Small businesses lose $50k in cyber attacks

A small business owner said he has been forced to start again after his business lost $50,000 when his social media accounts were hacked.

Doglato owner Oscar Valejjo built up a successful business off the back of a social media following of thousands of customers that took years to amass.

But it only took one click for Mr Valejjo to lose access to the accounts after he responded to someone who was imitating his friend.

“Suddenly I realised I was blocked, everything was blocked. That is when I realised what happened,” he said.

“I was basically disconnected from my customers immediately, social media was the main platform where I engaged with them.

“I lost all engagement with my clients, I was doing a lot of sales through my Instagram into my website, sales were affected for sure.”

Mr Valejjo estimated the hack cost him around $50,000 in lost customer engagement and sales, not to mention the loss of data which meant he was unable to do targeted advertising.

“We had to start all over again and I did not actually get all the followers back that I had before,” he said.

“I lost about 40 per cent of my social media followers, and it is hard to get people to follow you, so imagine trying to get them to follow you again.”

Mr Valejjo said people needed to be aware that not everyone on social media had good intentions and that people were actively looking for weaknesses to swindle money from businesses.

After the scam, he sought help from cyber security experts to educate himself and his staff about how to avoid being scammed again.

Nearly 90 per cent of all scams reported by Commonwealth Bank’s business customers in the last financial year came from small businesses, according to data released by the bank. More than half of that went to investment scams.

CommBank executive general manager small business banking Rebecca Warren said their data showed small businesses lost about $30,000 on average to investment scams, which could have a devastating impact financially and emotionally.

Despite the risk, a new report on cyber attacks targeting NSW small and medium sized businesses found about 20 per cent of businesses planned to reduce their spending on cyber security this year.

The report released by Business NSW found the cost of doing business had forced more than one in five small businesses to cut back spending on cyber security.

The cutbacks are being made despite 94,000 reports of cybercrime in Australia in the last financial year, a 24 per cent increase from the previous year.

The report found 34 per cent of small businesses and 43 per cent of medium businesses surveyed experienced cyber incidents in the 12 months to August 2023.

While business system hacking was relatively rare, business accounts being hacked was more frequent.

About 46 per cent of small businesses and 68 per cent of medium businesses reported encountering online scams, with less than 10 per cent falling victim.

Business NSW chief executive officer Daniel Hunter said the figures were a wake-up call to both state and federal governments.

He called on the government to provide a 20 per cent deduction on cyber security expenditure so businesses could invest in the technology.

“Businesses dealing with ballooning insurance, energy and tax bills are alarmingly being forced to make the hard decision to cut spending on cyber security – a decision they should not be forced to make,” he said.

“As business overheads continue to rise, there is a risk more (small and medium businesses) will de-prioritise cyber security management.

“Yet the average small business, if targeted by cyber criminals, is losing almost $50,000 to cyber-attacks – and the problem is getting worse.

“Businesses have told us about the devastating impact on staff wellbeing.

“One staff member of a regional NSW bookkeeping business suffered a severe mental health impact as a result. These stories are all too common.”

Parramatta MP and special envoy for cyber security and digital resilience Andrew Charlton launched the SME Cyber Security Management report last week.

He said he knew the pressures of running a small business first-hand, and he could appreciate that every dollar counted.

“The good news is there are basic steps every small business could take to significantly reduce cyber risk, often at no or minimal cost,” Dr Charlton said.

“This includes using strong, unique passwords, enabling multi-factor authentication, and keeping software up to date.

“On top of that, the Government’s cyber programs and the $20.8 million Cyber Health Check offer support to help protect your business without adding to your financial strain.”