How secure is your business against cybercrime?

It pays to know about cybercrime and how it can impact your business

As busy business owners, we understand that you have a lot on your plate and cyber protection may not be top of mind. However, when it comes to protecting your business against cybercrime, it’s a task that you should take seriously. Every day individuals, large companies, and small businesses are seriously affected by cyber security breaches. To put it bluntly, a cyber security incident in a small business can be devastating. It can have a much bigger impact than you think.

So, what can you do?

You as a small business owner can play a part to help stamp out large amounts of cyber crime.

How?

By becoming aware of common cybercrimes and doing what you can within your business to protect yourself. A bit of invested time now may prevent you or your business from becoming a statistic.

During the 2021-22 Financial Year the Australian Cyber Security Centre (ACSC) observed:

• An increase in financial losses due to Business Email Compromise (BEC) to over $98 million.
• A rise in the average cost per cybercrime report to over $39,000 for small business, $88,000 for medium business, and over $62,000 for large business.
• A 25 per cent increase in the number of publicly reported software vulnerabilities
• Over 76,000 cybercrime reports
• A cybercrime report every 7 minutes on average (compared to every 8 minutes last financial year).
• Over 25,000 calls to the Cyber Security Hotline (an increase of 15 per cent from the previous financial year).
• 150,000 to 200,000 Small Office/Home Office routers in Australian homes and small businesses vulnerable to compromise
• Fraud, online shopping and online banking were the top reported cybercrime types, accounting for 54 per cent of all reports.

Source:  ACSC Annual Cyber Threat Report 2021-22 | Cyber.gov.au

What are the most common cyber threats?

The Fake Invoice Scam or Phishing

Let’s start with arguably the most popular phishing template out there: the fake invoice technique! Phishing emails are used by cybercriminals and are created to look like official messages, mimicking phrasing, and logos from well-known organisations. Like many phishing attacks, this scam relies on fear and urgency, pressuring an end user to submit a payment for goods or services they’ve never even ordered or received.

To verify if an email or message is legitimate, find a source you can trust. Visit the official website or call the advertised phone number. Do not use the contact details provided in the email or message, as these could be fraudulent also!

Business Email Compromise

Email account compromise, or email account takeover, is a related threat that is increasing in an era of cloud-based infrastructure. These scams are difficult to detect and prevent. They can leave businesses vulnerable to other types of attacks, potentially compromising systems with businesses experiencing significant financial loss and/or loss of personal information.

Ransomware

Ransomware attacks are typically conducted via malicious – but legitimate-looking – email links or attachments in which an attacker seizes the user’s data, folders, or entire device until a ‘ransom’ fee is paid.

These cybercrime examples are the tip of the iceberg. There are many more which you can keep abreast of via Scamwatch.

What should organisations do?

The ACSC recommends the following:

For larger organisations: implement the ACSC’s Essential Eight mitigation strategies, Strategies to Mitigate Cyber Security Incidents and the Information Security Manual.

For smaller organisations: follow the ACSC’s advice for ransomware, Business Email Compromise and other threats.