The digital habits that make small business a target for cybercrime

In 2022, a Tasmanian business lost $73,000 before it was later retrieved by police, and a similar scenario reported in 2021 resulted in a businesses owner retrieving $40,000 of stolen money.

New research has identified five ways small businesses can guard themselves against attacks.

The research is from the Cyber Wardens program, a national initiative of the Council of Small Business Organisations of Australia (COSBOA).

Their research found 82 percent of small businesses were re-using passwords, 78 per cent were sharing passwords between colleagues and 73 per cent were using short passwords.

After the recent "credential stuffing" scam, where stolen passwords were used to hack into customer data from the country's biggest brands, Cyber Wardens is urging small businesses to be on the alert for bad practices.

"It's hard to remain vigilant, so this is a reminder on how to avoid slipping into bad habits and instead build good habits that improve your business culture of simple cyber security," COSBOA chief Luke Achterstraat said.

One in four (27 percent) small businesses put their computers in 'sleep mode' rather than shutting them down, increasing the risk of out-of-date software giving access to cyber criminals.

When you shut down your computers, automatic software updates are installed that can help protect against a cyber break-in.

Passwords are your first line of defence but one in four (26 per cent) reuse the same passwords across multiple systems and platforms.

About 16 per cent of small businesses also use short passwords, making them easier to crack.

Change your passwords, including for your company email, financial services, business files and any accounts storing your payment details and save them in a secure password manager.

More than one in five (21 per cent) small businesses are deleting suspicious emails they think could be scams without alerting IT or the head of their business.

Sharing suspected scams with the right people helps to ensure the senders can be investigated and blocked, and that other staff can be warned about these attempts.

You can also report scams to the National Anti-Scam Centre - Scamwatch - or the company being impersonated, such as your bank or phone company.

One in five (20 per cent) small businesses share passwords between team members.

When each team member has their own unique login, it means that if one staff member's password is compromised, multiple accounts aren't compromised.

One in five (18 per cent) of small businesses are 'snoozing' software updates.

It is hard to action software updates when you're busy, but making updates a priority means you will deliver important bug and security fixes as soon as they become available.

Hackers use these security weaknesses to attack your systems, so the sooner you action updates, the sooner you'll be protected.