AHEAD of the annual Scam Awareness Week, cybersecurity firm Cynch Security is reminding small business owners they have the most to lose when it comes to being scammed.  Cynch Security co-founder and CEO, Susie Jones said the rapid adoption of technology to help small businesses through the global pandemic had made the risk greater.

Ms Jones said a scam attack to a small business impacted them both personally and professionally. The number of attacks on small businesses are up this year compared with last "which is due to the global pandemic and we know our clients are concerned".

“Scammers don’t discriminate on the size of your business or where you’re located. Invoicing scams and business email hacks are hurting all small businesses in regional areas and in the major cities” Ms Jones said. 

“Scammers can buy somebody’s username and password within your business from the dark web to start sending emails from your business or hack a client you work with and start impersonating them.

"They will send fake invoices to you from a vendor with new bank details and even set up forwarding rules on your emails, before you know it you’ve paid a scam invoice that you thought was for one of your real vendors or clients.”

Ms Jones said June 2020 Scamwatch data showed, for that month, 870 businesses reported a false billing scam. About 33 percent of those businesses reported the scammers contacted them via text message and 37 percent said they were contacted via email.

In June 2020 there were 1550 reports of identity theft scams and 545 reports of hacking scams where the scammer hacked someone's computer. 

At the beginning of April, Cynch spoke with Dr Nikky Gordon from Heart Health and Fitness, a Perth based exercise physiologist that specialises in helping individuals with heart conditions.

The COVID restrictions had caused a significant disruption requiring them to switch to remote, telehealth services via the adoption of a broad range of solutions.

While Dr Gordon's first priority was to implement the right services to ensure she could continue supporting her clients, she had become uncomfortable with the risk these solutions posed, namely to her client’s privacy and confidentiality.

Ms Jones said small business owners could take an online survey or enroll in a Cyber Fitness Bootcamp "to help them understand the risks and what they can do now to protect their business". 

“Many people will think their own process is safe -- e.g.one password with different letters or numbers and only they know the passwords -- but it’ll come up in a data breach somewhere and their business will be compromised," she said.

"Anything easy to remember is easy to hack, even if it’s unique to you."

Cynch is an Australian-owned small-business focused on cybersecurity for small businesse, keeping in mind budget, time and resource constraints.

Ms Jones said Cynch runs cyber fitness programs that do not require any technical expertise and are designed to facilitate gradual improvement, at a price small businesses can afford. Features include continuous cyber risk assessment, plain language cyber advice, bundled products, goal setting and tracking, compliance mapping and collaboration capabilities.

https://cynch.com.au

 

Cynch has developed a range of tips to stop the scammers:

  • Protect your passwords! It comes down to poor password management so start using a password manager and enable two-factor authentication 
  • Check your digital identity by doing a quick search on Google. Check where your personal information like email and phone number are published and consider removing them if they don't need to be there.
  • Don’t get tricked! Avoid being tricked by making a call to the business you’re paying and check it to confirm before you pay the invoice
  • Don’t think it won’t happen to you! Scammers don’t discriminate on size, they can hit thousands of small businesses at the same time 
  • Get Cyber Fit! Cyber fitness is all about taking small incremental steps to improve your cybersecurity every day. First step is to understand what you have to lose and what tech you rely on. What data do you have and what is valuable?

ends

MACQUARIE GOVERNMENT, part of ASX-listed Macquarie Telecom Group, has called on the Federal Government to act on its new cyber strategy immediately “with the sector key to employing people in Australia when we need it most”.

Macquarie group has welcomed data centres’ recognition as critical infrastructure, “particularly amid recent tensions with China”.

“We welcome the new Cyber Strategy revealed by the Prime Minister, which crucially paves the way for the creation of sovereign jobs and skills development in Australia,” Macquarie Government managing director Aidan Tudehope said. 

“With COVID, we are facing the greatest economic crisis in 100 years. And the cyber security sector is a key sector to provide the jobs of the future. 

“The various government agencies responsible for implementing the strategy need to use it to help address the mass levels of unemployment being experienced across Australia,” he said. “We can’t afford to wait two-to-three years when it will be too late to innovate our way out of this crisis.

“The strategy, tellingly announced from the very top, is not isolated. Alongside new government cloud security guidelines from the Australian Cyber Security Centre and the Digital Transformation Agency, and Minister Stuart Robert’s planned data sovereignty policy, the government’s direction is unequivocal. Security, skills and sovereignty – right now and developed here in Australia.

