Many Australian small businesses have a false sense of security
about their business not being hacked. Despite this confidence, the
statistics don’t lie and Australian small to medium businesses need to
be prepared and able to defend themselves effectively against a hack.
Often, small companies simply assume that they’ll never be targeted
by hackers. However, as many as one in three adult Australians fall
victim to cybercrime, and hacking is on the rise in just about every
ASBFEO has reported that 43% of all cybercrimes are committed
against small business and the average cost of a cyber-attack to a
business in Australia is around $276,000 per attack.
Unfortunately, IT security is often seen as a fix rather than an
ongoing process, and the cyber hacking security environment is ever
changing. This means IT Security needs to be a constant discussion point for the owners of small to medium businesses.
With resources being a challenge for any business, it is
recommendation that a business should look to use an IT expert for
advice, direction and execution of their security defence plan. The
statistics tell you with cybercrime on the rise, there’s never been a
more crucial time than now to protect your IT infrastructure.
As the world becomes more and more dependent on complex IT solutions
and infrastructure, the threat of cybercrime will continue to rise. No
matter how advanced the latest IT solutions are, hackers will develop
new and sophisticated ways to penetrate them. So, what can you do to
avoid being hacked? And what can you do if your company server is
How to Bolster Your Cyber Security
Here are some of the most effective ways to prevent your company from being hacked:
Backup your data
Plenty of hackers would love to gain access to your business data,
such as customer contact details, purchase order histories, forecasts
and other sensitive information. You need to back up your data so that
if it is lost or stolen, you can recover it in its entirety.
Ensure that your staff are required to change passwords regularly
and enforce this by managing the process. Don’t store your passwords
but use a password manager application. Ensure that all passwords are
strong by using uppercase, lowercase numbers, special characters and
Two Factor Authentication
Two factor authentication requires users to not only enter a
password but also confirm the password through another item like a code
that is either delivered to a phone or to a nominated email address.
All major applications are now enforcing two factor authentication and
so you should too.
Create a Cybersecurity Culture
It is a fact that a lot of security breaches occur via email by
staff either opening an attachment or clicking on a link that contains
a piece of malicious malware. Staff often use social media and
accidently post information that allows the cyber criminals to activate
or launch an attack on your business. The only way to avoid this
internal threat (by you or your staff), is to ensure they are educated
correctly on what to look for and what to do. This is about education
and developing a cyber security culture within your business.
Utilise remote servers
Why risk keeping all your IT systems and data in one place when you
can store everything on secure, remote servers (otherwise known as
cloud computing)? Most IT service providers utilise a network of remote
servers so that if one fails, another can simply take over.
Mobile Staff using public Wi-Fi
No matter where you or your staff are, they will be using their
various devices to continue working. This means they are accessing
valuable information via a public network that is vulnerable. People
can see the data and access it in transit. Think about the coffee shop,
or the usage of a hotels free Wi-Fi service. Such public networks are
very vulnerable, and you cannot be sure about how secure the connection
is. Ensure your staff are using a Virtual Private Network (VPN) when
accessing or working on company related information. A VPN will encrypt
traffic so the WI-FI network cannot see what is being transmitted over
the network. As an alternative your staff can also setup a hotspot for
their mobile data.
Develop a business continuity and disaster recovery plan
It’s essential to create a strategy to deal with disasters, both
before and after they occur. You should take as many preventative
measures as possible to avoid a cyber-attack, but you also need to be
prepared for any situation.
Outsource IT security
The most straightforward way to guarantee the safety of your IT
systems is to outsource maintenance and security to a dedicated and
highly experienced service provider. That way, you’ll know who to call
when you have been hacked.
What to do if my business gets hacked?
If you’re unlucky enough to fall victim to cybercrime, you’ll need
to report the breach and contact your insurance provider. However, you
also need the contact details for an IT service provider who can
quickly get your business back up and running to minimise your losses.
At Computer Troubleshooters,
we specialise in all matters related to IT, whether you want to install
an internet-based phone network, a cloud-based computing system or a
sophisticated security solution.
We can prevent hackers from being able to access your
infrastructure, give you access to the latest equipment so that you can
compete with industry giants, and help you get back up and running in
the event that anybody tries to steal your data.
Call us today, and we’ll gladly explain how we can fortify your IT infrastructure. Call 1300 28 28 78 and enter your postcode to be transferred to your nearest local Computer Troubleshooter Business Solutions expert or visit www.computertroubleshooters.com.au
Reference points: ASBFEO Australian Small Business Family Enterprise Ombudsmen Department of the Prime Minister and Cabinet: The Cyber Security Review report
Welcome to 2019 = Scam Watch. Scams continue to grow rapidly, and they continue to evolve to elaborate making it more and more difficult for people to recognize and avoid. The Australian government through Scamwatch.gov.au continues to report that Scams are costing the broader community significant amounts of money. Not only consumers but business as well with Small to Medium businesses being a very specific target.
Not all scams are related to the internet but the radar watch on scams reports that YTD October 2018, there was 15,195 reported incidents of which 9% involved a financial loss and $4.966 million had been lost. The key methods for delivering a scam are phone, email, text messaging, the internet and mobile applications.
As the variety of scams continues to grow, and the best form of defense is education and ensuring your IT systems are up to date with virus protection, that your data is backed up and that you are effectively managing access to your systems and email.
The criminals have continued to become more sophisticated with their ability to make an email to appear it is from a legitimate company. This hack involves a company receiving an email re the payee’s bank details have changed and that their invoices for services/goods should be paid to this new account.
