Australia is a prime target for cybercriminals. We are a relatively wealthy nation and we’re increasingly online, whether checking our online banking, shopping, using social media or sending an email.
Cybercriminals don’t discriminate between targeting businesses or individuals. Anyone who they can get the better of for financial profit is fair game, and it’s up to all of us to become more aware of the risks so that we can take the necessary steps to protect ourselves.
In its Annual Cyber Threat Report, the Australian Cyber Security Centre (ACSC) highlights the key ways in which both individuals and businesses can protect themselves against cybercrimes.
Cyber security advice for individuals
Cybercriminals target individuals through online scams, or by stealing information via malicious software put on your devices which can then be used for financial gain.
You can protect yourself against cybercrimes in the following ways:
- Limit the amount of personal information you put online, including on social media.
- Be suspicious of any unsolicited requests for personal information.
- Avoid clicking links or opening attachments from suspicious messages.
- Don’t give anyone remote access to your computer. This one may be especially tricky to get around given the current rise of remote working. Remember that Australian government agencies will never call you and request access to your computer.
- Research websites before making online payments.
- Enable two-factor authentication for services such as email, bank and social media accounts. This method effectively “double-checks” your identity.
- If you receive a suspicious phone call, hang up and don’t call the number back.
- Replace passwords with stronger passphrases which are more complex than passwords and harder to crack.
- Promptly update software on your computer or ensure auto-updates are set. Cybercriminals are always looking to exploit weaknesses in software.
- Don’t do online banking, shopping or send sensitive information when using public Wi-Fi.
Cyber security advice for businesses
Much of the cyber security advice for individuals also applies to businesses, such as not clicking links from suspicious emails and using passphrases instead of passwords.
Businesses are also encouraged to follow additional cyber security best practices which are more specific to the business environment, including:
- Follow the essential eight strategies to mitigate cyber security instances.
- Follow software best practices to improve resilience to cyber threats. This includes enabling automatic updates, automatic backups and multi-factor authentication (e.g. use of a pin and fingerprint to grant access).
- Be aware of the key cyber threats that affect businesses such as malware, phishing and ransomware.
- Have clear procedures for who can access, and who can control your business’ information. Restrict administrator privileges to an “as-required” basis.
- Harden workstations and defend against malicious emails.
- Provide thorough cyber security training to staff. Training should be regularly updated and repeated.
- Develop a cyber security incident response plan.
- Follow the ACSC Security Configuration Guides for popular mobile phone devices such Apple iOS 12 devices and Samsung Galaxy S9 and S9+ devices.
As cybercrimes become increasingly prevalent, businesses and individuals need to be aware of the key threats and how they can protect themselves. This ranges from making small adjustments to how we live our (digital) lives to implementing more extensive changes. Such changes require technological expertise to strengthen systems and devices, and management expertise to ensure that corporate culture, policies and procedures support the safe operation of a business online.