-
Key points
- The rise of cybercrime
- Create a PACT to fight cybercrime
- Pause before sharing information
- Activate two layers of security
- Call out suspicious messages
- Turn on automatic software updates
- Stay on top of the latest updates
Technology has transformed how we do business. It helps us work faster, collaborate seamlessly and work from anywhere. Yet this transformation is not without risk. In fact, the risk of cyber attack is growing.
As more businesses work and transact online, cybercriminals get more sophisticated. Stories of phishing, social engineering, ransomware, malware and more are hitting the headlines frequently and the attacks are proving costly. Between July 2021 – June 2022, the Australian Cyber Security Centre reported an increase in financial losses due to Business Email Compromise, (BEC) to over $98 million, with an average loss of $64,000 per report.
Given that cybercrime is not going away, every business large and small should be prepared for an attack. A simple way to boost your cybersecurity is to create a PACT to fight cybercrime.
Here are some simple steps that may help to protect your business, people and information.
Pause before sharing information
Think before sharing or accessing information, especially sensitive data. Consider who you are sharing your information with, and if it doesn’t feel right, don’t share it. Convey this message to your staff and help them understand what is sensitive.
Beware of scam emails and messages even if the message appears to come from someone you know.
Tips:
- Never provide security details, in response to any email – even if it looks legitimate – without contacting the sender through official contact points (e.g. published phone number) to verify the request
- Don’t click on any unexpected links even if it appears to come from a legitimate source
- If it doesn’t seem right, or is unexpected, question it – even if it appears to be from someone senior in your business. Use the contact details on the company’s official website to call and verify vendor or supplier requests.
- Hang up if you receive a suspicious phone call
Activate two layers of security
Passwords can help protect sensitive information and may help keep hackers out of your systems – but only if they are strong enough. Cybercriminals can easily crack passwords of seven or eight characters, even if they are a mix of numbers, special characters and upper and lower case letters.
The Australian Cyber Security Centre now recommends you use passphrases instead. Passphrases are long, complex, and unrelated words that are a lot harder to crack.
Although passwords or passphrases protect information, when used alone, they are not infallible.
Multi-factor authentication (MFA) is an essential security measure, and for good reason – it can make it much harder for cybercriminals to access your systems or accounts.
With MFA in place, you can only gain access to devices or business systems with two or more forms of identity. Typically, it uses a combination of something you know (like a PIN or secret question), something you have (like a card or token) and a part of you (such as a fingerprint or facial recognition).
Tips:
- Replace short passwords with longer, complex passphrases
- Use a different passphrase for every account
- Use a password manager to help you remember and save your passphrases
- Avoid using words or names (such as pet names, middle names, street names and date of birth) that can be easily found on social media profiles.
- Use a password manager to help you securely store and create strong and different passwords or passphrases across your accounts.
- Review all the devices and applications you use in your business and in your personal life, and schedule a time to set up MFA where it is available
- Read the Australian Cyber Security Centre’s guidelines for setting up Two-Factor Authentication on platforms like Microsoft, LinkedIn and Gmail. If the platforms you use aren’t on their list, a simple Google search should provide guidance around how to activate it.
Report suspicious messages
Human error is a key cause of cyberattack, so it pays to educate your staff. For example, an employee might click on a phishing link, download malicious software, share customer information with an unauthorised caller, or use a weak password or passphrase for entry into your business applications.
Cybercriminals prey on human vulnerabilities like these. That’s why it’s so important to educate your employees about your security strategies, policies and processes.
Tips:
- Report scams on the ACCC’s Scamwatch website.
- Share details of emails or SMS pretending to be ANZ to hoax@cybercrime.anz.com
- Take note of any malicious emails, suspicious phone calls or irregular activity occurring within your business.
- Take the time to set up MFA, passphrases and other security measures.
- Act fast and get help as soon as a cyber incident is suspected. For example, contact your bank immediately if you suspect your business accounts have been compromised.
Turn on automatic software updates
Security breaches almost always occur on out-of-date devices and software. If you don’t run the latest versions of operating systems, software and applications, you could expose yourself to more risk.
Automatically updating your operating systems and software to the latest versions – which come with better security – can help protect your business from exploitation of security vulnerabilities.
And don’t forget to back up! With ransomware and malware attacks on the rise, it’s more important than ever to regularly and automatically back up your data.
To provide more protection you can consider internet security software. Up-to-date security software can protect your computer from malware, like viruses, spam and spyware.
Tips:
- Enable automatic updates for all software from operating systems to antivirus programs; even on your phones
- Keep an eye out for when older devices and software reach end of support – at this point, the manufacturer or developer no longer supports updates, and your exposure to threats increases significantly
- Choose physical and digital backup systems that work for you
- Physically remove your storage device after each backup and store it somewhere safe
Stay on top of the latest updates
When it comes to cybersecurity, you can’t afford to sit still. As well as tackling the tips above, you should also consider completing the Australian Cyber Security Centre’s Cyber Security Assessment Tool, which will give you actionable recommendations to improve your security position.
Next steps
- Stay on top of cybercrime by reading our latest security alerts.
- Learn how to avoid cyber attacks and scams with our business fraud protection tips.
- Keep your business banking safe with ANZ Shield.
- Download the Small Business Cyber Security Guide (PDF 3.9MB).
- Download the Simplifying Cyber for Business Guide (PDF 1MB).
- Upload documents for your Business Banker securely using the ANZ Document Exchange service
Fraud protection.
Now it’s personal.
ANZ Falcon® technology monitors millions of transactions every day to help keep you safe from fraud.
Falcon® is a registered trademark of Fair Isaac Corporation.