Start of menu
Close Menu

FAQ: Understanding the basics of cybersecurity

As cybercrime rates increase, small businesses can no longer ignore mounting cybersecurity threats.

The internet has put unprecedented power in the hands of small businesses. From e-commerce startups competing with major retailers to professional service providers accessing sophisticated cloud-based software, a wide range of digital tools means you no longer need a multimillion-dollar budget to gain a competitive advantage.

But there’s a downside to the digital economy. As our reliance on the internet increases, so too does the rate of cybercrime. In recent years, hackers have stepped up attacks on business of all sizes.

That’s why it’s so important for small businesses to understand, identify and neutralise potential cybersecurity threats before it’s too late.


What are the threats to my business?


Hackers want two things from your small business: your money and your data.

Phishing is a popular technique hackers use to steal both. It involves tricking or deceiving users into revealing usernames, passwords and other sensitive information. This can be done by phone, with a criminal impersonating a representative of a legitimate company (like a bank or software provider), or by emails that appear to come from an official source and ask the recipient to download an attachment or click a supplied link.

Attachments often contain malicious software (‘malware’) that, once downloaded, can seriously damage your business. The goal of a phishing attack can range from stealing sensitive information and spying on your employees’ emails to hijacking customer data and infecting systems with viruses.

Phishing scams may also send your employees to fake websites where they’ll illicit online payments of phony invoices, stealing your company credit card details in the process.

Ransomware is another emerging threat to small businesses. Once downloaded into your system, usually via a phishing email scam, the ransomware allows the hacker to hijack your customer and business data. They then demand a ransom payment to release the data back to you.

In early 2016, hackers encrypted the files of a Los Angeles hospital via a ransomware attack and demanded US$17,000 to restore the files. The hospital had no choice but to pay the ransom.


How can I protect my business?


First and foremost, educate your staff about cybersecurity and the attacks they’re likely to face. Instruct them to ignore unsolicited emails, never download unsecured files and avoid clicking web links within emails.

Whenever you do need to make an online transaction, use a third-party service like PayPal, or check the URL bar of the website in question. If it’s a secure website, the URL will begin with ‘https’ and display a green padlock icon.

It’s also important to limit company account access to employees who directly need it. Also consider using multifactor authentication (MFA) for employee logins. That means your employees will need more than one form of authentication to access accounts, such as a password plus a one-time SMS code or voice authentication.

If you don’t have an IT team at your disposal, it’s important to keep your company devices updated with the latest antivirus software. Also, be careful if your employees use personal devices like laptops and smartphones for work purposes. It's better to supply all equipment for professional use so you can control and verify the software and apps that are downloaded.


What should I do if my business is attacked?


You should report any instances of cybercrime to the Australian Cybercrime Online Reporting Network (ACORN). Keep any offending emails and screenshots that can be used as evidence in a police investigation.

Small businesses are in the sights of hackers as cybercrime rates continue to rise. To protect your business, it’s vital to understand the techniques hackers may use to infiltrate your business. Education is also key – your employees must be an effective first line of defence.