Staying safe online – advice for small businesses

When we think of online safety and the threat of illegal hacking we think of high profile cases like Sony’s recent troubles on the PlayStation network where thousands of customers’ credit card details were compromised, or blockbuster films where our hero has to fend off cybercriminals to save the day, deactivate that bomb and protect the innocent before he can ride off into the sunset with the girl of his dreams.

However, cybercrime is very real – in fact, it’s a multi-trillion dollar international enterprise and something that companies of all sizes need to take as a serious concern.

Criminal hackers see SMEs as an easy target

Small businesses are a high risk group for cybercrime as they are even more reliant on emerging online technologies which in turn makes them more susceptible to cyber-attacks.

Cyber criminals are not picky choosers and will go after any business that stores their data in an electronic format.  They don’t care that you’re not the biggest fish in the pond, they care about a quick scam.

The number of cases of small businesses affected by cybercrime is also increasing due to the fact that cyber criminals can hack into a small business a lot quicker compared to the many obstacles they would face targeting a major corporation with a well-structured security system.

Research by Verizon and the US Secret Service released figures in 2010 that showed cyber-attacks on companies with 100 or fewer employees in the US were at 761, 63% of the total cybercrime cases handled that year. That’s up from 141 attacks in 2009, when attacks on small businesses accounted for just 27% of cybercrime attacks.

The challenge for small business owners

Many small and medium enterprises (SMEs) have a limited budget and not many will have resource for a dedicated IT team, leaving them generally weaker than a larger business and a more attractive target for online crooks.

What’s more, a small business will feel the effects of a security breach so much more. Losing customer trust, a delay in delivering on business promises or the high cost of tightening up security will have a serious impact on the bottom line for a small business.

The weak link in the security chain

Whereas a large business will have strict HR policies about data protection, IT teams, security systems and staff training, a small businesses security policy is only as secure as the staff who apply it.

All it takes for a cyber criminal to access important information is to convince one not-so-tech-savvy staff member that they are providing tech support and need to access their systems and passwords. Sometimes just one weak link in the chain is all that’s needed.

Without proactive security systems in place, small businesses often don’t find out there is a problem until the damage has been done and the hackers have long since moved on to their next victim.

Even when systems are being monitored many ‘crackers’, a term for hackers who use their knowledge of hacking for illegal activity and personal gain, have a way of covering their tracks to make it look as though it’s business as usual. It’s the equivalent of that trick you see in the movies where the bad guys record mundane security footage and play it back through the system while robbing the bank.

A little less conversation, a little more action!

Big or small, businesses need to take online security seriously and the good news is that there are lots of steps small businesses can take to improve online security.

Management need to develop a culture of security where employees follow identity checks before revealing even the most harmless personal information about their colleagues, or admitting non-staff into office buildings, no matter how convincing their story may be.

IT staff, or the designated IT pro, should regularly change passwords, turn on firewalls, and keep antivirus software up to date to avoid exploitation of company systems.

Sensitive files should be encrypted and any files not frequently in use should be taken offline and placed in backup storage.

More tips for small businesses

If you’d like to read more advice on online safety for small businesses, check out our latest Online Safety Series fact sheet.

Picture credit


  1. Brian says:

    I agree with your comments, but when you see an advert for a rechargable scanner on tv displaying that you can use it to steal information form company files and individuals it makes you wonder about the mentality of the corporate world. If large business advertise that you should use their product to steal, why should you be concern about the small individual.

  2. Grey says:

    I object to your incorrect use of the term ‘hacker’.
    A hacker is a person who uses technology in ways it was not initially intended to be used. This is most often perfectly legal!

    A ‘cracker’ is a person who illegally accesses or hacks technology in ways that it was not intended to be allowed.

    While the latter may contain elements of the former the two terms are not the same and should not be confused. I am a hacker, and proud of it. I am not a cracker!

    I thought iiNet was proud of it’s ideology of bringing the technological world closer to the average Joe. People need to be able to understand the difference between the two terms and iiNet should not be obfuscating the terminology.

    • Louise Moran says:

      Hello there,

      Thanks for your comment. It’s a very fair point and I’ve amended references in the blog.


  3. Erin Tubb says:

    What is an SME??

  4. I’ve been browsing online more than three hours as of late, but I never found any attention-grabbing article like yours. It is pretty price enough for me. Personally, if all site owners and bloggers made good content material as you probably did, the web will be a lot more useful than ever before.

  5. Michelle says:

    I would also like to know what an SME is?

    • Louise Moran says:

      Hi Michelle, It’s Small or Medium Enterprise.

      We’ve changed the text to make that clearer.



  6. Jono says:

    SME = Small to Medium Enterprise.
    Usually measured in terms of profit, capital and staff, and varies wildly between industries. Think of a office or a few, with <100 staff. "with an annual turnover between $2 million and $250 million" ATO website