Cyber criminals are preying on people’s financial and emotional stress during the coronavirus pandemic and are luring them to make mistakes they might not otherwise make.  

Some of the criminals’ biggest targets are businesses that have recently moved online or have ramped up their digital offerings, further pressing the need for an effective cyber security system.

We recognise that for many small or medium-sized businesses, cyber security can be overwhelming. There’s a lot of conflicting advice and a lot to learn. So let us help you with that. Larger enterprises will also benefit from these reminders of best practice because no business can afford downtime resulting from a cyber attack.

Integrate it into the business

The first line of defence is to make cyber security an integral part of your business from the outset. The IT professionals should be at the planning table from the beginning and cyber security needs to be as important a consideration as other essentials such as payroll and inventory.

It also needs to be a fully comprehensive system that is integrated into every step of operations – from hardware and assets to software, supply chains and business relationships.

Brendan Hopper, General Manager of the CommBank Cyber Security Applied Research Centre, says it’s fundamentally important – and also much less expensive – to set up cyber security protections when a business first transitions online or digitises processes.

“It’s important to think about it not just from a technology perspective, but also processes. Do you keep offline copies? Do you have backups? Are you ready for cyber threats, scams and fraud? Have you trained your staff? Are they aware what to look for?” asks Hopper.

“There’s a thought that ‘it won’t happen to me’ but what we’re seeing is cyber criminals are good at targeting the businesses who haven’t got the basic controls in place.”

Three basic controls

  1. The first of three basic controls Hopper suggests is multi-factor authentication. Email accounts should be protected by a password plus a second code which is sent to another device.
“We see cyber criminals guessing and stealing people’s passwords through phishing attacks and then watching how a business operates – often for months – before picking an opportune time to perform a fraud,” he says.

He stresses that people should never share or reuse their passwords. A May 2020 survey by password manager Lastpass found that 69% of Australians surveyed recycle their passwords across multiple online services. [i]Passphrases, instead of passwords, are now highly recommended. Because they are longer than a password and should not be a commonly used phrase, they are harder to crack in a brute force attack (automated software that uses multiple combinations to guess passwords).

2. The second basic control is your backup system. Hopper says one of the top threats this year is ransomware. Hackers install the malicious software onto your network or trick an employee into doing so. They then demand a ransom to unlock your files or to stop the release of the data they’ve stolen.

Hopper says paying the ransom is not recommended because it allows the hackers to strike again. “So having backups you can recover your business from that aren’t necessarily online are becoming crucially important.”

3. The third basic control is educating staff. A large portion of attacks start with tricking an employee into doing something and it’s very hard for people to identify a scam unless they’ve been educated on the current threats. It’s important to keep staff training up to date because threats change daily, and there have been many coronavirus-related scams that have so far cost Australians $1,371,000.[ii]

Tools and resources at your fingertips

CommBank shares its cyber security and privacy knowledge with our larger clients at events, webinars and through tailored information resources. To learn more, contact the Cyber Outreach team via email: cyber-outreach@cba.com.au.

Our small- and medium-sized customers can access our free cyber security training platform which includes tailored eLearning modules. You’ll find all these resources on our Business cyber security hub.

Also, you can stay up to date with a high-level view of cyber security trends, including analysis of critical security events and shifts in the legal and regulatory landscape by subscribing to our Signals report here.

[i] https://blog.lastpass.com/2020/05/new-report-how-are-australians-treating-passwords.html

[ii] https://www.scamwatch.gov.au/types-of-scams/current-covid-19-coronavirus-scams

Things you should know

Important information: This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. You should consider seeking independent financial advice before making any decision based on this information. The information in this article and any opinions, conclusions or recommendations are reasonably held or made, based on the information available at the time of its publication but no representation or warranty, either expressed or implied, is made or provided as to the accuracy, reliability or completeness of any statement made in this article . Commonwealth Bank of Australia ABN 48 123 123 124. AFSL and Australian Credit Licence 234945.

The links within this article will bring you to a third party website, owned and operated by an independent party over which CBA has no control ("3rd Party Website"). Any link you make to or from the 3rd Party Website will be at your own risk. Any use of the 3rd Party Website will be subject to and any information you provide will be governed by the terms of the 3rd Party Website, including those relating to confidentiality, data privacy and security.

Unless otherwise expressly agreed in writing, CBA and its affiliates (collectively "CBA") are not in any way associated with the owner or operator of the 3rd Party Website or responsible or liable for the goods and services offered by them or for anything in connection with such 3rd Party Website. CBA does not endorse or approve and makes no warranties, representations or undertakings relating to the content of the 3rd Party Website.

CBA disclaims liability for any loss, damage and any other consequence resulting directly or indirectly from or relating to your access to the 3rd Party Website or any information that you may provide or any transaction conducted on or via the 3rd Party Website or the failure of any information, goods or services posted or offered at the 3rd Party Website or any error, omission or misrepresentation on the 3rd Party Website or any computer virus arising from or system failure associated with the 3rd Party Website.