The value of your accounts
There are many accounts you rely on as a part of everyday business. Protecting them from being compromised by a cyber-criminal must be a business priority.
Accounts such as email and social media may contain critical business information that is very attractive to cyber-criminals. This includes:
- customer information, including personally identifiable information
- contact details
- your business history
- upcoming project information
- details of financial transactions.
If a cyber-criminal gains access to your accounts, they could:
- sell your customers’ data – including credit card numbers, names, addresses, emails, date of birth
- send your customers phishing emails – to trick them into giving out personal information or to install malware onto their devices
- send fraudulent invoices or requests for payment (learn how to identify an email scam)
- reset your passwords on your other accounts to gain access to them– such as social media, if they are linked to the compromised email account.
Unauthorised access to your business information via a compromised email account or cloud storage could constitute a data breach. If your business experiences a data breach, you may have to report it to the Office of Australian Information Commissioner, opens in new window (OAIC) under the Notifiable Data Breach Scheme, opens in new window, and inform all your customers whose information might have been affected.
An incident like this can damage a business’ reputation and customer trust.
A simple solution to protect your email and cloud storage accounts from being compromised is by using multi- factor authentication (MFA).
What is multi-factor authentication (MFA)?
MFA is an added layer of security designed to confirm your identity when logging into an online service. You will only be able to access an account after providing two or more pieces of evidence proving your identity.
Using MFA makes your accounts much harder to break into than if you were only using a password. Even if a criminal does obtain your password, they will still have to get past at least one other barrier to access your account.
MFA is also referred to as ‘two factor authentication’ or ‘2FA’. These terms are interchangeable.
1. Factor Authentication: something only you know
This refers to something that only you know, like your password or PIN. Systems that use 1 factor authentication only require a username (such as an email address) and a password in order to access them.
2. Factor Authentication: something you know and something you have
This refers to something you know (password), plus something you have.
Systems that use 2 factor authentication require a username and a password, plus a one-time password or code (sent to your mobile phone, for example) in order to access them.
3. Factor Authentication: something your know, something you have, or something you are
This is something you know, plus something you have, plus something you are (unique biometric input, such as a fingerprint scan to unlock your smart phone).
Systems that use 3 factor authentication require a username and a password, a one-time password or code, and a fingerprint/some other unique biometric that identifies you.
How to set up multi-factor authentication (MFA)
There’s many different ways to set up MFA on your accounts. Here’s some common ones:
- You can set up MFA for Office 365 in the Admin centre. This will generate a phone call, text message or an app notification to your mobile once you have entered your password. Find out how to set up MFA using Microsoft’s step-by-step guide, opens in new window.
- You can enable MFA on your iOS and macOS devices. For more information and instructions, visit Apple’s guide on MFA, opens in new window.
- To help you set up MFA for other accounts like social media or Gmail, the Australian Cyber Security Centre has a list of helpful guides, opens in new window.
How we can help
If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.
IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.
IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.
Australian Government | Australian Cyber Security Centre (ACSC)
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.
Australian Government | ReportCyber
ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.
Australian Competition and Consumer Commission | Scamwatch
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
Australian Government | Office of the eSafety Commissioner
The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.
Australian Government | Attorney-General’s Department
The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.
Apologies but the Important Information section you are trying to view is not displaying properly at the moment. Please refresh the page or try again later.