Welcome to Cybersecurity Awareness Month, a time to remind ourselves of the steps we can take to prevent an unwelcome cyber event that can be highly damaging to small and family-owned businesses.
The many activities over October remind us that we are not on our own in tackling the scourge and threat posed by cyber criminals.
Help is available, and there are simple and important steps we need to take ourselves to maximise protection.
Just like we wouldn't leave our business premises empty overnight with the doors open, lights left on and our security system deactivated, we need to bring this same mindset and culture to our online business environment and embrace cyber safeguards.
This awareness month needs to be Small Business Cyber Security Action Month, where we take practical steps to protect ourselves and our businesses online, and secure our devices and accounts from cyber threats.
Being aware of cyber threats and risks to your business is good, but taking action is what is truly necessary.
When small and family businesses invest in digital and cyber-related business solutions, team training and a say-no-to-cyber-threats culture, they are starting, updating or re-evaluating protections to keep their business cyber secure and digital safe. And this makes good business sense.
The average self-reported cost of a cybercrime on a small business is $49,600, according to the most recent figures released by the Australian Cyber Security Centre (ACSC).
It can also have longer-term financial and business survival consequences, as businesses seek to recover vital business systems and information, invest in improved security measures to prevent future attacks, and possibly pay more for and focus on mitigating customer harm and regaining their confidence. For too many small businesses, a cyberattack is an enterprise-ending event.
It's not just the monetary cost, which in itself is a devastating blow for small businesses that often have little to no cash reserves.
There is lost time in dealing with the incident and fallout, either to stem the loss or to deal with the aftermath of a cyber incident, with businesses losing, on average, 21 days of time and lost productivity.
This time is often spent reestablishing or setting up cybersecurity protections, setting up new business accounts, cancelling cards linked to the hacked business, and the heartbreak of informing customers of any closure period when they can't operate.
Many small businesses that operate on thin margins are simply in no position to absorb and ride out a cyber attack. For too many small businesses, a cyber incident is an enterprise-ending event or the last straw.
It's an absolute kick in the guts for small businesses when struck by cybercriminals. Beyond Blue's NASBO program, which offers free coaching support for small business owners' mental wellness, has identified that cyber is a real and recurring stressor, on top of the already heavy responsibility that comes with small business ownership.
Thankfully, small business owners are not on their own. There are many useful resources out there that can help.
The government-backed Cyber Wardens program is a free online cybersecurity course.
The Australian Cyber Security Centre's Small Business Hub has a wealth of useful resources and information on how to keep your small business secure from common cyber threats.
Free support through IDCARE's Small Business Cyber Resilience Service provides tailored, person-to-person support for small businesses to improve their cybersecurity and recover from a cyber incident.
You can also learn more about protecting your small business on our website.
For small business owners and their employees, having a cyber threat awareness mindset and culture is important, as human error is a key vulnerability and contributing factor to a significant proportion of incidents.
According to the ACSC, phishing attacks and email scams are among the most common threats, often through email, text messages, phone calls and social media.
Over the past 12 months, ASBFEO case managers have provided one-to-one assistance for 76 hacking and cyber incidents. Trust your spidey senses when they tell you a link or message looks a bit dodgy.
The Digital Lives of Australians report by auDA, the Australian organisation responsible for administering the .au domain, shows how vital the internet is to Australians and small businesses, and we as a nation have adapted to technological change and rising cyber threats.
It states that four in five Australians (83 per cent) believe cybercriminals are getting more sophisticated, and staying ahead of cybercrime is a difficult yet crucial task. A little more than half (51 per cent) of small businesses say they can't operate without the internet, and about four in five (81 per cent) believe cyber security skills are important for their business today or in the future.
Worryingly, the report captures what I read as a more fatalistic attitude, where small business cybersecurity concerns have increased but do not lead to heightened practices.
Only around one-in-five small businesses have formalised their cybersecurity processes, and just 18 per cent report that they audit their cybersecurity practices on a regular basis.
The report found that virus protection software remained the highest priority for cybersecurity spend for small businesses.
Cyber threats are a risk, but small businesses deepening their digital engagement present delicious possibilities.
Being cyber secure and embracing digital opportunities and transformation can be key to small business success, efficiency, profitability and future prospects.
The recently released State of Small Business Report 2025 by COSBOA and Square Australia found that 85 per cent of small businesses use at least one digital tool, with common tools being accounting software, followed by cloud storage, social media and digital marketing tools.
Digital payments are increasingly attractive, with this report stating that 76 per cent of surveyed businesses said the majority of their transactions were cashless.
Digital and contactless payments can improve cash flow and income consistency, but also need to be accompanied by cybersecurity measures.
AI-powered tools are also in use, with 39 per cent of businesses reporting they use it for tasks such as marketing content generation, social media automation and customer analytics. Cyber safety needs to be part of any AI deployment plan.
Unsurprisingly, the report also states that small businesses are calling for technical training, industry-specific guidance and implementation support, with our own ASBFEO Small Business Pulse identifying a strong preference for one-on-one and in-person coaching.
Importantly, since May 30 this year, businesses with an annual turnover of more than $3 million have an obligation to report when they make a ransomware or cyber extortion payment, or are aware that a payment was made.
This reporting will provide crucial insights to improve Australia's overall ability to withstand cyber threats.
Cyber threats are real. Taking sensible, doable steps to better protect your small business also opens up the opportunities available to small businesses through deepening their digital engagement.
Taking cybersecurity action today makes sense on so many levels.