Importance of business cyber security

Estimated reading time
 7 min

Key points

• Security software, such as Norton and McAfee, is designed to help protect your systems, servers, devices, and networks from cybercriminals and defend data, device users, and your business from cyber security risks.
  
  
• Developing risk assessment plans, training your staff on cyber security, and creating strong passwords are some steps you can take to bolster your business's cyber security.
  
  
• If you receive an alert on your anti-virus software, notice files have changed, or have slower-than-usual internet speed, take these signs seriously – a cybercriminal might have breached your system.

Technology and the internet play a significant role in daily business operations, from engaging audiences on social media to invoicing clients and operating an online store.

Having good cyber security software is an important step in helping to protect your business.

In a nutshell, security software is a program designed to help protect your devices, systems and networks from unauthorised access by cybercriminals. It aims to scan and detect anything malicious on your device or network, such as a computer virus that can damage your files. Security software can defend data, device users, your systems, and your business from many cyber security risks, such as device or system breaches.

While 80% of business owners consider cyber security important, almost half think their cyber security knowledge is average and use potentially unsafe practices. On top of that, around 73% of business owners have a low understanding of cyber security and say they need help to manage it.¹

Robust cyber security in the workplace starts with the basics – like having up-to-date software on your devices and installing anti-virus software. That’s why we’re covering some of the fundamentals of cyber security for your business so you can help protect your money, data, and reputation.

Why is cyber security important for your business?

Security software is one of the best lines of cyber defence for your business.

Security software, such as Norton and McAfee, can help protect your critical business data, including customer information, from cybercriminals. Installing security software on all your business devices and running regular scans can help protect you, your employees, customers, and business partners (including suppliers and stakeholders) from potential cyber threats.

Because many breaches relate to human error, training your employees in cyber security so that they can spot and protect themselves from scams is another way to bolster business security. For example, an employee might not recognise a phishing link and, believing it’s from someone they know, click on it, unknowingly installing malicious software on their work device. Or a staff member might action a request from a cybercriminal without realising it’s a scam.

The average cost of cybercrime to small businesses is around $46,000 (and $97,200 for medium businesses), which makes investing in cyber security – specifically security software and training – all the more important. It means your business can be more prepared when cyber threats occur, most likely saving you money in the long run.²

3 common business cyber threats

 1. Business email compromise

Business email compromise (BEC) is one of the most reported types of cybercrime for small business owners.³  This type of threat occurs when a criminal gains access to your email server. Once they are in, they may impersonate a trusted figure associated with the organisation, like your boss or a supplier. They may trick employees into doing something for them, such as sharing customer or sensitive information like credit card details.

The criminal can also intercept important emails and documents you might send, such as an invoice you've just emailed a customer. They can then alter it with their payment details, pretend to be you and send it to the client.

2. Phishing emails

Phishing emails occur when cybercriminals send an email with a malicious link (also called a phishing link). When the employee clicks on the link, it can take them to a fake website where they might be prompted to share personal or banking information. The fake website might also infect their device with malicious software.

This can leave your business vulnerable to other types of cybercrime, such as having a cybercriminal compromise your email server or being a victim of business fraud. Cybercriminals can send these phishing links to your employees by phone message or email. And they sometimes do it while impersonating the government, a bank, or another staff member.

For example, you might receive an email that looks like it’s from your bank. The message explains there’s been unusual activity in the business account and that you must click the link to verify your bank details. If you click on the link, you’re taken to a website similar to the one you usually use for online business banking. You follow the prompts and enter your login details. The cybercriminal now has your banking details and can transfer money from your business.

3. Malware

Malware is malicious software that can harm your business system and devices. It can spread across a network on its own or be unknowingly installed by clicking a link or downloading a corrupted file. There are different types of malwares to be aware of, such as ransomware (locking your files in exchange for money), Trojan (the malware is hidden in an attachment), and spyware (installing software that allows the criminal to spy on you).

For instance, you might receive an email with an attachment. You download the attachment to your work laptop, and it automatically installs malware to the device. You discover that your files are locked, and some are even deleted. With the malware on your device, the cybercriminal can steal customer data – such as a customer’s name, address, email, phone number or even payment details. They can then use this information for other types of scams.

How can you tell your business’ cyber security has been breached?

• Files and administration permissions have changed unexpectedly. For example, a document has been renamed or deleted, or an unknown user has been added as an administrator on a work device.
  
  
• There are issues logging into your accounts or devices, which means they might be compromised by a cybercriminal.
  
  
• Your network is running slower than usual, possibly indicating malware operating in the background.
  
  
• New software is installed unexpectedly, and no one knows where it originated.
  
  
• There’s an alert on your anti-virus software about potential threats on your devices – take these notifications seriously.
  
  
• An employee mentions an interaction with you that never happened, such as an email exchange about a payment transfer. This may indicate that an email impersonation scam has occurred.
  
  
• Unexpected changes to account settings or passwords for a device or account can indicate that a cybercriminal has accessed and compromised the account.
  
  
• It’s difficult to assess your own systems and data, which can indicate that someone has made changes to the device without your knowledge or that malware has been installed.
  
  
• You notice unauthorised transactions in your business bank account. This can be a sign that someone has your business banking details. Contact your bank immediately.

Tips to protect your business from cybercrime

• Develop risk assessments and incident response plans. Having a plan in place can help you and your employees identify any cyber security weaknesses in your networks and systems, such as having outdated software or not backing up your data. These plans can include strategies for employees to follow in response to a cyber security threat.
  
  
• Invest in and install anti-virus software and firewalls on all your business devices. Make sure you’re running regular scans or see if the software has an automatic scanning feature you can turn on.
  
  
• Turn on automatic updates on all devices to ensure you receive the latest security features when they are available.
  
  
• Ensure staff have strong, unique passwords or passphrases for all devices and accounts. While simple passwords like ‘Password1’ or ‘admin’ are easy to remember, they can increase the risk of being hacked. Make sure all passwords for your accounts are different. If you need help remembering them, use a password manager.
  
  
• Use a virtual private network (VPN) for your office. A VPN can help protect your employees by encrypting your internet traffic and hiding the IP address, which helps mask users’ identities and locations. This can make it harder for hackers to intercept or hijack your office Wi-Fi network.
  
  
• Train your staff on cybersecurity to ensure they know how to recognise the red flags of phishing emails and other types of scams, either through internal training or an accredited course.

What can you do if you think your business has experienced a breach or been scammed? 

• If you’ve shared financial information or transferred money, contact your bank immediately. If you’re an ANZ business customer, contact us immediately to report the fraud.
  
  
• If you have shared business credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.
  
  
• If you think your business has had a data breach, please follow the Australian Signals Directorate’s guidance. 

Who can you contact if you’ve been scammed?

• Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
  
  
• Help others by reporting to Scamwatch or to the Australian Signals Directorate’s Australian Cyber Security Centre’s ReportCyber.
  
  
• You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.
  
  
• Contact your bank immediately if you share personal or financial information.
  
  
• If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us