An open letter from small business to the Australian Treasurer: Cynch Security

Our third and final letter in the series, ‘An open letter from small business to the Treasurer’ is from Susie Jones, CEO of Cynch Security and Xero customer, who shares her thoughts on how providing government incentives for business owners to take action on their online security will also save money in the long run.  

Small businesses have been disproportionately impacted by the COVID-19 crisis. Data from Xero Small Business Insights tells us employment in small businesses across Australia was hit twice as hard as businesses overall.

As we turn our attention to the nation’s economic rebuild, all eyes will be on the upcoming Federal Budget on October 6. Will it recognise the integral role Australian’s small businesses will play in the road to recovery?

In this series, ‘An open letter from small business to the Treasurer’ – and its complementary Xero On Air episode – we call on small business owners to identify key areas of additional support that they believe could fuel small business health and growth.

An open letter to the Treasurer

Dear Treasurer,

A few years ago, I co-founded Melbourne-based computer security service, Cynch Security, to provide micro and small businesses with accessible cyber security solutions designed to reduce the risk of costly cyber attacks. 

So I was particularly pleased to see the announcement of Australia’s 2020 Cyber Security Strategy in early August – a $1.67 billion investment aimed to help mitigate cyber security threats within the community. 

But I believe Australian small businesses require more targeted assistance to combat the rapid rise of cyber attacks. 

While cyber criminals grow more ruthless every day, most Australian small businesses don’t have the time, funds or know-how to protect themselves against the increasingly sophisticated tactics deployed against them. Recent statistics from the Department of Home Affairs suggest two in five small to medium sized businesses in Australia don’t use multi-factor authentication, and 32 per cent do not make daily data backups. 

I believe that offering cyber security grants to small businesses would provide an adequate incentive for people to think more seriously about proactively managing the threat. 

COVID-19 fuelling cyber criminals

Now, more than ever, Australian small businesses of all shapes and sizes need specialist advice, support and training to safeguard their systems. 

Most of our clients operate in the accounting, law and finance industries – all professions that realise the devastating impact that data breaches can have on their business. However, COVID-19 has exposed new sectors to cyber security attacks. 

During the pandemic, healthcare professionals such as general practitioners, physiotherapists and psychologists adopted telehealth programs rapidly. We know that the quick adoption of new technology exposes businesses to new risks. 

Cyber criminals know this too, and they’ve wasted no time in attacking these industries that have had to adapt quickly due to COVID-19. This represents a perfect storm for many Australian small businesses, particularly those operating in healthcare.

Incentivising investment

Right now, spending money on a cyber security solution is a tough call for small business owners. We see this trend among our own clients, who are typically micro and small businesses that employ less than 50 people. With that demographic in mind, it’s unsurprising that we’ve seen a significant decrease in revenue since the onset of COVID-19.

As many Australian small businesses focus on keeping their business afloat, the risk of cyber attacks remain – and diversify just as fast as businesses do. Which is why I believe there is an incredible opportunity for the Federal Government to take the lead in safeguarding our cyber security at this time by promoting homegrown solutions.

Currently there is no government support for small businesses that want to be proactive and invest in cyber security solutions. Australia also lacks a formal accreditation scheme, making it difficult for small business owners to access the services of local cyber security providers. 

I believe that any funds spent on protecting small businesses represents a wise investment.
A grant as small as $1,000 would help small business owners to secure their enterprises against potentially devastating breaches such as ransomware attacks – a common method cyber criminals use to extract thousands of dollars from unsuspecting victims.

Providing incentives for business owners to take action on their online security will also save money in the long run: $1,000 spent today could save twenty times as much (or more) tomorrow. In fact, according to the Targeting Scams report compiled by The Australian Competition & Consumer Commission (ACCC), businesses in Australia lost $132 million to scams last year alone. 

Meanwhile, a national accreditation scheme for cyber security providers would ensure that business owners could easily access advice and support from qualified, certified cyber security professionals operating in Australia. 

Spotlight on security

Ideally, we’d love to see small business owners take a similar approach to their cyber security as they do their finances. 

Typically, as a small business grows, owners seek additional support to manage their finances by outsourcing operations to bookkeepers and accountants. In the same way, cyber security specialists can provide affordable, accessible solutions as a business evolves. 

When it comes to our online security, prevention is far better (and less costly) than a cure. After all, if a small business owner doesn’t sort out their security, it will undoubtedly affect their finances. 

Offering grants and implementing an accreditation scheme would help small business owners prevent what often amounts to a very costly and stressful cure.

With COVID-19 exposing a whole new range of Australian small businesses to cyber-criminal activity, we need the Federal Government to put small business cyber security in the spotlight, where it belongs.  

Regards, 

Susie Jones & the team from Cynch Security