Andrew O'DonnellDuring the pandemic, businesses, schools and families turned to the internet to communicate and access services required for daily life. Unfortunately, cybercriminals have used this opportunity, with the Australian Cyber Security Centre (ACSC) receiving over 67,500 cybercrime reports last financial year, a significant increase on the prior year. The increased frequency of crimes was also associated with increased complexity and sophistication of the attacks.

Phishing is just one example of cybercrime, which is when scam emails, messages or calls are used to try to trick people out of money or data. In many cases, cybercriminals pretend to be an organisation or individual you know or think you should trust. In some cases email systems are being compromised by malware, then fraudulent invoices are created and sent to clients, resulting in significant amounts of money being inadvertently transferred to criminals’ bank accounts. We are aware of several incidents where clients’ business activities and personal matters have been impacted by email fraud involving altered bank account details on invoices.

Individuals and businesses should be taking steps to prevent and plan a response to a cyberattack. Advice from the ACSC includes:

  1. Automatically update your operating systems, software and apps – If you receive a prompt to update your operating system or other software, you should install the update as soon as possible.
  2. Regularly backup your important data – Test your backups regularly by attempting to restore data, and always keep at least one backup disconnected from your device.
  3. Enable Multi-Factor Authentication (MFA) on important accounts wherever possible – This is one of the most effective ways to protect your valuable information and accounts. Where MFA is not possible, use passphrases to protect accounts and devices. Passphrases use four or more random words as your password and are most effective when they are long, unpredictable and unique.
  4. Manage who can access information within your business – Use the principle of least privilege, where users are given the bare minimum permissions they need to perform their work, to reduce the risk of an employee accidentally endangering your business.
  5. Train your staff in cyber security basics – This may include updating their devices, securing their accounts, and identifying scam messages. Include regular cyber security training into normal business operations.

This step-by-step guide from the ASCS is a helpful starting point. In addition, at Edney Ryan Legal we always confirm new or changed bank account details by telephone before transferring any funds, and we apply the golden rule, if in doubt, pick up the phone. If you have any questions please do not hesitate to contact Ranu Jas or myself on (02) 9908 9888.