The organisers of the recent IT&T Empowering Small Business: Cyber Security Awareness event (2 May) were surprised that so many business owners had made it to Novotel Wollongong in North Wollongong on this particularly rainy and dark Thursday.

“We thought that a few of you might turn out with the bad weather out there,” said business support at IT&T, Anne Reeve. 

It was quite the contrary. There was almost 100 people (96 to be exact).

Although, perhaps that’s no wonder with news about cyber security and -crimes making headlines almost daily. Who can forget about Medibank and Optus being victims of high-profile cyber attacks in 2022?

In April of this year, the City of Sydney had data from several public institutions posted online. Now in May, a Sydney man was arrested over an alleged data breach impacting at least 17 licensed clubs in NSW and the ACT, ABC News reported. 

“The cyberhackers are starting to go for the low-hanging fruit, that’s small and medium-sized businesses,” said Partner Technology Strategist at Microsoft, Philip Meyer. 

Meyer was one of the night’s three speakers, along with Andrew Bremner of SherpaTech and Peter Eldon of Access4 Telecommunications.

Among the most common cybercrimes affecting small-to medium-sized businesses are: email compromise, fraud compromise and bank fraud. In 2023, the Australian Cyber Security Centre revealed that, on average, a cybercrime report is made every six minutes. 

That is rather terrifying statistics, to put it mildly. But the idea behind tonight’s event is not to alarm business owners but rather to inform them how they can protect their businesses, but how they can utilise artificial intelligence (AI) without putting their data in danger; and to be aware of the implications of the new Privacy Act 2022.

Helen Hasan runs a small non-for-profit, Living Connected, and has a few clients living in Kiama. “A little bit of information is always useful,” she said. “For us protecting older people, it’s important. Balancing between not scaring them, and making them aware.”

She’s known about AI for a long while after attending university in the 1960’s. The first AI program was actually written in 1967, according to Meyer. 

ChatGTP launched in November 2022. But for all its wonderful features, Meyer cautioned against using it for work-based queries.

“It’s great for mysterious travel planning and writing poems for my wife,” he said. “But please, don’t use it for work. All the data that you put in there becomes everyone’s data.”

Meyer also recommended that business owners, with a staff of less than 300 people and who are PC-users, get Microsoft 365 Business Premium, as it includes several security features in addition to products such as Word and Teams.

Bremner is an insurance specialist for tech and IT with SherpaTech. 

“Are you seeing what I’m seeing?” he asked the room. “That is, increasing technical complexity, cyber threats and a tougher regulatory environment.”

It’s not said to dampen the mood but rather to ensure that small business owners are across how they will be affected by Privacy Act 2022. The review of the act saw 116 recommendations, some have been fast-forwarded and some are waiting to be passed, he noted.

In summary, “there’ll be three big builders,” Bremner outlined. “Lowering the dollar amount (which means that businesses with an annual turnover of less than $3 million will need to comply with the Act); fines and penalties (the maximum penalty that can now be applied for a serious or repeated breach will be increased from $2.5 million to the greater of: 1) $50 million, 2) three times the value of any benefit contained, and 3) 30 percent of the company's adjusted turnover in relevant period; and the reporting time threshold. Previously, if you had a material breach, you had to notify the regulator within 30 days - now, it’s 72 hours."