Academic journal article Trends & Issues in Crime and Criminal Justice

Computer Security Threats Faced by Small Businesses in Australia

Academic journal article Trends & Issues in Crime and Criminal Justice

Computer Security Threats Faced by Small Businesses in Australia

Article excerpt

In this paper, an overview is provided of computer security threats faced by small businesses. Having identified the threats, the implications for small business owners are described, along with countermeasures that can be adopted to prevent incidents from occurring. The results of the Australian Business Assessment of Computer User Security (ABACUS) survey, commissioned by the Australian Institute of Criminology (AIC), are drawn upon to identify key risks (Challice 2009; Richards 2009). Additional emerging threats relating to wireless internet, cloud computing and spear phishing are also outlined, as well as the risks relating to online fraud.

The small business sector is important to Australia; comprising the largest part of the business sector, they are a key employer and contributor to the economy. As at June 2010, small businesses (defined as having less than 20 employees) made up 95.6 percent of Australian businesses (ABS 2010). The majority (62.7%) of small businesses were sole operators, employing no staff; 25.3 percent employed one to four staff and 1 1 .9 percent employed five to 19 staff (ABS 2010). As at June 2009, small businesses employed 48 percent of private sector staff (DIISR 201 1). The Department of Innovation, Industry, Science and Research (201 1) estimated that in 2008-09, small businesses contributed approximately 34 percent of private industry value to the economy.

Having an online presence enables small businesses to expand the reach of their products and services to a wider range of potential consumers. A 2010 Australian survey, which included 1 ,436 small business respondents, found that 96 percent owned a computer, 94 percent were connected to the internet, 60 percent had a website, 43 percent took orders for products and services online and 53 percent received payments online (Sensis Pty Ltd 2010). Some small businesses conduct the majority of their trade online, with 19 percent of businesses with up to four staff reporting that more than half of their total goods and services income in 2007-08 came from online business; this figure was 10.3 percent for businesses with five to 19 employees (ABS 2009).

The ABACUS survey

The ABACUS survey was comprised of a random sample of small, medium and large businesses. Businesses were surveyed to examine the nature and extent of computer security incidents. Of the 4,000 respondents to the survey, 3,290 (82.3%) were small businesses. Compared with their proportion in the Australian business population, small businesses were under-sampled. However, the survey was weighted according to industry type and business size so that the data provided by each participant was proportionate in relation to the broader population being sampled. Challice (2009) provides an overview of the research methodology.

Results of the survey were congruent with previous findings, confirming that small businesses in Australia have embraced the use of technology, with 92 percent using it to some extent during 2006-07 (Richards 2009). Most small businesses reported the use of personal computers (85%) and laptops (54%). Presumably due to smaller staffing levels, fewer small businesses reported the use of a local area network (43%), wide area network (9%) or virtual private network (1 0%) than medium and large businesses (Richards 2009).

During 2006-07, 14 percent of small businesses reported having experienced one or more computer security incidents (Richards 2009). Of these, 83 percent experienced one to five incidents, eight percent experienced six to 1 0 incidents and nine percent experienced more than 10 incidents. Negative outcomes were reported by 75 percent of small businesses following the most significant computer security incident. These included:

* corruption of hardware or software (42%);

* corruption or loss of data (31 %);

* unavailability of sen/ice (38%);

* non-critical operational losses (24%);

* non-critical financial losses (12%);

* critical financial losses (5%);

* theft of business, confidential or proprietary information (5%);

* theft or loss of hardware (4%);

* harm to reputation (4%);

* critical operational losses (4%);

* website defacement (2%); and

* other (1%; Richards 2009: 69). …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.