A Phishing scam is when you receive an email, text, call, or social media contact from someone who appears to be a legitimate business such as a bank or telco. However, these seemingly genuine messages are really just trying to get your private information.
In Australia, there were 6,324 reports of phishing in July 2021 (and those are just the ones that get reported) so it’s worth knowing how to identify these types of messages.
Malware is the general term for any type of program that gets inside your computer or device with the intention of causing damage or disruption. Viruses and ransomware are examples of malware.
Malware will often sneak in via email, social media, or website pop-ups and looks legitimate and interesting. Sometimes it will even include logos of recognisable companies they are impersonating. Once you click to download something, you will download the malware.
Malware can, and is, used to do a range of illegal activities, such as use your credit cards and bank accounts and steal your personal information.
Ransomware is a type of malware that blocks access to your computer or your files and demands you pay money (the ransom) in order to unlock it.
It is highly recommended that you never pay a ransom, as it does not guarantee access will be restored. Instead, seek help from your IT or cyber team.
See also: Ransomware: A cheat sheet for professionals
Viruses are malicious programs designed to spread from one computer to the other, through files and documents. Computers should have anti-virus software- including employees’ personal devices if working from home.
Hacking is when an unauthorised person gains access to your computer or other device. Hackers look to gain access by exploiting security weaknesses until they find a way in. Once they are in, they can do a lot of damage, from stealing files and information to watching what you’re doing, changing passwords and using your credit cards.
Business email compromise
A business email. compromise scam involves scammers impersonating a business or its employees via email and requesting that money be sent to a fraudulent account. This is usually done by hacking into someone’s email or impersonating someone using an email account that looks similar to theirs.
In Australia, $128 million was lost to these types of scams in 2020.
Identity theft occurs when cybercriminals steal enough of your personal information online to star using your identity .
Signs of identity theft include seeing usual transactions on your bank statement, mail that you’re expecting not arriving, and receiving strange emails. Make sure to report it to the police straight away and inform other key people such as your bank.
Multi-factor authentication is a security measure that means someone needs more than one proof of identity before logging in to a site that contains private or sensitive information. This usually includes a password or pin, plus one other method, such as a fingerprint or receiving an SMS message or email with a code.
Many sites use this already, as it makes it safer in the event a cybercriminal has already stolen someone’s password. See here for how to implement this in your business.
A virtual private network, or VPN, is a secure way to provide remote access to a network of computers. VPNs work by encrypting all the data that you send and receive. This means others cannot see what you’re doing online, access your personal information or tell where you’re located.
A firewall is a security system that monitors and protects incoming and outgoing traffic on a network. It can stop unwanted people from getting access to your network, and block malware.
Also, think about building a ‘human firewall’ through comprehensive staff training in all matters related to cyber security.