Cyber security awareness and best practices are critical for individuals and businesses.
You've probably heard of someone who got scammed or read in the news about some business struggling to clean up the mess after a data breach. With digitization, this scenario is getting closer than we think.
According to a report from cybersecurity specialists Trellix, 85 per cent of respondents from Australian businesses reported they had lost up to 10 per cent in revenue due to security breaches in the last 12 months.
Threats are increasing and developing in sophistication in the cyber environment. It is even more important nowadays to promote cyber safety. We have fire drills in schools and offices. We also need cyber security drills in businesses too.
The thing about cyber attacks is they can happen anywhere, to anyone. We are all vulnerable to this, but we are not helpless in doing the necessary to take care of our personal information and that of our businesses.
In Australia, we are fortunate that the Australian Cyber Security Centre (ACSC) works closely with the Australian Tax Office (ATO) and the Institute of Certified Bookkeepers (ICB) to provide information to the public about how to boost their cyber security measures. If you aren't doing the following steps yet, perhaps this is a good time to get started. When it comes to cyber security, procrastination does not pay. And if you already have these measures in place, make sure you update or check them regularly.
Start with these three basic measures.
1. Stay updated
You don't need to buy the latest version of every electronic device but you do need to ensure your systems and apps are running on the latest version. This is not so you can get the latest fancy function, but so your device has the latest protection against viruses and attacks. With the option of turning on automatic updates, we no longer have an excuse. Your smart devices do it automatically for you whenever you are connect to Wi-Fi.
2. Step up the security
You've heard of multi-factor authentication (MFA). It's a security measure where you need two proofs of identity to gain access. So even if someone could get pass the first step, they'll be stopped by the second. So beyond having a password, you'll need a physical token, a randomly generated PIN or a fingerprint. It may feel like a chore having to go through an extra step, but when you think of the cost of a cyber attack you'd probably ask for several more steps just to be doubly sure.
3. Back up, back up, back up!
Whether you choose to have copies of your data on the cloud or on a physical external storage device, Just Do It. In case something goes wrong, you won't be banging your head against the wall having lost sometimes years of hard work. Again, nowadays you can set your systems to do an automatic backup for you, so no excuse here either.
It's not just about protecting your business or your personal information, but also that of your clients and users who are connected to your business. Cybercrime may sound like some abstract thing floating in cyberspace but it is just as aggressive and violent and can do tons of damage. In fact, victims of cyber attacks experience real psychological trauma and it can be paralysing.
What should you do if you suspect that your cyber security has been compromised?
Yes, you are going to feel uneasy and before that spirals into panic, contact the ATO as soon as possible at 1800 467 033 between 8.00am and 6.00pm Monday to Friday. They will investigate and can place extra protection on your ATO account. Remember also that the ATO themselves could be a target and they have had people impersonating them on social media accounts before. Being informed means knowing that the ATO (and other official organisations) will never ask you to give your password details. Learn more from ATO here about protecting yourself.
Who's the Real McCoy?
If you're not sure if the entity you're dealing with is really the ATO, here's a simple checklist from the ATO you can use to verify.
Look for the official ATO logo and organisational name next to the message. Beware of slight variations on the name, like ‘Australia’ rather than ‘Australian’ Taxation Office.
Check the date the messenger joined or opened their account – if it was 2 weeks ago, it’s not the ATO.
Check that any email addresses they provide you end with ‘.gov.au’
Check for typos in the message.
Check the number of followers they have.
Want more?
It's great if you are enthusiastic about cyber security, and for those who want to take a step further, the Australian Cyber Security Centre (ACSC) has comprehensive resources here: Cyber.gov.au – Learn
Check out the Australian Cyber Security Centre’s Small Business Cyber Security Guide for more advice to help smaller organisations build their cyber security resilience.
Get in touch with CATS4TAX:
0404 483 685