“Recent tensions with China have highlighted the importance of data, its sovereignty, and the infrastructure and personnel that hold and access it,” Mr Tudehope said.

“Many providers in Australia are subject to the laws of foreign jurisdictions, which extend to the data they hold. In tandem, there are Australian providers with operations and infrastructure abroad.

“Government is clear that they want sensitive data to be held in Australia by AU providers so that foreign jurisdictions don’t apply. This direction has the added benefit of supporting local jobs when we need them most.

“Further, the new strategy recognises data centres as critical infrastructure, which reflects the digital world we live in while affording this technical real estate the national protection it has earned,” he said.

“While federally led, it’s important this strategy extends to state and territory governments, procurement and other pillars to set a strong cybersecurity benchmark and ensure government as a whole is an exemplar of best practice.”

www.macquariegovernment.com

ends

THE AUSTRALIAN Cyber Security Centre (ACSC) and the Digital Transformation Agency (DTA) have released new Cloud Security Guidance to support the secure adoption of cloud services across government and industry. The guidance clarifies controls over data imposed by jurisdictions in which the data servers are based.

Federal Defence Minister, Senator Linda Reynolds CSC said the new guidance, which has been co-designed with industry partners, would boost Australia’s cyber security resilience. 

“The release of the new guidance coincides with today’s cessation of the Certified Cloud Services List (CCSL) which will open up the Australian cloud market, allowing more home grown Australian providers to operate and deliver their services,” Senator Reynolds said.

“This will provide opportunities for Commonwealth, State and Territory agencies to tap into a greater range of secure and cost-effective cloud services.”

Government Services Minister, Stuart Robert said the ACSC and DTA worked closely with industry to develop the new guidelines.

“Having been co-designed with industry, this will help and guide organisations to assess the suitability of a range of secure and cost effective cloud service providers to securely handle their data and ultimately boost Australia’s cyber security resilience,” Mr Robert said.

In addition, the ministers said the ACSC would grow and enhance the Information Security Registered Assessors Program (IRAP) to further support government and industry in implementing appropriate cloud security measures and increase their cyber security resilience.

Macquarie Government, part of the Macquarie Telecom Group, has welcomed the new guidelines.

Macquarie Government managing director Aidan Tudehope believes the guide highlights the importance of the legal authority that can be asserted over data based on its jurisdiction – with data hosted in global cloud environments at higher risk as it could be subject to multiple overlapping or concurrent jurisdictions, while in the hands of personnel outside of Australia.

“While we remain disappointed by the decision to discontinue the CCSL certification regime, we welcome the ACSC’s new guide for government departments to assess the security and risks of cloud service providers,” Mr Tudehope said. 

“This is about more than simply the physical geographic location where data is stored. Data sovereignty is about the legal authority that can be asserted over data because it resides in a particular jurisdiction, or is controlled by a cloud service provider over which another jurisdiction extends.

“Data hosted in globalised cloud environments may be subject to multiple overlapping or concurrent jurisdictions as the debate about the reach of the US CLOUD Act demonstrates. As the ACSC points out, globalised clouds are also maintained by personnel from outside Australia, adding another layer of risk.

“The only way to guarantee Australian sovereignty is ensuring data is hosted in an Australian cloud, in an accredited Australian data centre, and is accessible only by Australian-based staff with appropriate government security clearances,” Mr Tudehope said.

“Taken alongside Minister Robert’s planned sovereign data policy, this guide opens new opportunities for Australian cloud service providers.”

www.cyber.gov.au/acsc/government/cloud-security-guidance 

ends

SPECIALIST BUSINESS mass data storage and management company, Cloudian, has officially launched its operations in Australia and New Zealand.

Cloudian, founded in 2011 by CEO Michael Tso, who attended high school in Melbourne, has become the world’s most widely deployed ‘independent object storage provider’ – a term used to describe Cloudian’s management, protection and leverage of massive data sets without sacrificing ease-of-access.

Cloudian’s award-winning HyperStore solution allows businesses to manage mass data without having to capitalise, exceed budget limitations, or run afoul of data sovereignty requirements.

Cloudian has a strong network of partnerships with some of the world’s largest cloud and technology companies, including Cisco, HPE, Lenovo, Rubrik, Veeam and VMware.

