Warning to Aussie small businesses – have you been caught up in the Optus breach?

- September 29, 2022 3 MIN READ
Data breach warning showing on laptop and phone

As the ramifications of the 22 September Optus cyber breach continue to unfold, Australian small businesses are being urged to boost their cybersecurity to mitigate the risk of hackers accessing their systems and information.

Australian small businesses are being warned they’ve been left exposed after Optus hackers accessed the personal information of up to 10 million Australians in what the telco are calling a ‘sophisticated’ cyber-attack.

The attack, targeting customer data from both current and past customers as far back as 2017, is being investigated by the Australian Federal Police.

The compromised information includes customers’ identity details such as full names, dates of birth, phone numbers and email addresses. Some customers may also have had their home addresses and government ID stolen, such as passports, Medicare, and driver’s licence numbers.

Dangers of a cyber breach for small business

“This is very serious and has the potential to create a business email compromise storm,” says Phil Parisis, General Manager of Products at My Business, Australia’s largest small business organisation.

“Business email compromise (BEC) is when hackers gain unauthorised access to or impersonate an email account to intercept private communications. Criminals are then able to intercept financial transactions such as invoices or scam other organisations out of money and goods,” says Mr Parisis.

“I would estimate more than 60 per cent of small business owners are using the same email or password for their Optus account as they do for other critical business systems,” he says. “Not to mention employees using the same password that’s been breached, or suppliers and clients.”

security screen as man logs in on phone and laptop devices

According to the Australian Cyber Security Commission, business email compromise cost $81.45 million during 2020-2021.

The latest data from the Australian Small Business and Family Enterprise Ombudsman shows more than 60 per cent of Australian small to medium-sized businesses don’t survive a cyber-attack.

“We often hear from small businesses that ‘I’m just a retailer, a designer; why would anybody target me?'” says Mr Parisis. “The reality is that cyber criminals don’t necessarily target you. Mostly you become an accidental victim of a large, broad scale attack such as what’s happened to Optus.”

“It’s also a good reminder for SMEs to look at their own cybersecurity because if it can happen to a huge company like Optus imagine how easily it can happen to them,” he says.

6 tips to avoid a cyber breach

Mr Parisis offers six tips to small businesses who believe their data has been compromised:

  • 1. Create a human firewall

Building a human firewall or educating yourself and employees is the most effective way of preventing a cyber-attack.

  • 2. Password protection

It’s important that passwords are not easy to guess. All businesses should consider a password manager or multi-factor authentication, with passwords regularly updated.

  • 3. Limit exposures

Logging on to public Wi-Fi is one of the easiest ways to get hacked; hot-spotting to a secure account is a safer option. Likewise, be careful with cheap imitation cables, and upgrade your systems regularly.

  • 4. Be prepared

Have a back-up account ready and know how to access it. Know what will be required to get your account back – have that information ready before the attack happens.

  • 5. Pay for an expert

The government is now offering cyber protection insurance to small businesses. This significantly reduces the financial impact of a cyber-attack and can help a business recover faster.

  • 6. Update business policies and procedures

Ensure your business processes are up to date to protect, prevent and recover from any suspicious behaviour.

“Small business is big business for cyber criminals,” says Mr Parisis. “Cyber criminals are savvy, they know that by taking on larger organisations they can then branch out and hit smaller businesses too, who knowingly have less resources, time and budget to protect themselves.”

“But this should act as a warning to Australian small businesses – if it can happen to a huge organisation like Optus with all the firewalls at their disposal – imagine how easily it can happen to smaller companies.”

If you suspect you’ve been hacked, support is available via IDCare. You can also report cyber crimes, including identity theft, through the Australian Government’s CyberReport page.

This article first appeared on Kochie’s Business Builders, read the original here.

Join the soloist movement. Whether you are new to Flying Solo or looking to grow your business, our membership options will help you attract more leads, grow your network and sharpen your business skills.  Sign up to our newsletter to get the latest news and advice straight to your inbox.

Now read this: 

How to protect your home network from hackers: Security is easier than you think!

Here’s why you need to upgrade your Flying Solo membership pronto!

  • Share your business journey in an exclusive member profile
  • Get free lifetime access to our Going It Alone digital course
  • Participate in members-only events and experiences
  • Boost your business’ visibility with a Directory listing

$149.95 + GST
Billed annually
  • Andrew Caska

    Caska IP Patent Attorneys

    'Flying Solo opened up so many doors for us - I honestly don't know where I'd be without it"