All businesses face cyber security threats daily. The risk of an attack has the potential to ruin a business, so it’s important to ensure business owners have the safeguards in place. Small businesses are vulnerable to cyber risks because of limited resources, infrastructure and a lack of awareness. Unfortunately, VACC members have been compromised by clicking on suspicious emails, using easy-to-decipher passwords, and using software without installing critical updates.
The Australian Cyber Security Centre’s (ACSC) latest report shows nearly 94,000 reports in the 2022-23 period, up by 23 per cent on the previous year. On average, the cost to small businesses is $46,00, medium-sized businesses $97,200, and large-sized businesses $71,600 per cyber-attack. For reported incidents, Victoria sits second behind Queensland.
The highest on the list of cybercrimes affecting individuals include identity fraud, online banking fraud, and online shopping fraud, while for businesses, the major security risks include email hacking and online banking.
The Australian Signals Directorate (ASD) has published guides tailored for individuals and small, medium and large businesses. You can access these guides by taking this link.
How to protect yourself:
· enable multi-factor authentication (MFA) for online services where available
· use long, unique passphrases for every account if MFA is not available, particularly for services like email and banking (password managers can assist with such activities)
· turn on automatic updates for all software – do not ignore installation prompts
· regularly back up important files and device configuration settings
· be alert for phishing messages and scams
· sign up for the ASD’s free Alert Service.
How to protect a business:
· only use reputable cloud service providers and managed service providers that implement appropriate cyber security measures
· regularly test cyber security detection, incident response, business continuity and disaster recovery plans
· review the cyber security posture of remote workers, including their use of communication, collaboration and business productivity software
· train staff on cyber security matters, in particular how to recognise scams and phishing attempts
· implement relevant guidance from ASD’s Essential Eight Maturity Model, Strategies to Mitigate Cyber Security Incidents and Information Security Manual
· join ASD’s Cyber Security Partnership Program
· report cybercrime and cyber security incidents to ReportCyber.
Visit the Australian Government’s Cyber security website.