Today businesses of all shapes and sizes rely on connecting with people digitally and as a result depend heavily on the internet, which continues to rapidly transform our world. It is an important part of how we operate, communicate and interact with each other every day.

According to the 2020 Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report, the COVID-19 pandemic has undoubtedly increased dependance on the internet for both individuals and organisations; which has correlated to the increase in opportunities for malicious cyber actors to take advantage of those online who may be more vulnerable.

Online criminal activity is getting more advanced as data and financial systems are compromised, taking us away from important business activity. While losses can be significant, your business or organisation’s reputation could be changed in an instant with losses far greater than those recorded on the balance sheet.

The 2020 NAB Cyber Security Survey found that 6 in 10 Australian businesses have been victims of a cyber security incident in the last year, and fewer than 20% are confident that they have the right controls in place to prevent and handle such situations.

The good news is that you and your organisation can stay safe online without a large investment in resources, tools or money. Some measures can be easy, such as reviewing procedures and operations; others involve some investment in hardware and expertise and many risks can be lowered significantly by educating those within your organisation.

While it may seem overwhelming at first, experts recommend not to get caught in the complexities of hardware and software first-off, instead aim to make those in your organisation alert to the dangers of online fraud by creating awareness.

What can you do to raise awareness of cyber-crime and fraud in your workplace?

Regardless of the size of your organiation, every employee needs to understand how to protect data and use the internet, including email, safely.

An unprepared or uninformed team can introduce threats into your systems without realising. Aim to encourage all suspicious activity, regardless of how small or trivial it may seem, to be reported as soon as possible. Cyber-crimes and cyber security incidents can be reported directly to Reportcyber. This is the central place to report a cyber security incident, cybercrime, or a cyber security vulnerability from any organisation or individual across Australia.

Cyber-crimes take place every day. As reported in the ASCS Annual Cyber Threat Report 2020-21, during the 2020-21 financial year, over 67,500 cybercrime reports were made via ReportCyber, an increase of nearly 13% from the previous financial year. One cybercrime report is made approximately every eight minutes in Australia.

Emphasise why it’s important to remain vigilant through education

A fraudulent activity or cyber-attack on the workplace can cause more harm than anticipated. While many may think only the employee responsible will face consequences, the ripple effect does make its way across the organisation.

Everyone in your organisation needs to understand the effect an attack can have. More often than not, there are monetary consequences, but attacks also affect colleagues, clients and most importantly reputation. The trust between your organisation and customers may be compromised as people begin to question the security of their data.

Share learnings and make cyber security part of regular conversations. Education and training will help minimise the risk. There are a variety of cyber safety organisations who can provide resources and training to help. Visit the Australian Government eSafety Commissioner website for free e-resources or take a look at the NAB online training module for small businesses.

As with everything digital, cyber security is continuously changing. Keeping your organisation up-to-date might seem a low priority task, but it could be the difference between your systems, accounts or data being compromised or not.

Be prepared and ready with a plan and practice

Despite the best of efforts, your organisation may fall victim of a cyber-crime. Preparation is the key to ensuring you and your team are ready to mitigate further risk and safely navigate the tricky situation.

Practice with scenarios and work through possible steps as a team. Start by assessing the incident – how did the attack occur? What systems have been affected? What is the extent of the incident?

No matter the size of the organisation, making someone responsible for managing incidents as they arise. It doesn’t have to be the most senior individual; it should be the best person to deal with a cyber security incident – this would ideally be someone who has a good understanding of the practical yet technical impacts of the incident and translate between the two.

Regardless of the type of crime, it’s important to act quickly to either stop the crime escalating or fix the problem at the source. There are many partners and resources to help you as needed. Cyber-crimes should be reported directly to the Australian Cyber Security Centre (ASCS) and similarly, data or privacy breaches to the Office of the Australian Information Commissioner (OAIC).

Most importantly, after the incident has occurred, re-group as an organisation and assess the findings, amend plans for the future and implement the changes for better protection.

For more information about cyber safety and fraud prevention, visit:

• Australian Government – Australian Cyber Security Centre, opens in new window
• Australian Competition and Consumer Commission (ACCC) – Scamwatch