negatively impacted if one employee engages with a bad email.

Still, others risk financial losses from business email compromise (BEC), if an employee is tricked into paying a fake invoice or wiring money on the fraudulent orders of someone impersonating a key business executive.

Recent Australian Cyber Security Centre figures confirm such attacks are already common in Australia – and getting worse. Yet despite the risk, many small businesses still don’t know how to prevent attacks – or how to respond if they are hit.

Many assume they are too small to be a target – a fallacy since 43 percent of all cybercrimes are directed at small businesses per the guide.

Many other small businesses lack security-trained staff and simply hope they can figure out a solution when the time comes. This leaves them exposed to targeted email attacks and other malicious activities – sticking their heads in the sand despite the growing cybersecurity risk.

One-third of small businesses don’t take proactive measures against cybersecurity breaches, the guide notes, while 87 percent believe they are safe because of their use of an antivirus solution.

Tips for security

The best practice guide offers ten key steps to help small businesses avoid being successfully attacked – and to prepare to deal with a data breach if it happens.

Each of these steps provides an important part of a complete cybersecurity defense, but they are only the beginning of an effective cybersecurity management strategy that must, the guide points out, involve everyone in the business from top to bottom.

“Discuss cybersecurity regularly,” the guide recommends. “Make it a day-to-day priority, just like locking your doors each night.”

Those discussions must start long before the business is attacked. Even the smallest business must weigh its exposure, its key forms of data, and the controls it must enforce on that data.

This includes considering the unique controls that apply to equipment or processes that are specific to the company: for example, retail companies need to ensure their point-of-sale machines are secured and that any financial data they hold is properly protected against compromise.

This process also requires identifying sources of corporate cybersecurity knowledge, whether inside the business or from a trusted third party that can work closely with the company to implement the Best Practice Guide’s recommendations.

Fully 60 percent of respondents to a recent Forrester Research-Mimecast survey said they had worked with outside parties to build a business case for cloud email security, while 55 percent got support on their application migration and 47 percent relied on a third party to help with internal staff training.

Closing the email gap

The good news is that the cybersecurity industry has grown rapidly to provide a broad range of companies and tools to help small businesses protect themselves.

Cloud-based security solutions allow small companies to boost their cybersecurity resilience by accessing security service they would never normally be able to configure and manage – or, even, to afford.

Cloud email security solutions, in particular, are helping small businesses protect themselves from threats before those threats get anywhere near their employees’ computers or smartphones.

Even the smallest company relies on email today, and cloud solutions make it easy to route all email through filters that have proven extremely successful at detecting and blocking all kinds of malware threats. New threat protections are updated all the time, ensuring that small businesses are continuously protected from new attacks as soon as they’re discovered.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Cybersecurity vs. Cyber Resilience

What’s the difference between Cybersecur…

What’s the difference between Cybersecurity and Cyber Resili… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Jan 22, 2018

Cyber resilience: A foundation for digital transformation

Cyberattacks are inevitable. Close the c…

Cyberattacks are inevitable. Close the cyber resilience loop… Read More >

Alison O'Hare

by Alison O'Hare

Technical Director

Posted Dec 18, 2017

3 Tips for Expanding your Organization’s Advanced Security Strategy

With a leadership team in place and a s…

With a leadership team in place and a set of known and like… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017