With cyber attacks growing in sophistication, cyber security is no longer optional – it's essential.
Cyber crime costs Australian small businesses on average $49,600 a year and medium businesses $62,800/year, according to the Annual Cyber Threat Report 2023-24.
Cyber attacks can also cause damage to a business’ reputation, loss of customer trust and operational disruptions.
In this article, we outline the most urgent cyber threats facing businesses and practical steps to stay secure.
Key cyber threats to WA businesses
Cyber attacks now affect all sectors. According to the Cyber Threat Report and CyberWardens, some of the most common and costly risks to small and medium businesses are:
- Business email compromise: Criminals gain access to inboxes and send fake invoices to customers with updated payment details.
- Online banking fraud: Your online banking security is hacked, draining your accounts.
- Payroll redirection scams: Attackers impersonate staff and redirect wages to their own bank accounts.
- Ransomware: Malicious software locks files and demands payment for release – often crippling or even ending small and medium businesses.
- Credential compromise: Weak or reused passwords are a major vulnerability, giving attackers access to multiple systems.
What attackers look for
It can be helpful to get into the frame of mind of a criminal – think like an attacker – and consider what’s crucial for your business.
Free cyber security resources
- Subscribe to alerts from ACSC
- CyberWardens: free online courses for small business owners and employees.
More resources
- Cyber security – the Essential 8
- Cyber security threats – what to look out for
- CCIWA’s Commercial Legal team can help ensure your business’ compliance with privacy and data protection laws
- Privacy and data protection laws for businesses in WA
Criminals will perform some reconnaissance of their target, often all it takes is a simple Google search to gather information about your business, your team and your systems.
Attackers can find employee names, roles and email formats through LinkedIn or websites, making it easier to craft convincing phishing emails or impersonate staff.
How to strengthen your cyber defence
Some low-cost actions that businesses can take immediately include:
- Use long, unique passphrases and enable multi-factor authentication (MFA) on all systems – especially email. MFA apps are safer than text message MFA. Also, consider using a trusted password manager.
- Verify changes in account details via a trusted phone number, not via email and not the phone number provided in a suspicious email.
- Link your mobile number, email address, ABN or ACN to your bank account, using PayID, so payers can easily identify they’re paying you. Some banks have PayTo, enabling you to authorise payments before they leave your account.
- Secure your private Wi-Fi network by changing the default password and never use public Wi-Fi to make financial transactions.
- Keep software updated to close known vulnerabilities.
- Train your staff to recognise red flags like urgent payment requests or suspicious links.
- Back up your data in at least two places – one in the cloud and one physical copy such as an external hard drive.
How to respond to a threat
If your business experiences a cyber attack or scam:
- Report it immediately – to your bank, the Australian Cyber Security Centre (ACSC) or IDCARE, and the police if necessary.
- Avoid paying ransoms – they often lead to further attacks, may breach sanctions laws and there’s no guarantee your files will be unlocked.
- Use ACSC’s 1300 CYBER 1 (1300 292 371) helpline for real-time advice and support.
CCIWA’s Commercial Law team can advise you on how to meet your obligations under the privacy laws or how the Privacy Act may impact your business. Please contact the us at [email protected] or call (08) 9365 7560 to discuss further.
