One year after a series of high-profile data breaches, almost three-quarters of Australian SMBs (72%) are more concerned about threats to the safety and security of their online details and financial data, PayPal 2023 Online Security Research found.

Beginning in September 2022, several major data breaches impacted almost half of the population (47%) within the space of four months. With three quarters (76%) of those affected saying the breaches caused harm, three quarters of Australian consumers (74%) say they are more concerned about their online safety than they were a year ago. Almost two-in-five Australians (37%) have abandoned online purchases due to security concerns, or because their preferred payment option was not available at checkout.

The top areas of increased concern for Australian small businesses revealed by the research are scams becoming more sophisticated (53%), the safety and security of business data held by other organisations (43%), and cyber criminals impersonating suppliers, vendors and service providers (41%). Businesses also have heightened fears about their business bank account becoming compromised (41%), the cost and complexity of staying ahead of cyber criminals (40%), and credit card and customer fraud (40%).

PayPal research shows that this concern is leading to action, with 85% of SMBs having taken at least one step to increase their digital security, including backing up data and implementing a data recovery process (50%), encouraging employees to treat calls, emails and texts with more suspicion (48%), and enabling two-factor authentication or other controls for employee access to systems (38%).

However, only one third of SMBs have enabled fraud protection for their e-commerce sites (34%) or introduced or increased employee security training (34%) and just 32% use encryption for important information.

Cybersecurity is an essential investment no matter how small your business is. The threat to businesses posed by scams, hackers and cyber criminals is likely to remain an unwelcome feature of the commercial landscape for the foreseeable future. And it’s not only big enterprises that are at risk. Small businesses are just as vulnerable, if not more so.

While cyber criminals may not seek the same level of impact or notoriety by breaching small businesses, they are still targeting them for funds and data. That’s why protecting yourself and your small business should be a top priority.

Simple steps like applying regular software security patches and keeping your software up-to-date , using latest anti-virus software, using strong password, turning on multi-factor authentication, training your staff, and doing frequent back-ups can make your business a tougher target.

Steps small businesses can take to strengthen online security

  1. Educate your team about cyber security best practices. This includes training employees to create strong password, spot phishing emails, and how to report suspicious emails and/or activity to the right channels.
  2. Keep your platforms and software up to date. Make sure all employees are running the latest versions of software and operating system and install and regularly update business-grade anti-malware and anti-spyware software. This helps to prevent attacks that exploit vulnerabilities in outdated software programs.
  3. Enable Multi-Factor Authentication (MFA) wherever possible. This adds an extra layer of security by requiring users to provide multiple forms of verification before they can access their account, restricted resourcers and/or confidential information.
  4. Enable a fraud protection solution for your ecommerce site. Use secure payments systems that offer encryption, fraud detection technology and other security measures to protect sensitive data.
  5. Ensure employees connect to secure Wi-Fi networks only on all business devices. Hackers can use unsecured Wi-Fi networks to tap into devices and steal information. You can do this by installing a firewall, setting access restrictions and guest permissions, and creating a secure password for your wireless network.
  6. Avoid the use of shared accounts between employees and ensure that access to staff is removed once they don’t have a legitimate reason to maintain access (e.g. they have left the organisation).
  7. Perform automated regular backups that can assist you to recover information in case your system is compromised.
  8. Put together a plan to respond to a cyber security incident that is easy-to-follow and test it regularly. Having an incident response plan in place that is tested in a regular basis will help you respond faster, manage and minimise the risk that could be caused by a successful attack.

Daniela Fernandez is head of information security at PayPal.