Growth Customer Experience Productivity Business IQ Trends Success Stories Tech Solutions Subscribe Tech Enquiry

Cyber security: Is your business cyber-secure? Take our interactive quiz

Smarter Writer
Smarter Team

A team of business and technology journalists and editors that write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Smarter Writer
Smarter Team

A team of business and technology journalists and editors that write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Highlights
  • 60 per cent of small businesses hit with a significant cyber breach go out of business within the subsequent six months.
  • In the 2016/17 period, 7,283 reported cyber security breaches impacted Australian businesses, a 130 per cent increase compared to 2015/16, creating an economic loss of over $20 million.
  • Estimates suggest that in the past year at least two out of five small-to-medium businesses will have been targeted.

Cyber security is a hot topic across the business world. Whether your business is big, small, or somewhere in between, data protection is now essential for you to gain and maintain trust

Recent changes here in Australia to the Privacy Act 2018, have focussed the spotlight on cyber security. As a business owner, now is the time to explore how to best protect yourself; your customers, suppliers, and partners will want the assurance that you’re keeping their data safe. So now instead of a general expense, cyber security is both a selling point and a must-have.

Does your approach to cyber security pass the test?

Take the quiz now

Recent trends in cyber security
In Australia, 60 per cent of respondents to the Telstra Security Report 2018 experienced a business interruption due to a security breach over the past year.

The two most common types of security incidents in Australia are Business Email Compromise (BEC) and, more specifically, phishing attacks. Another form of email-based cyber-attack on the rise in Australia is ransomware. According to Symantec, ransomware is becoming ever more sophisticated, where cybercriminals conduct reconnaissance first before making attempts at your data. While automated attempts like those clunky spam emails, traditionally easier to notice, have also become more refined.

woman working on laptop amongst clothes racks

The dollar figure cost of these attacks is substantial, and statistics tell us that the number of attacks, and the associated losses, are rising. What does this mean for small-to-medium businesses? Startlingly, estimates suggest that two out five SMBs have been targeted in the past year. When you combine this fact with reports that 60 per cent of small businesses hit with a significant cyber breach go out of business within six months, cyber security cannot be ignored.

While attackers might be looking to steal money or information, an important point to be aware of is that your business, if breached, might be an access point to your customers, suppliers, and partners’ data. Here is where the amendments to the Privacy Act gain their importance. The changes to the act in February 2018 include regulations that affect small-to-medium businesses that hold personal information, with strict new requirements and ramifications.

It isn’t all doom and gloom, though –  make positive plans to protect your business today. Prevention and security are both technical and cultural challenges. The best protection to maintain your passion and livelihood is an integrated approach that combines technology, education and specialist advice.

Preventing attacks and creating a secure culture

There is no magic bullet when it comes to guarding against cyber threats. Instead, a multifaceted approach – from firewalls to antivirus, and consulting specialists – is essential. Equally crucial to technological protection and fostering robust policies and procedures, is making security a part of your business’s culture – the right staff training can make your team the strongest part of your security plan.

Cyber security quiz

  • If your business was subject to a ransomware attack, would you pay the demand?

    • Yes, I need my business back online ASAP.
    • No, I can safely restore my data to a new device from the cloud.
    • Yes, but I’d then look into ways to protect my business from future attacks.
    • I don’t think it would happen. My business is too small for attacks.
    A B C D
    High Risk
    Medium Risk
    Medium Risk
    Low Risk
    Did you know that ransomware is a type of malware (malicious software) that infects your computer or device and demands a ransom? It works by preventing access to your all-important files. There are a few types – non-encrypting, encrypting, leakware (doxware), and mobile ransomware. These can collect your personal details, attack other computers in your network, or can corrupt all your data.

    While paying the demand might get your data back, it’s only a temporary solution and once a business is hacked, they usually experience ongoing issues. As the saying goes: prevention is better than cure. If your system has been infected, you’ll need a complete rebuild of the operating system and restoration of information from a secure backup.
  • To protect your business, do you have antivirus software installed?

    • Yes, my computer came with it pre-installed.
    • Yes, I purchased antivirus software when I purchased my computer.
    • No, I don’t need it – I have a Mac.
    • No, I use in-built protection.
    A B C D
    Low Risk
    Low Risk
    High Risk
    High Risk
    To shore up your cyber security, it takes more than checking antivirus software is installed on your business’s computers. Every day, technological advancement presents us all the challenge of keeping up with the changes – and tech is changing at an ever-faster rate.

    Increased adoption of the cloud and mobile connectivity has raised new challenges for SMBs. Broadly, endpoint protection like McAfee Endpoint Protection Essential for SMB is the standard for small-to-medium businesses, and its variants generally include cloud management, antivirus, anti-spyware, endpoint firewall, and web control.
  • Do you have antivirus installed on your mobile devices like your tablet and phone?

