Cybercrime has become widespread throughout Australia, resulting in significant financial losses for small businesses. What makes small businesses vulnerable is their access to money and personal data: two things that scammers seek out the most. It’s more important than ever to protect yourself and your business from cybercrime.
We spoke with Ed Blackman, Reckon’s Chief Technical Officer (CTO), to get his perspective on Cybersecurity Month. One of Blackman’s many duties is reviewing and implementing Reckon’s cybersecurity policy, which keeps Reckon staff and customers safe from online attacks.
So, what is cybersecurity? And what can small businesses do to stay safe?
This interview has been edited for clarity
Defining Cybersecurity
Cybercrime has become endemic and commonplace in Australia, with damages from business scams increasing each year, so it’s essential to know how to defend yourself. To begin, you need to understand what cybersecurity is:
“Cybersecurity is protecting yourself and or your business against threats in the cyber world that could harm or cause you or your financial loss,” explains Blackman.
Investing in your security
Understanding how much to invest in your small business’s security is crucial, but it’s also essential to know what type of protection you need.
“It really depends on the size of the business and its risk. So, there is certainly not a one-size-fits-all answer for all types of companies and businesses.
Your cybersecurity policy and protections need to be scalable to your means and realistic in response to your risk exposure. Businesses are often victims of data breaches and financial losses due to cybercriminals. They’re the two biggest things businesses need to consider to protect themselves against.”
Methods of protection from cybercriminals
Cybercriminals employ various tactics and tools to gain unauthorised access to your information. To prevent breaches, Blackman recommends several methods:
“To easily protect your business, use multi-factor authentication (MFA) and passphrases, and implement a password manager.
MFA make it extremely difficult to access your accounts, as it requires input from you to log in. Enable two-factor authentication across all business accounts, as even less valuable accounts can provide access to different levels of information related to you and your business.
Passphrases can also be the difference between a cyber criminal needing a couple of days to crack a login or 36 years. Couple this with a password manager to track your passwords across all sites, and you have a system in place to protect you and your staff.”
Train your staff against targeted and opportunistic cyberattacks
Whether a cyberattack is targeted or opportunistic, it is essential to educate your staff, says Blackman.
“What is critical is that you basically need to put the key mitigations in place to prevent all threats.
The key difference between an opportunistic and a targeted attack is the level of the person they’re going after, or the type of person. A more targeted attack will be aimed at a senior employee or leader in a business. In contrast, opportunity attacks have no intended target but rely on the ignorance of an unsuspecting victim.
What is essential is implementing regular training for yourself and your staff on how to recognise scam attacks. Ensure that your staff, especially those in key positions, are aware of basic fraudulent attacks, such as phishing and spear phishing tactics.”
Cyber attack breaches and your business
When a cyberattack occurs, you must notify the proper authorities. Blackman explains that the best people to contact aren’t the police, but the Australian Signals Directorate (ASD).
“When a breach occurs, the first thing to do is get help. The government has an excellent resource, ASD, available at cyber.gov.au. This is the first place you need to go to.
There’s a whole section on what to do when you’ve been breached; work through the advice and the steps that they suggest. If you have any breaches, attempted breaches, or are unsure, this is the best place to go to.”
Preventing cyber attacks
Cybersecurity can cause stress to small business owners, since it becomes yet another responsibility to manage when running their businesses.
While it can be a burden, it’s essential to be proactive and secure your business; the cost of not doing so can damage your livelihood or harm your customers. You can keep yourself cybersecure by:
- Setting up your cybersecurity policy through:
- MFAs
- Passphrasses
- Password mangers
- Training staff to identify common cybercriminal tactics
- Reporting breaches when they occur at cyber.gov.au
By using Reckon’s CTO, Ed Blackman’s advice and expertise as a starting point, you can maintain your business’s cybersecurity and keep it safe from scammers.
Ed Blackman, Reckon Chief Technology Officer
