Our next Camp in February 2025 will be the best yet, REGISTER NOW!

Four tips to protect your business from cyber criminals

In this increasingly digital age, small businesses are becoming more and more vulnerable to the threat of cyber crime. In particular, there has been an increase in supply chain attacks targeting small businesses. Cyber criminals are constantly adapting their tactics and using AI to fuel their attacks. As technology advances, so does the risk to your sensitive data.

This increasing risk means it’s more important than ever to get the basics right. The good news is, AI still can’t beat smart cyber habits. October is Cyber Security Awareness Month, so we’re here to equip you with four essential tips to safeguard your business against cyber crime. Mark Knowles, General Manager, Security Assurance, Xero suggests some tips for you to consider…

Tip 1 – Strengthen your first line of defence

Humans can often be the weak spot in a business’s cybersecurity efforts, so it’s important to have a strong first line of defence in your systems to protect your business. It doesn’t have to be super complex or expensive – the easiest and most effective solutions are free or low-cost.

To start with, get your security basics sorted:

  • Passwords: Strong passwords are the foundation of your online security. Use long, unique passwords for each account, and consider using a password manager to keep track of them.
  • Multi-factor authentication (MFA): MFA adds an extra layer of protection by requiring additional verification, such as a code sent to your phone, when logging in.
  • Secure products and services: Choose reputable providers that prioritise security. Look for certifications like ISO and SOC2 compliance when selecting software and services.

Tip 2 – Educate your team about phishing

One way cyber criminals can exploit small businesses is through phishing scams, in which cyber criminals impersonate trusted individuals or organisations to trick them into revealing sensitive information through deceptive emails or text messages.

A phishing email looks like it comes from a legitimate source, but fraudulently tries to get you to provide sensitive information, such as your password or credit card details. Some of these emails might also try to infect your device by getting you to click a link to a malicious website or attachment.

However, even the most advanced phishing is still toothless if you know enough to pause, think critically about the message, and react appropriately if something doesn’t seem right. With this in mind, it’s important to educate your team about phishing and train them to:

  • Adopt a zero trust approach: Your team motto where data is concerned should be ‘never trust, always verify’. Bake security into your processes, for example, a payment can’t be processed without specific verification steps (even if it appears to be the CEO asking you to process it!)
  • Identify phishing attempts: Teach your employees how to spot phishing emails by being on the lookout for suspicious links, urgent requests, or grammatical errors.
  • Avoid suspicious links and attachments: Encourage your employees to hover over links before clicking, and to avoid downloading attachments from unknown senders.

Tip 3 – Learn how to spot a deepfake

Conventional scams are difficult enough to spot, but AI-based scams can be harder to detect and so even more dangerous. Deepfakes allow cyber criminals to create seemingly legitimate audio and video that can be incredibly convincing. Voice cloning replicates somebody’s tone and language to trick someone else into having a genuine phone conversation.

Cyber criminals can use deepfakes to impersonate executives, clients, or even government officials. Train your team to look for signs of deepfakes, such as:

  • inconsistent eye blinking or pupil dilation
  • artificial-looking noise or distortions
  • poor lip-syncing
  • blurred or irregular shadows

Tip 4 – Stay informed and vigilant, and report suspicious activity

Cyber threats are constantly evolving, so it’s crucial to stay informed about the latest scams and security best practices. Regularly update your software, apply security patches, and consider subscribing to cyber security newsletters or blogs.

Finally, ensure you and your team report any suspicious activity. Work to create a culture where employees feel comfortable reporting anything unusual, even if it turns out to be harmless.

So, what should you do if the worst happens and your business gets attacked or compromised?

First of all, and most importantly – don’t panic. But do act quickly. Don’t be afraid to speak up – the cyber criminal wants you to be too embarrassed to tell anyone. Report the attack to your local Computer Emergency Response Team (CERT) agency or national cyber security agency, and if there’s an immediate threat to life or risk of harm, call the police.

Cyber security is everyone’s responsibility. By following these tips and staying vigilant, you can significantly reduce your risk of falling victim to cyber crime.

We’re very excited to feature Annie Haggar – Partner and Head of Cybersecurity – Norton Rose Fulbright Australia as a guest speaker at our next Business Development Camp in February 2025.

Annie is a security and technology lawyer with 20 years of experience advising government and private sector clients in technology law, security risk, strategy and policy, procurement security considerations, global security regulation, and cybersecurity risk mitigation. Annie’s deep technical understanding of technology and cybersecurity issues was gained during her 12 years as legal counsel for one of the world’s largest technology companies, Accenture, including 6 years as global legal counsel for its global cybersecurity business.

Annie has also spent 18 months on secondment advising a Commonwealth agency on its risk and legal strategy, mitigations and controls for managing security risk across the organisation including compliance with applicable laws, the PSPF, ISM and agency policies.

Annie has been awarded the Lawyers Weekly Australian Law Awards Sole Practitioner of the Year (2024), General Counsel of the Year (2021) awards, and Lawyers Weekly, Corporate Counsel Awards, Technology, Media and Telecommunications Lawyer of the Year award for her work in security and technology law.

Attend the 3-day Global Business Camp (24-26 February, 2025 at Crown Plaza Hotel, Surfers Paradise) and work on all the key drivers of small to medium businesses.

We guarantee that when you have completed the program, you will not only have the tools to re-engineer your business, but the confidence and vision to implement the changes necessary. We’re so confident, we’ll give you your money back if you can honestly say you didn’t get value for your investment in the Camp.

CLICK HERE to download a brochure and find out more

CLICK HERE to register for the Camp