    • I don’t need anything for my phone.
    • My main computer has protection – that’s adequate.
    • Yes, I have additional endpoint protection.
    • In a way. I have a data management program so I can erase my data remotely if needed.
    A B C D
    Medium Risk
    Medium Risk
    Low Risk
    Medium Risk
    Should SMB smartphones and tablets have dedicated antivirus installed? The answer isn’t yes or no, it depends on the scope of protection your business needs. Your network’s cybersecurity is only as strong as its weakest link, whether that’s an untrained staff member or an outdated smartphone. Again, this is where endpoint security can come in – that integrated combination of cloud management, anti-virus, anti-spyware, endpoint firewall, and web control.

    This approach when combined with a mobile device management tool – a product which restricts the features of the smartphone or tablet to stop, for example, the installation of an app that might be infected – is a robust duo. If you make the decision to adopt neither of these options, dedicated antivirus on your devices should be the bare minimum.
  • Are you aware of your requirements to report data breaches under the Federal Government’s Privacy Act 2018?

    • This only applies to businesses bigger than mine.
    • No. What legislation?
    • I’m aware of it but I’m unsure of my specific obligations.
    • Yes, and I have systems in place that safeguard my data.
    A B C D
    Low Risk
    High Risk
    Medium Risk
    Low Risk
    The latest report from the Office of the Australian Information Commissioner paints a picture that all SMBs need to see. A year into one of the key functions of the Act, the country’s notifiable data breach scheme, the office has received 812 reports where consumer data has been lost, stolen or shared with the wrong people. Almost half, 47 per cent, have involved financial details. The most common causes of breaches are malicious attacks, human error, and system faults. All organisations covered by the act must log a report when a data breach might cause harm.
  • Are your employees’ devices protected?

    • Yes, they are supplied equipment with integrated protection.
    • I don’t know, they use their own personal devices at work.
    • They don’t work on the main server, so I don’t think they need it.
    • Yes, they all have endpoint protection on the devices they use to interact with the business.
    A B C D
    Low Risk
    High Risk
    Medium Risk
    Low Risk
    A good rule of thumb is that any device working on a network or server is a potential entry point for a cybersecurity breach. Antivirus or anti-malware is just the tip of the iceberg when it comes to device protection, and endpoint protection combined with mobile device management is a good foundation.

    You can take it one step further with additional security. Features like containerisation (putting a wall between an employee’s work and personal usage), remote wipe (to erase sensitive data if the device is compromised or a device is lost), anti-spam products (for text or call spam), and sim monitoring products (which can alert you to smartphone or device in the wrong hands), might be the extra help you need.
  • Do you have email and internet browser security add-ons installed?

    • Yes. I use whitelists, prefilters, and password agents.
    • I don’t think so. But I do keep my passwords safe and regularly change them.
    • No. But I’m aware of the fact that browser settings can help block 3rd party cookies.
    • No. I think my passwords are enough.
    A B C D
    Low Risk
    Medium Risk
    Medium Risk
    High Risk
    A white-list is a list of email addresses or domains that your security software will allow data from. In a sense, it’s the inverse of a spam filter, which will actively block addresses or domains you don’t wish to hear from. A pre-filter redirects mail via a filtering server that sorts your mail. While a reputable password agent will create robust passwords for your use online, and pop-up blockers will keep you away from nefarious websites.
  • What is your practice when it comes to scanning for malware and viruses?

    • I make sure that both scans are scheduled daily.
    • I have scans scheduled for roughly once per week.
    • My antivirus and malware are set to manual. I run scans when I remember to.
    • I don’t run scans, as far as I know. I figure the software will do the job.
    A B C D
    Low Risk
    Medium Risk
    High Risk
    High Risk
    Scanning is only effective if your equipment’s software is up to date, including the operating system. Matthew Wilson, CEO of Australian cybersecurity specialist Penten, says: "Installing security updates is the number one control that needs to be in place for organisations, as it will neutralise many of the threats that you face. Malware only works because there’s a vulnerability in the software, and often it’s a published vulnerability which has already been fixed in the latest update. Attackers are simply relying on the fact that many businesses fail to install these updates."

To request more information on Platinum for Business from Telstra, talk to an expert. Book a call now.

Learn how Platinum for Business Security Services can help with your cyber security needs.
Request a call back

Three women use a tablet in a gallery space.
Productivity
Productivity
Put your office in your pocket

Business technology has become a bit of a maze, with so many considerations and options available that it’s very easy for a small business to become lost. And with more workers...

Image shows a man sitting at a laptop computer in his home office.
Productivity
Productivity
Remote access dos and don’ts: Reap the benefits, not the risks

Mobile technology has transformed the way many businesses and employees connect, collaborate and carry out their work. But, as with most things, there is a right way and a wron...

www url being typed into search bar
Tech Solutions
Tech Solutions
Help protect your domain: Avoid these common mistakes

A domain name is a major business asset, not one that you can simply set and forget. If you spend a lot of time and money marketing your domain name, spend a little time read...

A woman using her laptop and phone in a shop.
Tech Solutions
Tech Solutions
Get to the nbn network starting line in great shape

Even if it may still be some time before the nbn™ network is available in your neighbourhood, planning now can mean a hassle-free switch over when it happens. When the nbn™ ne...