Taking your business online can have benefits but can also increase the risk of scams and security threats.
Cybercrime can be costly for businesses.
Throughout 2021–22, a cybercrime was reported every seven minutes to the Australian Cyber Security Centre (ACSC).
Business email compromise scams
Cybercriminals send fraudulent emails posing as a legitimate business contact or staff member. They typically request a change in bank account details for a deposit, wages or invoice payment. Victims then unknowingly send money to the cybercriminal.
These fraudulent emails may come from hacked email accounts, or cybercriminals might register domain names similar to legitimate companies.
You can protect yourself and the reputation of your business by taking a few simple steps:
- Verify payment details. If you hold sensitive financial records, ensure you confirm the identity of anyone who requests changes to their information;
- Alert your staff. Train your employees to identify suspicious requests or emails that may link to fake websites built to capture passwords; and
- Secure your email account. Use multi-factor authentication or, if this is not possible, a strong unique passphrase that would be difficult to hack.
Taxpayers have also been advised to be wary of scammers impersonating ATO officers on Twitter, Facebook and other social media platforms.
Scammers scan public conversations on social media, where taxpayers ask questions or make complaints about the ATO. The scammers then use a fake ATO profile to contact the taxpayer directly with an offer to help resolve a complaint or follow up on a comment. Once trust is established, the scammers ask the taxpayer to click a link or provide personal details.
Learn more: How to spot a tax scam
Monthly security check
To avoid being a target for cyber criminals, the ATO recommends a monthly security check. Here are four simple steps:
- Don’t compromise your device/s. Install updates for your devices and software. Regular updates ensure you have the latest security in place. You can turn on automatic updates so future updates are made as soon as they’re available.
- Turn on multi-factor authentication (MFA) to protect your valuable information and accounts from criminals. MFA options include an authenticator app, physical token, email or SMS.
- Back up your files regularly. Hardware failure, theft, or a virus could result in the loss of critical business information. Recovering data can be expensive and sometimes impossible.
- Change your password to a passphrase as they are more secure. Passphrases use four or more random words and tend to be more unique, longer in length and less predictable than a password. You can even use a password manager to help you generate or store passphrases.
Any organisation that handles sensitive data or relies on technology is at risk, including businesses, government agencies and individuals. A single cyber-attack could seriously damage your business and its reputation. Cyber security is a complex and constantly evolving field involving numerous interwoven variables. So it’s imperative to stay vigilant and take actions to protect your business from cyber threats.