Is your business protected against cyber crime?
Australian businesses are increasingly vulnerable to cyber attack and online scams – they're happening more frequently and resulting in higher financial losses.
In fact, cyber attacks don't just have short-term impact but can also cause reputational damage to your brand.
Common cybersecurity problems for businesses
Businesses often face cybersecurity problems such as:
- payment redirection and false billing scams
- viruses or malware (harmful software)
- data breach
- spyware and stalkerware
Payment redirection and false billing scams
A payment redirection scam (also called business email compromise) is where a scammer poses as another person (such as a supplier) to trick you into sending them money. This might be by changing the payment details on an existing account or sending a false invoice.
You can report these scams to ReportCyber or Scamwatch.
Viruses and malware
Viruses or malware (‘malicious’ or harmful software) affect the way your computer runs or corrupt your data. These can be spread by opening email attachments from people you don't know or through online scams.
A data breach happens when personal information is accessed or disclosed without authorisation or is lost.
Hackers may capture personal data if you're sharing information over a wireless internet network that isn't properly protected.
Spyware and stalkerware
Illegitimate spyware and stalkerware can collect and share information about you without your knowing about it or giving your permission. It can come from free software that you've downloaded to your device.
How to improve cybersecurity in your business
Here are some basic things you can do to improve cybersecurity in your business:
- Use an up-to-date virus scanner on all your computers.
- Make sure your wireless internet networks are password protected and secure.
- Use multi-factor authentication where possible.
- Treat every email with caution and don't open email attachments from sources you don't trust.
- Be careful downloading free applications from the internet.
- Keep software up to date, including your operating system. Many cyber attacks exploit vulnerabilities in older versions of your software or OS. Turning on automatic updates can make sure you're always on the most current versions.
Watch the following video to see Small Business Victoria workshop leader Tim Gentle give some basic cybersecurity tips and explains common types of cyber attack.
An introduction to cybersecurity for small business
Tim Gentle - Small Business Victoria Workshop Leader
[Vision: Tim Gentle walking past shopfronts]
Well G’day. It’s Tim Gentle, and we’re talking cybersecurity. So we’re going to start from the very top. Passwords. So, when you’re setting a password it’s important to have 8 to 10 characters. Now make sure those characters are lowercase and uppercase. Now I always try and have numerals as well, and if you can get special characters in there perfect. Now just say you have the word tree, well replace the e with a number 3.
Okay. What about devices our iPhones, our Android devices? It’s so important to put a lock on those. Now you can use your fingerprint, a password, or you can even use a pin code.
Okay. So, have you heard of Malware? It stands for malicious software. So why do people want to do malicious damage to your computer? Well, first of all they want your personal ID. It’s known as personal ID theft. They come on, they get your date of birth, a few photos, and a little bit of information about you.
Another thing they do is they do what’s called a Cybersquat. They actually sit on your computer and watch your keystrokes. So next time you’re logging in to your internet banking, bingo, they’ve grabbed that number.
Now malicious software can also be used for cyber attacks. So they sit on your computer, they get about 20,000 computers together, and then they automatically all target a website. Well anyway, malicious software, malware aside, you can do things to avoid it.
Now quite simply, if you get an email with a really suspicious attachment don’t open it. If you go to a website and the web address doesn’t look correct, or the wording just doesn’t seem to add up, then don’t use it. And, if you want to protect your computer, my biggest suggestion is to install some antivirus or malware protection.
All right. So you have an iPhone, you have an Android phone or a Windows phone, and you need to know whether or not you’re susceptible to an attack. Well let’s start from the top. If you’ve got a Windows machine then you have a medium chance of being attacked by malware or viruses. If you have an Android device you actually have a high risk of being attacked by malware. If you have an iPhone or say an iPad, then your chances of being hacked are a little bit lower. And if you’ve got a Mac computer then you have a risk of being attacked.
So let’s just wrap it all up. So the three big points I want you to take home is this. Install malware or virus protection. Make sure your password has 8 to 10 characters, is using uppercase and lowercase, numerals and special characters. And finally, ask questions. If you feel like something’s suspicious then don’t open it, seek some professional help.
So that’s cybersecurity. And you’ll learn more about being safe online at some of the other Small Business Victoria workshops. So check it out. I’m one of the workshop leaders. My name is Tim Gentle, and thanks for joining me. I’ll catch you soon.
[Victoria State Government - Authorised by the Victoria Government, Treasury Place, Melbourne - Spoken by Tim Gentle]
How to minimise the impact of a cyber attackPrepare your business to recover quickly from a cyber attack with these simple steps:
- Take regular copies of your important files and store them on a portable device, such as an external hard drive or USB.
- Keep the portable device somewhere safe and disconnected from your computer (do not keep a USB with backup files plugged into your computer).
- Regularly test that your backups are working and accessible from the portable device.
Report a cyber attack
If you’re the victim of a cyber attack or scam, you can report it to ReportCyber.
Report Cyber is the Australian Cyber Security Centre's (ACSC) secure service for reporting cybercrimes, including:
- identity theft
- business email compromise (BEC)
- attacks on computer systems
- illegal or prohibited online content
Where the ACSC believes a cybercrime has been committed, it will forward reports to law enforcement agencies and other government authorities for further investigation.
Report a data breach
Under the Notifiable data breaches scheme, organisations covered by the Privacy Act 1998 are obligated to report the data breach by informing:
- any individuals affected by the breach
- the Office of the Australian Information Commissioner (OAIC)
Organisations covered by the Privacy Act include individuals, sole traders, body corporates, partnerships, trusts or unincorporated associations with an annual turnover of more than $3 million.
More information on cybersecurity
Australian Cyber Security Centre
Get advice, news and information on the latest threats from the Australian Cyber Security Centre.
Business Victoria Hub
Find tips on cybersecurity for small businesses on the Business Victoria Hub:
- The essential small business guide to cybersecurity
- How to protect your business from business email compromise (BEC)
- Spyware and stalkerware: How to check and protect your business devices
- Why a simple update policy could save your business from cyber attacks
- Remote Access Scams: How can your business identify and avoid them?