The value of your accounts

There are many accounts you rely on as a part of everyday business. Protecting them from being compromised by a cyber-criminal must be a business priority.

Accounts such as email and social media may contain critical business information that is very attractive to cyber-criminals. This includes:

  • customer information, including personally identifiable information
  • contact details
  • your business history
  • upcoming project information
  • details of financial transactions.

If a cyber-criminal gains access to your accounts, they could:  

  • sell your customers’ data – including credit card numbers, names, addresses, emails, date of birth
  • send your customers phishing emails – to trick them into giving out personal information or to install malware onto their devices
  • send fraudulent invoices or requests for payment (learn how to identify an email scam)
  • reset your passwords on your other accounts to gain access to them– such as social media, if they are linked to the compromised email account.

Data breaches

Unauthorised access to your business information via a compromised email account or cloud storage could constitute a data breach. If your business experiences a data breach, you may have to report it to the Office of Australian Information Commissioner, opens in new window (OAIC) under the Notifiable Data Breach Scheme, opens in new window, and inform all your customers whose information might have been  affected.

An incident like this can damage a business’ reputation and customer trust.

A simple solution to protect your email and cloud storage accounts from being compromised is by using multi- factor authentication (MFA).

What is multi-factor authentication (MFA)?

MFA is an added layer of security designed to confirm your identity when logging into an online service. You will only be able to access an account after providing two or more pieces of evidence proving your identity.

Using MFA makes your accounts much harder to break into than if you were only using a password. Even if a criminal does obtain your password, they will still have to get past at least one other barrier to access your account.

MFA is also referred to as ‘two factor authentication’ or ‘2FA’. These terms are interchangeable.

1. Factor Authentication: something only you know

 This refers to something that only you know, like your password or PIN. Systems that use 1 factor authentication only require a username (such as an email address) and a password in order to access them. 

2. Factor Authentication: something you know and something you have

This refers to something you know (password), plus something you have.

Systems that use 2 factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) in order to access them.

3. Factor Authentication: something your know, something you have, or something you are

This is something you know, plus something you have, plus something you are (unique biometric input, such as a fingerprint scan to unlock your smart phone). 

Systems that use 3 factor authentication require a username and a password, a one-time password or code, and a fingerprint/some other unique biometric that identifies you.

How to set up multi-factor authentication (MFA)

There’s many different ways to set up MFA on your accounts. Here’s some common ones:

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts

IDCARE

IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Important information