As we increasingly use the internet to do business, it's important to make sure you have effective cyber security in place to protect your business from cyber-attacks.
Cyber security is about protecting your technology and information from:
- accidental or illegal access
You need to protect any digital information that your business creates and stores, plus any information you collect from your customers. Providing a secure system is critical to protect your business from cybercrime and build and maintain customer trust in your business.
To be effective, you need to make cyber security a part of your daily business processes.
Who could be a cyber threat
Cyber criminals may be an individual or a group of people. Threats to your technology or data might come from:
- criminals – out for money or information, to illegally access your hardware and data, or to disrupt your business
- clients you do business with – to compromise your information
- business competitors – looking to gain an advantage over your business
- current or former employees – who accidentally or intentionally compromise your information
Ways cyber-attacks can happen
Cyber criminals look for access to information and data on your business, employees and customers. They might do this by:
- theft or unauthorised access of hardware, computers and mobile devices
- infecting computers with malware (such as viruses, ransomware, and spyware)
- attacking your technology or website
- attacking third party systems
- spamming you with emails containing malware
- gaining access to your information through your employees or customers
How a cyber-attack could affect your business
A cyber-attack could cause you:
- financial loss – from theft of money, information, disruption to business
- business loss – damage to reputation, damage to other companies you rely on to do business
- costs – getting your affected systems up and running
- investment loss – time notifying the relevant authorities and institutions of the incident
What is at risk
Your money, information, technology and reputation could be at risk. This could include the destruction, exposure or corruption of the following:
- customer records and personal information
- email records
- financial records
- business plans
- new business ideas
- marketing plans
- intellectual property
- product design
- patent applications
- employee records (which could include sensitive personal identifiable information such as their date of birth)
Types of online threats
Some common online threats to watch out for include:
- phishing – fake messages to trick you into giving out your private personal, commercial or financial details. They can even pretend to be from an organisation you trust, such as a large business or government agency.
- malware - malicious software most commonly used by criminals to steal your confidential information, hold your system or device to ransom or install damaging programs onto your device without your knowledge.
- ransomware – a type of malicious software that makes your computer or files unusable unless you pay a fee to unlock them.
Online scams can pretend to be from organisations, businesses or even individuals you trust to trick you into giving the scammers your money or your personal details to can steal your identity.
Some common online scams to watch out for as a business include:
Coronavirus (COVID-19) scams
Unfortunately, scammers are taking advantage of COVID-19 to exploit and play on the fears of businesses and consumers across Australia. It is very difficult at times to know what communication is official. Cybercriminals are using websites, emails and text messages that claim to provide official information about COVID-19, but are attempts to get your personal or business information.
Scammers are impersonating a range of official Australian and international organisations such as the Department of Health and the World Health Organisation, other government authorities and legitimate businesses including:
- financial institutions
- travel agents
- telecommunications companies
Tax time scams
Tax time is a popular period for scammers to target businesses. Stay one step ahead by being aware of these scams. The Australian Taxation Office (ATO) will not email you and ask for your bank details or tax file number (TFN).
Watch out for scams targeting small businesses. Read about common scamming methods on the ATO website. If you get an email, call or SMS from the ATO that asks for personal information or offers a tax refund, report it to the ATO and Scamwatch.
Invoice email scam
This involves scammers pretending to be legitimate suppliers advising you about changes to payment details. You may not realise until your business receives complaints from suppliers that your payments didn’t occur.
Be aware of potential scamming and have checks in place to ensure you pay the right suppliers. Before paying, ensure the supplier verifies all major invoices using contact details you already have on record.
Cyber security resources for small business
Need more help understanding the basics of cyber security for your business?
- The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security. Their role is to help make Australia the safest place to connect online by providing advice and information about how to protect yourself and your business online. When there is a cyber security incident, the ACSC provides clear and timely advice to individuals, small to medium business, big business and critical infrastructure operators.
- See the Small Business Cyber Security Guide on the Australian Cyber Security Centre website.
- Find an Australian Small Business Advisory Services (ASBAS) provider for advice on a range of digital solutions including online security.
For more information visit www.business.gov.au