15th June, 2020
Cybersecurity is more important than ever under COVID-19. Time to polish up those fraud management plans and protect your critical data.
With more people spending lots of time learning, communicating and doing business online, it’s proving to be a perfect opportunity for cyber criminals to work their trade.
While we’re hand-washing and social distancing for hygiene and health purposes, what should we as businesses be doing to increase cybersecurity hygiene?
I recently spoke with Wayne Tufek, director of CyberRisk, and got some insight into the size of the issue and some great tips for what businesses can do right now to keep cyber safe.
Have you ever received an email from someone claiming to be royalty in a far off land who has money to give you or who requires money from us to further their cause? Of course you have — this is a type of fraud that’s become so commonplace it’s practically a cliché.
Today, many of us can spot a dodgy email or phone call a mile away. This is a great example of how awareness can be a powerful first line of defense. Which is why it’s always important to stay up to date on what’s happening in cybersecurity.
“Cybercrime is a multi-billion dollar business.” – Wayne Tufek, Director, CyberRisk
Tufek understands this more than most.
“People do this as a business,” he said. “Cybercriminals are like con artists online, and they approach what they do in a business-like manner.
“Clearly, it’s not legal, but they are professional… this is what makes it so challenging for business owners and individuals.”
Sign up for added insights and business-critical news from MYOB.
Stay in the know
Malware is software that cyber criminals use to harm your computer system or network. Cyber criminals can use malware to gain access to your computer without you knowing, in targeted or broad-based attacks.
Ransomware is a subcategory of malware that denies access to files or computer systems until a ransom is paid. You usually get notification of how to gain access to your files. It might be a number to call or website to visit.
Criminals use email to manipulate or trick you into unintentionally sharing personal information, financial details, or money.
You may have heard of so-called CEO fraud or Business Email Compromise, which relate to scams by which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee into executing unauthorised money transfers, or sending out confidential tax information.
Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It’s one of the most prevalent scams reported in Australia.
Phishing messages can be sent via email, SMS, social media, instant messenger or phone call. The phishing email will attempt to convince you to open an attachment or click on a website link. These are infected with viruses and the hacker either wants to take over your computer of infect you with ransomware.
In many cases, fake websites are designed to look just like real sites such as PayPal or Netflix and used to trick you into providing your password, personal information and credit card details.
Your cybersecurity strategy must address ‘the human factor’.
A key pillar of any cybersecurity strategy involves a holistic audit of how you and your staff can influence, moderate and help defend your business from potential threats.
Here are CyberRisk’s three steps to frame your thoughts around the human side of cybersecurity:
1. Be informed — Understand the different types of scams that are out there and ways to identify them. Check sites such as bank and government sites for updates on the latest scams so you can recognise them at a glance.
2. Be alert — Pay attention when using email don’t just press buttons or click attachments and don’t give out personal, sensitive or confidential information over email. Always take notice of emails or texts advising you that someone has been trying to log into your account.
3. Be suspicious — Always assume something a bit out of the ordinary is a scam. If it’s too good to be true it is probably a scam. Never rely on email alone always phone the company for verification. Check an email address by pressing reply to see who really sent the email. Any email directing you to a website and asking you to confirm your personal or financial details is not real. Call the organisation using the number on their website and confirm that the email is legitimate.
Then, naturally, you also have the digital (both hardware and software) element of cybersecurity.
Unfortunately, simply purchasing a product that touts security benefits isn’t enough. You’ll want to have a clear understanding of what that level of security entails, how it’s delivered and guaranteed, and for how long it’s viable.
To get you started, here are the six most important steps you should take in securing your business hardware and software:
1. Multifactor authentication — Turn on Multifactor Authentication where possible. Two-step verification is a process that involves two authentication methods performed one after the other to verify that someone or something requesting access is who or what they are declared to be. It might be email and then receiving a password by phone.
2. Anti-virus software — Always install and keep your anti-virus software up to date.
3. Apply all software updates — Whether it is your website or software programs you use, ensure that you are operating with the latest software updates.
4. Turn on your firewall — This will help you prevent unauthorised access. Seek technical advice and assistance if you need to.
5. Use good passwords and a password manager — Having different passwords that register as strong and that are changed regularly is important. Find out more through a password manager such as Last Pass. Just don’t forget your master password.
6. Always back up your data — This will protect you if in the case of a ransomware attack as you will still have access to your files so reduce the ability for blackmail.
“Throughout time there has always been conmen…now you just can’t see them.” – Wayne Tufek, Director, CyberRisk
Cybercriminals have been using the epidemic as a lure to trick people into opening attachments or giving up their personal information.
Cyberthreats are constantly evolving in order to take advantage of online behaviour and trends. The COVID-19 outbreak is no exception. It’s important that during this time of major distractions businesses keep their focus on their security to protect what they have.