Business owners should re-evaluate the digital tools in their holster to ensure they have confidence in their cyber-security.
Australia’s first generation of digital natives are among the least aware of common cyber security threats such as identity theft and ransomware, according to a new survey of more than 2000 small business owners and employees by the Council of Small Business Organisations Australia’s Cyber Wardens program.
The survey findings signal a warning for small business owners who regularly rely on younger family members or employees to manage their technology and business social media.
Four in five Australian small business owners and employees are not confident in their ability to prepare for, fight and recover from a cyberthreat.
The survey, which examined generational approaches to cyber security, found two-thirds (67%) of Australian small business owners believe tech-savviness equates to cyber safety skills. While Gen Z employees – those born after1997 – may have grown up with TikTok and Minecraft, the research suggests our first generation of digital natives are among the least cyber safe, lacking the awareness and key competencies of cyber security compared to their older colleagues.
The safest pair of hands in the small business community appear to be GenXers and upper Millennials in their 30s, who are the most likely to take cyber security seriously. Despite the lower awareness of incoming threats compared to their older counterparts, Gen Z rate their skills to prepare for, fight and respond to cyberthreats as on par to all other generations, suggesting inflated levels of confidence.
In good news, Gen Z is the generation most keen to learn more and help build a culture of cyber safety, with one in two Gen Z employees (55%) interested in participating in the Cyber Wardens program.
The Cyber Wardens program, developed in partnership with the CommonwealthBank (CBA) and Telstra will be rolled out this year to help safeguard Australia’s 2.3 million small businesses and lock the digital front doors of businesses across the country.
“A good first step is taking stock of who is responsible for your business’ cyber protection,” COSBOA Chairman Matthew Addison said. “Don’t just assume your kids or younger employees are the safest pair of hands when it comes to online activity.”
Ransomware remains a risk and the best defence is to be prepared for attacks and the aftereffects, according to Rob Di Pietro, Cybersecurity and Digital Trust Leader at PwC Australia.
“While the aim of the game remains the same, the modus operandi of ransomware criminals (and cyber criminals more generally) continues to shift. They have realised that when it comes to effort, less is more,” he says.
“As recent high-profile attacks have shown, data is the real prize. Why go to the hassle of encrypting systems if you can grab the data and run, then extort the victim? When a cyber criminal has the names, addresses, passport numbers and health details of millions of customers, the existential threat posed to an organisation is much greater than the inconvenience and revenue loss caused by locked up systems.”
Dan Bognar, Group VP and GM APAJ of DocuSign says, “From the Optus data breach to a cyber attack-related national emergency in Costa Rica, 2022 has elevated cyber security out of just a technology team issue and into a priority issue for businesses leaders. The State of Ransomware in Australia report revealed that 80% of Australian respondents were impacted by ransomware in the last year. It’s no wonder, considering 97% of sole traders have adopted a DIY approach to cyber security.”
“It’s imperative for business owners to invest in their online security. With a range of staff information and client data at risk, a DIY approach is no longer an option. The ACSC Small Business Cyber Security Guide is a helpful tool for businesses to understand what threats they have to look out for, and how best to protect themselves.”
“From regularly backing up your data to a secure platform, installing multi-factor authorisation, protecting access with identity solutions like DocuSign’s ID verification for example, and keeping your software up to date so as to reduce the chance of a cybercriminal using a known weakness, there are a whole range of simple and effective ways to reduce your risk of a cyber-attack,” says Bognar.
“In 2023 business owners should re-evaluate the digital tools in their holster to ensure they have confidence in their cyber-security for the sake of their clients, employees and reputation.”