David Webb, owner of Brisbane-based technology company WINBASIC, has been helping small and medium-sized businesses bolster their cybersecurity since 1996. Over the years, David has seen firsthand how vulnerable small business owners can be to cyberattacks.
“Cyber attackers prey on busy people,” David explains.
“Small business owners are often stretched thin, and that’s when they’re most exposed.”
His experience with clients has shown that the lack of awareness around cybersecurity is a major issue.
“We’ve seen cases where staff click on phishing links, and with high access levels, ransomware can lock down entire systems.”
David acknowledges a growing willingness among small businesses to invest in cybersecurity, but many are still hesitant to take the first step. A key challenge, according to David, is that business owners often view cybersecurity as too complex or costly.
“People put it in the ‘too hard’ basket,” he says, “but it doesn’t have to be. Simple measures like using strong passwords and enabling multifactor authentication can go a long way, and they don’t have to break the bank.”
Despite the growing risk of cyberattacks, awareness and cost remain significant barriers for many small businesses.
“Business owners ask, ‘Do I really need this? Is it worth the investment?’ They simply don’t have the awareness around cybersecurity and what they can do to protect themselves,” David says.
David highlights that valuable resources exist, such as those from ACSC and ASD, but they’re not being promoted enough.
“The information is out there, but it’s not reaching businesses effectively.”
NAB Head of Small Business (WA and SA), James Tarrant, said the issue of cyber security is a critical part of the daily conversation bankers are having with their customers.
“Every time we talk to our customers, we’re actively reminding them to be vigilant and to take any steps necessary to protect themselves.
“These conversations are also the perfect opportunity to remind them that we will never do things such as send links via text,” says James.
To bridge this gap, David suggests that policies incentivising good cybersecurity practices would make a real difference.
“We have grants for setting up websites, but nothing to help businesses implement cybersecurity. Offering tax offsets for companies that invest in cyber protection would be a game-changer.”
David’s call to action is clear: as cyber threats continue to rise, businesses need to step up their defences, and more government support could drive a significant shift in the right direction.