Article tags

  • Cyber safety for business

Estimated reading time is 4 minutes.

Why do criminals target small businesses?

The media regularly reports companies being hacked into, suffering data breaches and online service attacks. While attacks on large, multinational corporations make the headlines, small and medium businesses (SMBs) are often the forgotten victims. But in fact, SMBs are more actively targeted by cyber criminals than large businesses.

This is because SMBs often lack the resources of large companies, and have fewer security measures in place, making them an attractive target for cyber criminals.

The good news is, there are simple things all SMBs can do to prevent being a victim of cybercrime. Make sure you also listen to our NAB Security Podcast on Cyber Security for business.

What cyber criminals want from your business

Cyber criminals are mostly motivated by money. They can make money by:

  • holding your data to ransom in exchange for payment
  • selling your data to a competitor or other criminal
  • stealing funds from your accounts
  • stealing your identity.

How cyber criminals go about their business

Cyber attack techniques fall into the following categories:

  • Obtaining your details by deceptive email, text messages or telephone calls, such as:
    • spam or phishing - find out more in How to identify spam and phishing messages.
    • spear-phishing - this takes phishing one step further by targeting one person about a topic directly relevant to them; spear-phishing is one of the main ways cyber criminals get in to organisations to steal data, conduct corporate espionage or steal money.
    • wire fraud - this is where cyber criminals trick financial staff into transferring your money to an external bank account.
  • Stealing your business data or identity by:

How to minimise the risk of a cyber attack on your business

Like managing any business risk you can put the right controls, processes and tools in place to protect your data. Here are some practical ways to prevent a cyber attack turning into a costly cyber incident.

Basic computer security controls and software can protect your business

Computer security controls are administrative settings on computers and internet devices that can help minimise cyber safety risks.

Always keep the following up to date:

  • Operating systems.
  • Applications and web plug-ins.
  • Anti-virus software.
  • Internet browsers.

A patch is software designed to update a computer program to fix or improve it. This includes fixing security vulnerabilities and bugs. You’ll find an option in the software update settings options of your computer or device that will enable you to turn on or check automatic updates and installation of the latest patches.

Schedule some time each week to check all updates have been successfully applied. You can do this by performing a search of your programs and viewing the latest installed updates on your computer or internet device.

Manage access to your network and payment controls by:

  • limiting access to your network - only grant access based on each employee’s roles and responsibilities
  • using two-factor authentication (2FA) to secure access to your network - 2FA is where you add at least one more secure verifier of your identity on top of a username and password that only you know, such as a security token or an SMS code sent to your smartphone
  • setting up dual authorisations for all online payment transactions - this means there is always more than one person that must approve money moving out of your business
  • setting up daily payment limits on all your financial accounts - this limit can help alert you to any financial transaction activity that is not usual.

Good security processes can protect your business

The best way to protect your business is to practice good security processes. Minimise your cyber security risk by:

  • having an incident management plan in place - identify and document all your key contacts, processes and business continuity plans; store your plan securely and outside of your business network
  • ensuring each employee has unique login credentials - employees must never share their username or password under any circumstance
  • always locking your computer or device in your absence - develop a habit of always locking your computer or device if you’re not using it; make sure your employees do the same
  • protecting your information with a secure back-up solution - you’ll find more information in Understanding the value of your business data
  • educating your employees on good security practices - you’ll find more information in Understanding the value of your business data
  • regularly review the programs installed on your computers and devices - always uninstall programs that are not being used.

Information to help keep your business safe

Here are some helpful online resources to explore to help you keep your business safe.

Microsoft security information

Apple / iOS security information

Android security information

Australian government cyber security tips and support

Helpful resources

How to protect your website from being compromised

Learn how to protect your website against online attacks.

Building employee awareness of cyber safety

Empower your employees to help manage your online security risks

The basics of computer security

There are simple measures every business can put in place to avoid the risk of cyber-attacks.

Managing online security as a business risk

Find out what security measures you can take to reduce risk to your business