Cybercrime – Are you protected?

Cybercrime in a small business can have devastating impacts. It’s important to be aware of what cybercrime is and what you can do to protect your business. Unfortunately cyber security incidents happen every day on individuals, small business & large companies. Most business owners are busy….too busy and lacking the resources to dedicate to cyber security. There are however some simple measures that all businesses can put in place to prevent common cyber security incidents.

What are cyber threats?

The most common types of cybercrime threats include;

  • Malicious Software (Malware)
    • Malware is a term for malicious software, designed to cause harm. It includes ransomware, viruses, spyware, and Trojans.
    • Malware provides criminals with a way to access important information such as bank or credit card numbers and passwords.
    • Malware can also allow criminals to take control of your computer and access data to commit fraud, identity theft, and steal sensitive or intellectual property.
    • Malware creators can be anywhere in the world. All they need is a computer, IT skills, and malicious intent. Unfortunately, these criminals go after the most vulnerable.
  • Scam Messages (Phishing)
    • These are dodgy messages, emails, or calls designed to trick recipients out of money and data. Criminals will often use email, social media, phone calls, or text messages to try to scam Australian businesses. You need to be careful as these criminals might pretend to be an individual or an Organisation that you know and trust. What these messages will try to trick you to do includes;
      • Paying fraudulent emails or changing payment details for legitimate invoices.
      • Revealing bank account details, passwords, and credit card numbers.
      • Provide remote access to Computers.
      • Open attachments that may contain malware.
    • Be cautious of urgent requests for money, changes to bank accounts, unexpected attachments, and being required to confirm login details.
    • Ensure your staff are aware as they too may be targeted.
  • Ransomware
    • Ransomware is a type of malware that locks down your computer or files until a ransom is paid.
    • Ransomware works by locking up or encrypting your files so that you can no longer access them and sometimes even stops your devices from working.
    • Don’t ever pay a ransom as doing so does not guarantee a victim’s files will be restored and it increases the likelihood of being targeted again.

Software Considerations to prevent cybercrime

Managing your software, data and online accounts can drastically increase your business’ protection from the most common types of cyber threats. Following are some tips for consideration.

  • Protect your operating system
    • Your operating system is the most important piece of software on your computer. It manages all of your hardware and programs therefore needs to be updated regularly. If you don’t know how to do this, speak to your IT consultant.
    • Keep your software up to date on servers, computers, and mobile devices.
    • Set up automatic updates where possible.
    • Regularly check for updates if automatic updates are not available.
    • Ensure your anti-virus is reputable and automatic updates are turned on.
    • Ensure you have a digital copy or backup of your business’s most important information. This can be saved to an external storage device or to the cloud.
    • If using an external device, ensure it is disconnected after each backup so that it remains secure if you experience a cyber attack. Test your backups regularly by attempting to restore the data.
  • Use Multi-Factor Authentication (MFA)
    • MFA is a security system that is now often required for many software applications. It means you need to provide not one, but two or more proof of identity checks to be able to access applications. Some forms of MFA include;
      • a physical token
      • a random pin
      • a fingerprint or facial recognition
      • an Authenticator application
      • email or SMS.

People and procedures – protection from cybercrime

Your internal team is one of the most important lines of defence in protecting your business from cyber security threats. A lot of small business don’t have dedicated internal IT staff so you need to ensure your people are trained on how to prevent, recognise, and report cybercrime incidents.

  • Ensure you manage who can access what in your business’ computing ecosystem.
    • You can set up access control to limit access to certain areas of your business and sensitive data. Doing this can help to protect sensitive data and ensure it is not accidentally shared.
    • Decide who has access to certain files, access permitted to external providers, and restrict who has access to Social Media. This will reduce potential damage if any accounts, devices, or systems are compromised.
    • Setting up user access allows you to easily revoke access to systems and data if an employee changes roles or leaves the business.
    • Set up Passphrases if MFA is unavailable. A passphrase uses 4 or more random works as your password. For example, stone carrot water cheese. Passphrases are hard for cybercriminals to crack but easy for you to remember. Make your passphrase long, don’t use famous phrases quotes or lyrics, and do not reuse the passphrase on multiple accounts.
    • Educate – train your people to protect them and your business.
    • Set up a cyber security incident response plan to guide your business and team in the event of a cyber incident. This will ensure you have a plan in place and understand what critical devices and processes you will need to respond to and recover.
    • Ensure you have internal systems in place for checking supplier bank details. When you are alerted to a supplier’s changed bank details, make a phone call to the Organisation to check rather than responding by email as you could actually be responding to the cyber-criminal.

At the end of the day, cybercrime is here and it’s important for you to take steps to ensure your business is secure. If you haven’t already, perhaps it’s time to speak with your insurance provider to see how you can protect yourself against cybercrime. The information above has been compiled from the Small Business Cyber Security Guide. You can download the full document HERE. For more information, you can also go to the ACSC website. You can also learn about the different types of scams around, how to report them or how to get help HERE.

As always, we are here to help. Contact us today.

Leave a Reply

Your email address will not be published. Required fields are marked *