In 2002, an ABS survey showed that 82% of Australian Businesses used computers. Fast forward to 2014 and the results are undoubtedly much higher than this. Add to that the number of organisations who have an internet connection (91.2% in 2010/11) and those with an internet presence (43.1% in 2010/2011) and the numbers start to crystallise before your very eyes.
Information security is a real threat and with so many businesses relying on computers, the internet and websites, the threats multiply. These threats can come in different forms, from internal negligence through to malware, and online fraud through to phishing scams. All of them create a real danger for businesses and their information.
According to a 2011 Cost of a Data Breach Survey, 32% of data breaches from Australian companies spawned from individual negligence and the average data breach cost the organisation on average $2.16 million per breach.
For smaller business, the average loss may not be as high, $2,431 (reported by Richards 2009), however many of the incidents can prove to be fatal for the business. While this may not sound like a lot dollar wise, chances are that any data breach resulting from negligence or otherwise, was not planned for in an annual budget. The event can prove to very expensive especially if it occurs more than once.
Small businesses in particular may not have the skillset within their organisation to identify and deal with such issues. They are particularly prone to online offenders, especially when there are so many ways they can access the information: online fraud, malware infection, phishing, spear phishing, cloud computing risks, unauthorised access, session hijacking and more.
Businesses operating in 2014 should take measures to protect themselves against attack as information security issues can affect an organisation’s reputation not to mention loss of time and money.
So the bottom line is that yes, you should be concerned about information security, particularly security of information that is vital to the smooth running of the organisation.
In response to the above findings, we have decided to devote a number of articles over the coming months to the issue of information security for small business- in particular covering what the primary risks are, where to start with prevention and what role standards play, if any, in protecting your information from a cyber attack. We look forward to your comments.