CYBERCRIMES THAT AFFECT SMALL AND MEDIUM BUSINESSES

Cybercrime is an ever-evolving issue within Australia, with the most malicious and sensational cases making the news and the less exciting but still frustrating impacting many Australian businesses every day. Small and medium businesses are unlikely to be targeted by doxing, a form of cybercrime that spreads the private details of a person en masse. However, there are many other types of cybercrime that small business owners in the automotive industry can prepare for now by updating cyber security. This blog walks you through various types of cybercrimes that can affect Australian small and medium-sized businesses and the ways to prepare your businesses cybersecurity.

DON’T IGNORE THE SMALL STUFF

The Australian Federal Police describes cybercrime as: Crimes directed at computers or other information communications technologies (ICTs) (such as computer intrusions and denial of service attacks) as well as crimes where computers or ICTs are an integral part of an offence (such as online fraud). Because the nature of cybercrime involves criminal activity online using computers, all team members from management down need basic cybersecurity competency due to how often computers are relied on by Australian small to medium-sized businesses. Monthly password changes and being able to recognise phishing scams can mean the difference between preventing cybercrime against your business or having a massive issue at hand. Below are some of the most prominent cybercrimes that impact small to medium businesses.

MALWARE

Malware is malicious software variants such as worms, Trojans, viruses, and spyware. Malware provides unauthorised access to a computer and system, which can be used to cause financial and technological damage.

RANSOMWARE

Ransomware is a form of malware that locks down files, systems and/or data. In some cases it may also endanger data by destroying it, or the attackers can attempt blackmail and threaten to reveal sensitive content unless a ransom is paid. This latter use of ransomware impacts small to medium-sized businesses less frequently as it’s more typically used against large businesses or governments.

PHISHING AND SOCIAL ENGINEERING

Always something to be on the lookout for with small and medium businesses, phishing tricks users into revealing sensitive information. This could be bank details, credit card numbers, passwords, or dates of birth. The pandemic led to a surge in phishing scams across Australia, often imitating legitimate businesses through monitoring what websites or businesses computer users access frequently.

INSIDER THREATS

Anyone who has accessed or can access your network and systems can be considered an insider threat if they abuse their access permissions. Because firewalls and intrusion detection systems focus on outsider activity, insider threats are often not picked up. The best way to address this is cybersecurity competency that includes changing passwords regularly, and training that regulates acceptable devices to access business networks.

DDOS ATTACKS

Distributed denial-of-service (DDOS) attacks try to crash a business's server, websites, and network by overwhelming it with traffic. This can cause huge delays for businesses, isolating it from crucial information needed in the day-to-day running of the business.

ADVANCED PERSISTANT THREATS

When advanced persistent threats (APTs) occur, intruders infiltrate a system undetected with the intent of spying on the business. While an APT might not aim to damage the computers and servers, its goal is to glean sensitive information, financial records and useful data.

MAN-IN-THE-MIDDLE ATTACKS

Eavesdropping attacks are often called man-in-the-middle attacks. They take advantage of unsecure networks, such as Wi-Fi, to intercept and steal data. This can be a risk for businesses if the Wi-Fi has no passwords and team members are using devices that are not part of the system.

COUNTERMEASURES

What's increasingly clear is that cybercrime adapts rapidly to not only take advantage of changes and improvements in technology but also the social systems and global climate we live in. Staying up to date with the latest in cybersecurity measures is made easier through the Australian Cyber Security Centre. The ACSC has guidance for small businesses, info packages for First Nations small business, tests to check your phishing scam savvy, and assessments to help you get your business cybersecurity ready. Being prepared for cybercrime with solid cybersecurity is the best step forward for small to medium-sized Australian businesses in the automotive industry. A bit of time spent now investing in your cybersecurity and developing business-wide practices will potentially save a lot of pain down the line from cybercrime. To get an introduction on cybersecurity for small and medium businesses check out this blog here!