As we look forward to the festive season, spending time with loved ones and hopefully enjoying some well-earned downtime, cybercriminals are gearing up for their busiest period.
Why is this? While cybercrime happens all year round, the holidays present a unique opportunity for these bad actors. With many of us in a relaxed state of mind, they leverage common social engineering tactics such as phishing and smishing to catch us off guard.
The statistics are sobering. According to the Australian Cyber Security Centre (ACSC), Australians reported over $33 billion in losses in the last financial year alone.
This serves as a timely reminder to review the cybersecurity posture of your business. To help you stay informed, check out the Safeguard your business from cyber criminals video in Learn.
Key Cybersecurity Tips for Your Business
Here are some practical steps you can take to bolster your cybersecurity:
- For SMEs, business email compromise is the single largest contributor to successful hacks – add multi-factor authentication to your email login and any other frequently used applications (work and personal) which enable this.
- If you receive an email that seems unexpected, unusually urgent or generally suspicious – take the time to validate it by speaking with the purported sender rather than throwing caution to the wind and clicking on links or inputting credentials.
- Consider engaging an external expert to complete a review of the cyber security controls in your business.
- Always update applications and operating systems (OS) with the latest patches – this can often be auto-enabled.
- Tell your customers that you will never ask them to transfer funds unless you have verbally confirmed (preferably via video chat) the details with them
- Do not share passwords! This can invalidate PI insurance & compromise investigations.
- Update passwords and consider password management programs such as Lastpass.
- Backup data automatically to the cloud & delete personally identifiable information (PII) on email. Do not use email as your filing system for customer PII. Save it to a secure location (if you need to keep the PII at all).
- Familiarise yourself and your staff with Microsoft's "The Essential 8" and the ACSC site.
- Select external loan administration support carefully. If your provider is overseas, ask what are they doing to protect your data?
We hope the above is helpful for your business, and for your family and friends too. Let’s all do what we can to give the hackers an unhappy Christmas and a non-prosperous New Year!