Managing cyber security in your business

Is your business protected against cybercrime?

The average cost of cybercrime to a business in Australia is around $276,000. According to the Australian Cyber Security Centre, Victoria has 25 percent of the country's victims of cybercrime.

Watch the video to see Small Business Victoria workshop leader Tim Gentle give an introduction to cyber security and common types of cyber attack.

An introduction to cyber-security for small business

An introduction to cyber-security for small business

Tim Gentle - Small Business Victoria Workshop Leader

[Vision:  Tim Gentle walking past shopfronts]

Well G’day. It’s Tim Gentle, and we’re talking cyber security. So we’re going to start from the very top. Passwords. So, when you’re setting a password it’s important to have 8 to 10 characters. Now make sure those characters are lowercase and uppercase. Now I always try and have numerals as well, and if you can get special characters in there perfect. Now just say you have the word tree, well replace the e with a number 3.

Okay. What about devices our iPhones, our Android devices? It’s so important to put a lock on those. Now you can use your fingerprint, a password, or you can even use a pin code.

Okay. So, have you heard of Malware?  It stands for malicious software. So why do people want to do malicious damage to your computer? Well, first of all they want your personal ID. It’s known as personal ID theft. They come on, they get your date of birth, a few photos, and a little bit of information about you.

Another thing they do is they do what’s called a Cybersquat. They actually sit on your computer and watch your keystrokes. So next time you’re logging in to your internet banking, bingo, they’ve grabbed that number.

Now malicious software can also be used for cyber attacks. So they sit on your computer, they get about 20,000 computers together, and then they automatically all target a website. Well anyway, malicious software, malware aside, you can do things to avoid it.

Now quite simply, if you get an email with a really suspicious attachment don’t open it.  If you go to a website and the web address doesn’t look correct, or the wording just doesn’t seem to add up, then don’t use it. And, if you want to protect your computer, my biggest suggestion is to install some antivirus or malware protection.

All right. So you have an iPhone, you have an Android phone or a Windows phone, and you need to know whether or not you’re susceptible to an attack.  Well let’s start from the top. If you’ve got a Windows machine then you have a medium chance of being attacked by malware or viruses. If you have an Android device you actually have a high risk of being attacked by malware.  If you have an iPhone or say an iPad, then your chances of being hacked are a little bit lower. And if you’ve got a Mac computer then you have a risk of being attacked.

So let’s just wrap it all up. So the three big points I want you to take home is this. Install malware or virus protection. Make sure your password has 8 to 10 characters, is using uppercase and lowercase, numerals and special characters. And finally, ask questions.  If you feel like something’s suspicious then don’t open it, seek some professional help.

So that’s cyber security. And you’ll learn more about being safe online at some of the other Small Business Victoria workshops. So check it out. I’m one of the workshop leaders.  My name is Tim Gentle, and thanks for joining me. I’ll catch you soon.

[Victoria State Government - Authorised by the Victoria Government, Treasury Place, Melbourne - Spoken by Tim Gentle]

Examples of cyber security problems

Cyber security problems you might encounter in your business include:

  • viruses or malicious software (more commonly referred to as Malware) that affect the way your computer runs or corrupts your data – these can be spread by opening email attachments from people you don't know or through online scams
  • hackers capturing personal data if you're sharing information over a wireless internet network that isn't properly protected
  • free software you've downloaded that collects and shares information about you without your knowing about it, or giving your permission.

How can I improve cyber security in my business?

There are some basic things you can do to improve cyber security in your business:

  • Use an up-to-date virus scanner on all your computers.
  • Make sure your wireless internet networks are password protected and secure.
  • Don't open email attachments from sources you don't trust.
  • Be very careful about free applications you download from the internet
  • Keep software up to date, including your operating system. May cyber attacks, such as BlueKeep, exploit vulnerabilities in older versions of your software or OS. Turning on automatic updates can make sure you're always on the most current versions.

How can I minimise the impact of a cyber-attack?

Prepare your business to recover quickly from a cyber-attack with these simple steps:
  • take regular copies of your important files and store them on a portable device, such as an external hard drive or USB
  • keep the portable device somewhere safe and disconnected from your computer (i.e. do not keep a USB with backup files plugged in to your computer)
  • regularly test that your backups are working and accessible from the portable device.

Report data breaches

A data breach happens when personal information is accessed or disclosed without authorisation or is lost.

Under the Notifiable Data Breaches scheme, any organisation covered by the Privacy Act 1998 must inform any individuals affected by the breech as well as the Office of the Australian Information Commissioner (OAIC).

Learn more about your reporting obligations

Cyber security resources

For more detailed information about improving cyber security in your business, check out these resources:

Australian Cyber Security Centre

Get the latest advice, news and threats from the Australian Cyber Security Centre.

Report an attack

The Australian Cyber Security Centre's (ACSC) ReportCyber facility provides a secure service for reporting cybercrime such as:

  • malware
  • hacking
  • scams
  • fraud
  • identity theft
  • business email compromise (BEC)
  • attacks on computer systems
  • illegal or prohibited online content.

Where ACSC believes a cybercrime has been committed, it will forward reports to law enforcement agencies and other government authorities for further investigation.

Report an attack

Small Business Victoria Workshops

Small Business Victoria offers workshops on all aspects of business including how to build your digital skills. Browse available workshops via the link.

Browse Small Business Victoria Workshops

Other Courses

Want to acquire a formal qualification on cyber security for your business?

Small home businesses can take Introduction to Cyber Security for the Home User through Victoria University Polytechnic.

Medium and large enterprises are offered the cyber security course Cyber for Directors through the Australian Institute of Company Directors.