Late nights, early mornings, and working over weekends; familiar phrases for the small business owner, solo operator, and freelancer. So why should such a busy person cut into their limited time to improve their cyber security?
Because businesses across Australia experiencing every day how a business email compromise or ransomware cyber attack can unravel those countless hours in a fell swoop.
You cannot entirely outsource cyber security. The fundamental defences that spell the difference between a failed attack and a ruined business are the responsibility of everyone.
Fortunately, the tools and methods to achieving great cyber defence have never been easier. And you don’t need to spend a cent. Below are your greatest threats and the defences you can implement to knock them out.
Business email compromise
Small business owners often wait on invoices. Clear deadlines, gentle reminders, and terser emails are standard fare for getting paid. So they may not sweat it when funds fail to materialise after a client’s promise to pay. But business owners and now individual consumers are finding their payments funnelled into the bank accounts of cyber criminals.
These attacks, known as business email compromise (BEC), work in different ways but are typically centred on your email inbox.
How it works: The method of accessing inboxes varies but a common starting point for crims is to try to log in with stolen email and password logins that are found in massive databases compiled from security breaches.
Logging in like this works when people reuse passwords across apps and services. A business owner who reuses the same password for their business email account and their indoor plant fancier’s forum is in peril should the forum be hacked and the password copied into an online database.
Cyber criminals could search the database for a business’ email address and, if they find a hit, use the corresponding password to try to log into the business’ email account.
Criminals engaged in BEC have a few options once inside an inbox. A common tactic is to manipulate invoices by setting various mail rules that can redirect incoming and outgoing emails that contain invoices to folders. Setting…