October is Cyber Security Awareness Month and with the recent cyber-attacks on Optus and Medibank, it’s a timely reminder to be vigilant online.

Remember, hacking can come in a range of scenarios from malware threats, ransomware, and email compromise, as well as phishing and fake website scams.

In 2016, Austrian aerospace parts manufacturer, FACC, was subject to a phishing scam costing the company €42 million. An employee of FACC received an email that appeared it came from the organisation’s CEO, but it was in fact a hacker. The scam involved asking the employee to transfer money to an account for a fake acquisition project and the employee complied with the request.

Although this is a significant amount of funds scammed, it’s more common than businesses realise.

When being on the internet/being online it is important that all personal data must stay protected. All businesses, no matter their size, needs to ensure everyone involved in the company is up to date on the latest cyber-security threats and the best methods for protecting data.

Don’t work in an office? Don’t think that you need to worry about cyber safety?

Cyber safety is relevant for all employees!

Think about everything that you do on a daily basis in your job role that requires technology.

Some examples below other than the usual (sending emails, accessing online accounts systems, accessing online banking):

• Completing an electronic timesheet
• Applying for leave online, receiving your payslip electronically
• Taking photos for work purposes
• Completing an iAuditor safety inspection on a work iPad
• Logging coordinates into a GPS
• Order your stationery online to be delivered to the office

And these are just some examples.

What to check before clicking on an email link:

• Is the sender known to me?
• Does the email address match the name of the sender (ie: is it actually from the phone company or is it from a random.com domain which is definitely not the phone company?)
• Hover (don’t click) over any links in the email to see if they match their supposed destination.
• Avoid opening attachments and clicking on links when content is not adequately explained (ie. “watch this amazing video”)
• Look for inconsistencies or give-aways (ie. grammar mistakes, capital letters, excessive use of exclamation marks)
• Does it sound too good to be true? You most likely have not won Powerball.
• Brittney is not a real person and does not want to meet up with you, don’t click her email. Remember that you are still bound by all codes of workplace conduct and porn, gambling, weapons and drugs emails are most likely in contradiction of your workplace code of conduct.

Go onto a website to verify the link, for example type in the URL

http://google.com/safebrowsing/diagnostic?site= followed by the site you want to check.

The use of digital devices to access company files, documents, emails and accounts introduces a security risk to data. We do not recommend sharing devices or accessing company accounts and systems from other people’s devices. We advise all team members to keep both personal and company computers, tablets and mobile phones secure by:

• Keeping all devices password protected
• Maintaining antivirus software
• Not leaving devices exposed or unattended
• Installing security updates of browsers and systems on a regular basis, and as soon as updates are available
• Log into company accounts and systems through secure and private networks only

To ensure the protection of passwords employees are encouraged to:

• Choose passwords with at least eight characters (including capital and lowercase letters, numbers and symbols) and avoid obvious passwords (ie. names of loved ones, pet names, and birthdays)
• Remember passwords instead of writing them down
• Only when it is absolutely necessary to exchange credentials, do so over the telephone rather than by email or text message
• Change passwords often (ie. every two months)

Remember, cyber safety is EVERYONE’S responsibility!

FREE Toolbox Talk: You can download our Cyber Safety Toolbox Talk here to share with your organisation and train employees on being safe online and recognising any potential threats.

Australian Cyber Security Centre (ACSC) also have a Small Business Cyber Security Guide to help small businesses protect themselves from security threats- check it out here.