Ransomware attacks have caused wide-scale mayhem during May and June, immobilising computers across the world. And Australia wasn’t immune to the threat: a number of businesses without proper data backup plans found themselves unable to access their own files and held to ransom.
While the targets of the WannaCry and NotPetya (or Goldeneye) attacks were primarily large corporations and major institutions with highly valuable data, small business – in fact, anyone using the internet – is not beyond the reach of cyber attacks. There is a multitude of code-nasties out there ready to bring financial and reputational disaster to a small business.
What’s the danger?
Cyber-threats can exist under a number of guises. Denial of service attacks overload systems – for example, by flooding a website with more requests than it can handle. This kind of attack was reportedly behind the failure of the Australian Bureau of Statistics’ site during Census night 2016.
Software viruses, worms, ransomware and Trojan horse attacks can also lock users out of their own systems, take control of networks, hack websites, steal data and even destroy hardware.
These attacks are designed to infiltrate computers, websites or networks through their weak spots. The Goldeneye attack in late June 2017 was particularly distressing, because it could have been avoided with an available software patch – it exploited a known vulnerability in Microsoft software, and the problems mostly affected organisations that had delayed installing the fix.
As Australian businesses embrace all that the digital marketplace can offer, particularly e-commerce, protecting systems, customer and financial data and intellectual property is critical. However, Minter Ellison’s 2017 report Perspectives on Cyber Risks has revealed that, despite the last 12 months bringing “some of the most devastating incidents yet”, Australian companies are not doing enough to ensure their own data protection and the cyber resilience of their supplies.
What’s at stake?
For smaller businesses there is a great deal to lose if you or your suppliers are attacked. Some of the top risks are:
- damage to reputation: if your customers or suppliers are given cause for concern about the security of your business systems, it can be difficult to win their trust back, ultimately leading to loss of revenue;
- penalties: fines and again, adverse publicity, can hit you hard if the privacy laws are breached because private or commercially sensitive customer or supplier data is leaked or stolen;
- loss of trade: having your business systems out of action, even for a day, can be costly; and
- negative customer experiences: customers can be sympathetic about cyber-attacks, but if they need to go to a competitor for a service or product, they will.
Even if your own systems haven’t been directly affected, you can still be impacted by attacks that hit other companies or organisations linked to your business.
The recent ransomware attacks hit courier services, legal practices and food suppliers, creating negative flow-on effect for many other, smaller entities.
What should you do?
So, how can you protect your business? We’re not IT experts, but we recommend you enlist the services of a professional to secure your data and test your cyber-security measures. For small businesses and sole traders, maintaining security could be as simple as installing firewalls and anti-virus software, backing up your data to a safe place not connected to the network, automating software updates or upgrading old operating systems and software.
We’ve focused on the financial loss risks of cyber-attacks so far; so how about some good news? Outlaying your business with up-to-date hardware and software and bolstering your systems come with some financial incentives, too! For example:
- asset costs: the costs of some business assets can be claimed as a tax deduction in full in the year of purchase, and others can be depreciated over a number of years under the simpler depreciation rules for small businesses.
- commercial website costs: the ATO’s Tax Ruling 2016/3, released in December 2016, has enabled businesses to claim website maintenance and modification costs. You can talk to us about assessing whether your website-related costs are deductible.
The new financial year brings a number of small business tax incentives. Get in touch with us to find out how you can maximise your deductions and enjoy cyber and financial security.