Concerns that hackers will infiltrate a company’s system are growing among small businesses, most of which aren’t properly prepared.
More Australian small business owners are concerned they’ll suffer a cyberattack, something Sophie Contreras knows all too well.
The Brazilian Samba teacher realized her business email and Instagram account was infiltrated by hackers in January this year, the same day her father was hospitalized with Covid-19.
Ms Contreras said the cybercriminals first hacked her Gmail account, then changed her social media password and deleted the emails from her inbox in the early hours of the morning to try to cover their tracks.
Friends alerted her to the attack when they were contacted through the Instagram page asking for money and promoting cryptocurrency purchases.
The Melbourne resident said her business Physical Dance had suffered as a result.
“I feel so violated knowing someone has been in my personal stuff,” Ms Contreras said.
“(The hackers) were having full conversations with people pretending to be me… and it would have affected my reputation.
“I never worried about it before because I thought nobody would bother to hack me but they did.”
Ms Contreras encouraged all social media users and small business owners to use the two-factor authentication on their accounts, change their passwords regularly, don’t reuse passwords across multiple platforms and to always be aware of the risk.
Recent Business Australia research found that almost half of Australian small businesses were vulnerable to cyberattacks, with two in five businesses admitting to spending no money on cyber security.
It also revealed that 90 per cent of attacks were successful because of human error.
Business Australia general manager Phil Parisis said it was concerning that 68 per cent of businesses didn’t have cyber insurance.
He said the threat from cybercriminals was only going to grow in time.
“Unfortunately, many think cyber security is about technology and that they’re protected by a single piece of software, which couldn’t be further from the truth,” he said.
“Small business is big business for cybercriminals because they are easy to target.
“Train your staff to be suspicious of emails and texts messages and know how to spot these fake attempts to access your system.”
Mr Parisis said phishing emails were the most common way hackers accessed an account.
He warned that free public Wi-Fi was another easy way hackers could see every single transaction on a person’s device in real time. Hacked phone numbers sending false text messages that encouraged people to click on links to gain access was another in for cybercriminals.
In the 2020-21 financial year, 67,500 cybercrime reports were made to the Australian Cyber Security Center (ACSC) – an increase of nearly 13 per cent from the previous financial year.
An ACSC spokesperson said ransomware remained one of the most serious cyber threats because of its high financial impact and disruptive impact on individuals, businesses and the wider community.
They said cybercriminals who compromised business emails had become more sophisticated and organized, especially as more people worked from home.
“Fraud, online shopping scams and online banking scams were the top reported cybercrime types,” the spokesperson said.
“Australian businesses are losing significant amounts of money through business email compromise, with total losses approximately $81.45m for the 2020–21 financial year — an increase of nearly 15 per cent from the previous financial year.”
The ACSC recommended individuals turn on automatic updates on their devices to fix any security weaknesses and keep a secure system, adding multi-factor authentication to devices and accounts, using strong passphrases and regularly backing up devices to an external storage device or cloud.
Those who have been scammed or hacked are urged to report the matter to the ACSC on 1300 CYBER1 (1300 292 371) or online.
As for larger companies, Optus works closely with the government, global intelligence experts and the group’s global security operations centers to closely monitor the domestic and international cyber situation.
A spokesperson said the corporation continually enhanced its security to protect its network and customers.
“Using threat intelligence, analysis and expert recommendations, we aim to employ global best practice in cyber security to protect our network and our customers,” they said.
Telstra designs, builds and manages its cyber security for its global network and uses a range of technologies and security controls to minimize cyberattacks on its systems and networks.
A spokesperson said the company continuously invested in its security capabilities.
“We also recognize that cyber security is as much about people as it is about technology, so we invest in programs designed to foster a strong cyber security culture within the organization and to prepare our people to help protect against a range of different cyber threats, ” they said.
Telstra also has a range of products available to business and consumer customers to help protect against cyber threats.
A Coles spokesperson said the company also invested significant resources to protect its data.
“We regularly review cyber threats to ensure we are protecting against an ever-changing external environment,” they said.
Australian financial technology company Afterpay also uses a comprehensive security program to protect the business and minimize the impacts of any attacks.
The business has not suffered any major breaches to date.
“Afterpay’s highest priority is to offer a secure platform for our customers, merchants and partners. We maintain world-class systems to protect privacy – as protecting customer data is our highest priority,” an Afterpay spokesperson said.