Cyber criminals are preying on people’s financial and emotional stress during the coronavirus pandemic and are luring them to make mistakes they might not otherwise make.
Some of the criminals’ biggest targets are businesses that have recently moved online or have ramped up their digital offerings, further pressing the need for an effective cyber security system.
We recognise that for many small or medium-sized businesses, cyber security can be overwhelming. There’s a lot of conflicting advice and a lot to learn. So let us help you with that. Larger enterprises will also benefit from these reminders of best practice because no business can afford downtime resulting from a cyber attack.
Integrate it into the business
The first line of defence is to make cyber security an integral part of your business from the outset. The IT professionals should be at the planning table from the beginning and cyber security needs to be as important a consideration as other essentials such as payroll and inventory.
It also needs to be a fully comprehensive system that is integrated into every step of operations – from hardware and assets to software, supply chains and business relationships.
Brendan Hopper, General Manager of the CommBank Cyber Security Applied Research Centre, says it’s fundamentally important – and also much less expensive – to set up cyber security protections when a business first transitions online or digitises processes.
“It’s important to think about it not just from a technology perspective, but also processes. Do you keep offline copies? Do you have backups? Are you ready for cyber threats, scams and fraud? Have you trained your staff? Are they aware what to look for?” asks Hopper.
“There’s a thought that ‘it won’t happen to me’ but what we’re seeing is cyber criminals are good at targeting the businesses who haven’t got the basic controls in place.”
Three basic controls
- The first of three basic controls Hopper suggests is multi-factor authentication. Email accounts should be protected by a password plus a second code which is sent to another device.
“We see cyber criminals guessing and stealing people’s passwords through phishing attacks and then watching how a business operates – often for months – before picking an opportune time to perform a fraud,” he says.
He stresses that people should never share or reuse their passwords. A May 2020 survey by password manager Lastpass found that 69% of Australians surveyed recycle their passwords across multiple online services. [i]Passphrases, instead of passwords, are now highly recommended. Because they are longer than a password and should not be a commonly used phrase, they are harder to crack in a brute force attack (automated software that uses multiple combinations to guess passwords).
2. The second basic control is your backup system. Hopper says one of the top threats this year is ransomware. Hackers install the malicious software onto your network or trick an employee into doing so. They then demand a ransom to unlock your files or to stop the release of the data they’ve stolen.
Hopper says paying the ransom is not recommended because it allows the hackers to strike again. “So having backups you can recover your business from that aren’t necessarily online are becoming crucially important.”
3. The third basic control is educating staff. A large portion of attacks start with tricking an employee into doing something and it’s very hard for people to identify a scam unless they’ve been educated on the current threats. It’s important to keep staff training up to date because threats change daily, and there have been many coronavirus-related scams that have so far cost Australians $1,371,000.[ii]
Tools and resources at your fingertips
CommBank shares its cyber security and privacy knowledge with our larger clients at events, webinars and through tailored information resources. To learn more, contact the Cyber Outreach team via email: firstname.lastname@example.org.
Our small- and medium-sized customers can access our free cyber security training platform which includes tailored eLearning modules. You’ll find all these resources on our Business cyber security hub.
Also, you can stay up to date with a high-level view of cyber security trends, including analysis of critical security events and shifts in the legal and regulatory landscape by subscribing to our Signals report here.