In January there is an expectation that more scams involving online shopping, donations to fake charities and investment scams will have been reported over the Xmas period.
Understanding the Scams
Hacking is when the scammer gains access to your personal/business information by using technology to break into your computer, mobile device or network.
Some examples are to trick the user into installing some malware (software application) onto your computer and then that software works in the background to collect personal information such as banking records, passwords, credit card numbers etc.
Once they have this information, they use it to commit fraudulent activities such as identity theft or credit card theft or even directly transfer money to their accounts from your account.
Identity theft is where a person uses someone else’s identity to steal money or gain other benefits. A common method is Phishing, which is where you are contacted either by Phone, email, text, social media and then without suspecting anything you provide personal details.
This method equally applies to businesses but is referred to as Whaling or spear phishing. The scammer targets the business to gain confidential information for fraudulent purposes. Usually done by email that is sent to either a group of employees or a specific senior executive. The design of the email looks like it has been sent from a trustworthy source, with a subject that captures the eye as it is a critical business issue that the requires the recipient to act by going to a fake website and prompting them to enter key confidential information.
What are some of the scams?
The following list is not exhaustive, but they give you an idea of where you might encounter a scam.
Holiday accommodation scam: this is where scammers are asking for a payment for something that does not exist. Means fake online websites, fake vouchers unusual practices like paying everything in total (especially bigger trips) with no deposit.
Flight booking scams: same approach using online techniques through fake websites you pay to turn up at the airport and you do not have an authentic flight ticket
Online shopping scams: the scammer tricks through fake classified ads, auction listings, and bogus websites. You purchase but never receive the goods and the website is often only there for a very short period.
Celebrity endorsement scams: these types of scams involve a loss of between $100 and $500. This scam involves signing up for a free trial and providing credit card details from fake websites where they use celebrities to endorse the product without the celebrity’s knowledge.
False Billing: They request you or your business to pay fake invoices for the directory listing, advertising, domain name renewals, or office supplies that you did not order. This type of scam has grown by 33% in 2018. It is a sophisticated scam created through email compromise (BEC, Business Email Compromise). Losses of up to $2.8 million have been reported in 2018.
What are the key things you should do to protect yourself or business?
The following items are not listed in any order, but you should at least implement these items to mitigate the risk.
DO an annual Security IT assessment and act on the recommendations.
Do ensure your Antivirus software is up to date and is maintained weekly. Ensure you have a weekly maintenance schedule where this is checked and updated
Do have a person responsible for maintaining and regulating your user profiles for your computers and email services.
Have IT security as a regular point of discussion at your team meetings Share stories and examples so your team becomes more educated at identifying possible threats.
Ensure you have a backup and that it is checked regularly that it worked at the last scheduled backup time.
Install a password manager for all staff
How can Computer Troubleshooters help you?
As a small business, you probably won’t have the time or the resource to undertake all the above, which is why are joining forces with Crest Australia to conduct IT security assessments that have been backed by the Australian Government with rebates on the fees. Learn more on this Federal government program.
Our Protection Plan service is directly aimed at small to medium businesses which is aimed at allowing you to focus on your business while we focus on your IT security giving you the confidence and peace of mind on this business issue.
Call 1300 28 28 78 for your nearest local Computer Troubleshooter
As a business owner, one of the best moves you can make is to outsource your IT services to a professional provider. When it comes to outsourcing your IT service needs, there are a wide range of service options that involve varying levels of management responsibilities and costs. An IT professional can provide service for a single specific task such as help desk support or managing network security.
According to CompTIA’s Second Annual Trends in Enterprise Mobility study for 2013, 64 percent of businesses support a BYOD policy. The trend continues as employees demand to use their personal mobile devices for their job. Businesses take on a higher risk of data exposure to malware and theft in a BYOD environment. Knowing how to protect your company data on these devices reduces the risk of a costly event that compromises your data, and damages your business.
In 2002, Microsoft presented its official Support Lifecycle Policy that was based on detailed customer feedback. The predictability of support services was cited as a very important issue for Microsoft’s customers. Microsoft responded accordingly by alerting customers years in advance that the XP operating system and Windows 2003 have an “end of life” date scheduled for April 8, 2014.
In August, our blog featured a story about one of the most lucrative cybercriminal scams of the past year. This con game involves fraudulent phone calls from cybercriminals posing as Microsoft tech support representatives. A fraudulent tech support representative calls to alert you that your computer has a virus.
Outsourced IT support services are becoming increasingly popular for both large corporations and small-medium sized business. Outsourced IT support typically includes some combination of the following services: web development and hosting; data storage via cloud services; application and software development; database development and management; application support and management; telecommunications; security; social media management; help desk services and technical support. Business owners see the value in outsourcing as a way to remain competitive by having access to the latest technology and skilled IT professionals while also watching the bottom-line.
More than ever, business owners need to squeeze even more productivity out of limited time, staffing and resources. Many small businesses see cloud computing as a way to access advanced technologies that were previously affordable only for larger companies. A recent survey conducted by CompTIA, a nonprofit IT industry trade association, stated that more than half of micro businesses (one to nine employees) and small businesses (ten to ninety-nine employees) use cloud-based business productivity applications.
Ensuring that your personal computer is safe from intruders is one of the most important things you can do for your personal safety. You wouldn’t think twice about securing your home, so why would you second guess securing your computer?