Business cybercrime is skyrocketing in Australia — here’s how to stay safe

Cybercrime has been rising steadily across Australia, and it’s not hard to see why. We’re an ambitious bunch; as soon as new technology is available that can improve our lives and make  our business more efficient, we tend to jump on it like a brand-new iPhone. But your new toys and devices are exposing you to greater levels of risk – when everything from your fridge to your TV is connected to the Internet, you’re significantly more vulnerable to cyberattacks.

According to official stats from ACORN, the Australian Cybercrime Online Reporting Network, there were close to 28,000 cyber attacks from the 1st of January to the 30th of June 2018. This is a massive 20% increase from the same period in 2017. This trend is particularly harrowing for professionals, as 43% of all cybercrime targets small businesses, while 59% of Australian organisations have their cyber security breached every month.

Why is your business so vulnerable to cyberattack?

Key decision-makers are failing to acknowledge the scope and severity of cyber threats to their business. Cybercriminals are evolving faster than average Australian businesses. For many companies, their efforts to defend a sophisticated cyber attack is comparable to bringing a pillow to a gun fight.

Here are the three most common vulnerabilities and tactics exploited by cybercriminals:

1. Weak passwords

This is by far the most common cause of a security breach. Fear of forgetting passwords makes most of us choose the same, easy to remember passwords to use across multiple accounts. What’s more, the tools and techniques available to hackers render password security more of a nuisance than an impenetrable safeguard. These include:

• Dictionary attacks: where a huge database of words and phrases is used to try potential passwords
• Brute force attacks: where a tool is used to systematically try every combination of available characters and symbols until the right password is found
• Keylogger attacks: where an installed program tracks keystrokes so the hacker can identify the exact password that is used

As we wrote about in a recent blog post, a weak password led a small Melbourne-based business to lose $50,000 at the hands of a cybercriminal. If you’re not extra vigilant when it comes to keeping your passwords secure, this could easily happen to you.

When it comes to passwords, it’s best practice to:

• Change your password every 6 months
• Use a phrase instead of a word, such as “Somebody1nceToldM3”
• Use two-factor or multi-factor authentication wherever possible
• Collate the above into a company-wide policy, sending reminders to employees every 6 months
• More tips here

2. Social engineering vulnerability

The most vulnerable part of any organisation is its people. Hackers know this better than anyone and take advantage of it on a regular basis with social engineering, deceiving and manipulating employees into handing over sensitive information. With social engineering, criminals can bypass practically any security measure without having to steal, decode or hack into a system.

The most common social engineering tactics used by cybercriminals include:

• Phishing: Sending emails indiscriminately to a massive number of people with the aim of tricking them into sharing sensitive details.
• Spear phishing: Sending an email to a specific person in an organisation pretending to be from a trusted sender. (The Melbourne-based business mentioned above is a great example of spear phishing in action.)
• Pretexting: Accessing sensitive information or entering a restricted area on a false pretext, such as posing as a technician.
• Baiting: Luring employees into downloading malware or installing a keylogger with the promise of something appealing, like free media content or physical rewards.

The most effective antidote to social engineering is a trained and informed workforce. So, make sure that everyone in your organisation understands key threats and knows how to identify potential scams and hoaxes. If you are unsure, itro can help facilitate training and keep your business informed through our proactive blogs.

3. Poor network security

Do your employees bring their own devices onsite and connect to your network? Unless your company WiFi has greater security than a simple password protect, your systems are highly vulnerable to cyber attack.  This is because many Australian businesses haven’t invested in any network security (beyond a password on their company Wi-Fi).

An increasing number of businesses operate a BYOD (Bring Your Own Device). This policy allows employees to use their personal phones and laptops on the company network. While convenient and cost-effective, this significantly increases the risk of a cyberattack and possible data breach. As each new device on the network is another potential entry point for a malicious attack.

Your company network can be compromised for months without anyone taking notice, while the cyber criminal monitors activity, learns your processes and waits for the perfect time to strike. The most common attack in this scenario involves ransomware, where a company’s data is locked and threatened to be destroyed unless they pay ransom. This is a serious threat to Australian businesses, as nearly half (48%) were targeted by some form of ransomware exploit in 2017 alone.

Take control: block cybercrime using your culture and technology

There’s more to effective cybersecurity than throwing money at the problem with a hodgepodge of high-tech solutions and hoping for the best. When technology plays such a vital role in your business — from communication and marketing, to service delivery and project management — then security needs to become  intrinsic to your company culture. The Australian government has put together a great info sheet for small businesses to help them implement and sustain such a culture.

Want an expert opinion on your system infrastructure from leading IT professionals who understand the needs of Australian businesses? Request a free onsite IT assessment from itro. We guarantee a fair assessment with no strings attached — one that’s actually worth your time and offers genuine insight into the security and efficiency of your existing tech.