While cyber attacks on large corporations, like the recent ransomware attack on the Waikato DHB, make the headlines, smaller businesses are also in the sights of hackers.

Almost a quarter of New Zealand’s SMEs – which represent 97 percent of New Zealand businesses – have been a victim of a cyberattack or malicious activity according to new research from MYOB.

The attacks are not only impacting businesses but also taking their toll on employees and customers.

42 percent of SMEs who had experienced a cyber-attack said their private files were accessed and 30% revealed that their customer or client data was made available on the dark web.  

“Being a victim of a cyberattack can be incredibly scary, particularly if private documents get accessed or personal threats are made,” says Krissy Sadler-Bridge MYOB Senior Sales Manager SME. 

“Even beyond the impact to an SMEs’ business and customers, going through these experiences can also affect the wellbeing of employees involved.”

Of those SMEs who have been targeted, nearly half (49%) said they had experienced a phishing attack, 44% had been targeted with malware, and a quarter had experienced a ransomware attack.

The attacks are occurring despite most SMEs having some sort of online protection.

Nearly three quarters of those polled said they have anti-virus protection, 60% said they have firewalls in place in their business, and more than a third have two-factor authentication. 

The weak-spot appears to lie in the lack of staff training, with just 27% of SMEs having had specific staff training to protect the business and themselves from scammers or online phishing.

“Learning how to be cyber-safe and how to identify red flags should become regular, essential training for business owners and all employers,” says Sadler-Bridge. 

“Starting with the basics, such as creating unique passwords, backing up data and ensuring the business has two-factor authentication is important, but understanding what to look out for as different types of cyber-attacks evolve, is key.”

Actively monitoring for cyber security threats also isn’t happening as often as it could be.

“As scammers and hackers are becoming increasingly sophisticated, regular training on new cybercrime techniques could be key to keeping them at bay. There are a number of specialists that operate programs where the training sees them target a business with fake scams or phishing attacks, to see if employees can identify malicious activity and understand how they would respond. Running through real-world scenarios might seem intimidating, but they can really help identify strengths and weaknesses in an organisations’ response.

“Regularly reviewing the business’s cyber security protection is essential to spotting any gaps in the software, or important updates or bug-fixes that the program may have released. As SMEs are in control of a lot of private information, continuously monitoring and testing safety measures will help ensure they are getting the best possible coverage,” says Sadler-Bridge.