Cyber-crime incidents have evolved over the last few years to take advantage of transforming communication technologies, consumer behaviours and working arrangements.

Payment redirection scams were the most financially damaging for Australian businesses in 2020 according to the ACCC’s Targeting scams report, and with a new cyber-crime reported to the Australian cyber security centre every 8 minutes, the threat to both businesses and individuals is real.

A cyber security incident that impacts a small business can be devastating. Luckily cyber security doesn’t need to be difficult and there are some simple measures that can be implemented to help avoid or reduce the impact on a business.

ScotPac’s IT expert, Michael Taylor, provides these 5 top tips all businesses should implement to help protect themselves and their business;

  1. Use Multi-Factor Authentication (MFA) wherever possible. MFA is an electronic authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, website or online account. MFA makes it much harder for attackers to steal your information by impersonating you. It’s way more secure than just a password that an attacker can guess.

 

  1. Use strong passwords, and never re-use passwords between different systems/websites. Even better, use a password manager Passwords provide the first line of defence against unauthorised access to your system and personal information. The stronger your password, the more protected you will be. If an attacker gets your password to one system, they will often use it to guess your password to other systems. A password manager lets you lock all your passwords in a safe location so you don’t need to remember dozens of different passwords.

 

  1. Always confirm a request to change banking details via a phone call. Attackers will often impersonate companies you owe money to and send fake emails with incorrect banking details. You should always confirm any changes by calling the sender to verify.

 

  1. Never open attachments or link in emails unless you know the sender and are expecting the email. About 80% of successful security attacks start with a phishing email. Never assume that an email from a known sender is safe; their emails may have been compromised by an attacker.

 

  1. Ensure ALL your staff are aware of all of the above. It only takes one click on a phishing email or one poor password to allow an attacker into your systems where they can steal information and money or hold your data to ransom. An educated workforce is your best defence against cyber attacks.

You can also find useful information and guides at Australian Cyber Security Centre (ACSC’s) website here .
Scam Watch can also help keep you informed of current scams and statistics.