Ways cyber-attacks can happen
Cybercriminals look for access to information and data on your business, employees and customers. They might do this by:
- theft or unauthorised access of hardware, computers and mobile devices
- infecting computers with malware (such as viruses, ransomware, and spyware)
- attacking your technology or website
- attacking third party systems
- spamming you with emails containing malware
- gaining access to your information through your employees or customers
How a cyber-attack could affect your business
A cyber-attack could cause you:
- financial loss – from theft of money, information, disruption to business
- business loss – damage to reputation, damage to other companies you rely on to do business
- costs – getting your affected systems up and running
- investment loss – time notifying the relevant authorities and institutions of the incident
What is at risk
Your money, information, technology and reputation could be at risk. This could include the destruction, exposure or corruption of the following:
- customer records and personal information
- email records
- financial records
- business plans
- new business ideas
- marketing plans
- product design
- patent applications
- employee records (which could include sensitive personal identifiable information such as their date of birth)
Types of online threats
Some common online threats to watch out for include:
- phishing – fake messages to trick you into giving out your private personal, commercial or financial details. They can even pretend to be from an organisation you trust, such as a large business or government agency.
- malware – malicious software most commonly used by criminals to steal your confidential information, hold your system or device to ransom or install damaging programs onto your device without your knowledge.
- ransomware – a type of malicious software that makes your computer or files unusable unless you pay a fee to unlock them.
Cyber security resources for small business
Need more help understanding the basics of cyber security for your business?
- The Australian Cyber Security Centre- external site (ACSC) leads the Australian Government’s efforts to improve cyber security. Their role is to help make Australia the safest place to connect online by providing advice and information about how to protect yourself and your business online. When there is a cyber security incident, the ACSC provides clear and timely advice to individuals, small to medium businesses, big businesses and critical infrastructure operators.
- See the Small Business Cyber Security Guide– an external site on the Australian Cyber Security Centre website.
- Find an Australian Small Business Advisory Services (ASBAS) provider for advice on a range of digital solutions including online security.
Cyber Security tips for working from home
It’s important to keep the below in mind when directing your staff to work from home:
WiFi: Make sure that the WiFi connection your staff are using is secured with a password and they are not using a public connection. This is because unsecured and public wifi are prime spots for hackers to spy on internet traffic and collect confidential information.
VPN access: Ensure you have secure VPN access to your network for employees, this helps protect the security of the employee’s devices and will include Unified Threat Management (UTM) protection.
Update: If employees are using their own devices, make sure they are up to date. Devices running old versions of their operating system can create a giant security gap as they are not running the latest version and may have known security flaws.
Passwords: Remind staff of good password policies, such as creating secure passwords and not using the same password for multiple accounts
Training: Continue or implement cyber security training with your staff to ensure they have the knowledge and skills to identify potential scams or fraudulent emails.