Led locally by Australian industry veterans James Wright and Jason Mantell – both with prior experience at Nutanix and Pure Storage – the company believes it is well positioned to capitalise on Australia and New Zealand’s heightened reliance on data. 

“Around 80 percent of the data created by organisations today is unstructured, primarily images, video and voice data,” Cloudian regional director for Australia and New Zealand, James Wright said. 

“But A/NZ enterprises and governments are struggling to store this data, protect it and analyse it, particularly given the limitations of traditional storage systems.

“Cloudian addresses this challenge, providing a limitlessly scalable, highly cost-effective and secure means to store and create real value from increasingly large data sets. We also deliver seamless integration and data movement across on-premises/private cloud and public cloud environments,” he said.

“With data playing an ever more central role in A/NZ and increased concern about public cloud data being stored outside national borders, there is a great opportunity to expand the company here.”

Cloudian aims to bolster its local team and partner network in the region and has already signed distribution agreements with Exclusive Networks and NextGen. The company has also begun working with managed service providers (MSPs) with expertise in the government, financial and other sectors across Australia and New Zealand.

CLOUD ‘REPATRIATION’

Mr Wright said Cloudian saw a significant opportunity in the increasing number of organisations rethinking public cloud storage due to unexpected costs, concerns about data security and control – including data sovereignty – and highly variable performance.

He said a leading industry analyst firm recently reported that 85 percent of IT managers surveyed said they were  moving some portion of their workloads back from public clouds, a process known as ‘repatriation’. 

He said Cloudian offered guaranteed compatibility with the S3 API, the widely adopted protocol of public cloud storage. This allows the full ecosystem of S3-compatible applications to employ Cloudian storage systems on-premises or as part of an in-country service provider’s offerings, which also preserves data sovereignty.

“A/NZ businesses are becoming more aware of the drawbacks of storing large volumes of data in the public cloud, but they want that same user experience,” Mr Wright said. 

“Because of our fully native S3 compatibility, we can provide the scale, flexibility and ease-of-use of the public cloud within a customer’s own data centre at up to one-third the cost.”

INCREASING RANSOMWARE THREATS

Ransomware attacks have become a rapidly growing global threat, and this region far from immune.

Mr Wright said research last month showed that such attacks had increased by 10 percent in Australia during COVID-19, while New Zealand has been named among the most vulnerable countries susceptible to a cyber-attack.

With a feature called Object Lock that prevents hackers from encrypting data, Cloudian can help Australian and New Zealand organisations to protect against this threat.

“We know that ransomware attacks often come more than once, as cyber criminals both identify the vulnerability and know the company is willing to pay to unlock their data,” Wright said.

“Object Lock creates an immutable copy of backup data, ensuring a clean copy for reliable recovery so businesses are covered when security measures fail.”

www.cloudian.com

ends

By Peter Maynard >>

HUNDREDS of thousands of Australian small and medium enterprises (SMEs) are at serious risk from cyber-attack, not only to themselves but also to others they deal with.

SMEs are increasingly becoming the target of choice for ‘bad actors’ and nation states looking for easy entry points to attack governments, critical infrastructure and larger enterprise – and this why.

Bad actors aggressively target SMEs because of their low cyber security posture and the valuable supply chain partner access and information they hold. It is much easier to steal sensitive data from a small business defence subcontractor than it is from the heavily fortified Defence department.

Or to elicit one employee’s username and password to gain system access than it is to ‘hack’ their way through a heavily fortified technical defence.

If there’s one thing we know about cyber criminals is that they are opportunistic and will look for the path of least resistance to achieve their objectives. Whether that’s deleting company data or holding it to ransom, shutting down a power grid, or stealing sensitive defence secrets, they’ll do it the easiest way they can, and this means targeting the weakest and most vulnerable. 

PANDEMIC SECURITY

COVID-19 has made rapid digital transformation a reality for almost any business trying to stay afloat. Irrespective of the organisation’s size or where they are in the world, it’s been: get online and do it fast!

But this rapid increase in reliance on technology is coming with an equally rapid escalation in cyber risk that’s leaving SMEs more exposed than ever.

The Prime Minister’s dramatic increase in support of cyber security has been warmly welcomed by most in the industry. Any cyber security program, whether Federal Government or small business, must be led from the top and there has been a gaping hole in Australia’s cyber leadership since Alastair MacGibbon (Australia’s former cyber security chief) exited 12 months ago.

With the heightened sense of urgency and authority, it would appear that Australia might be back on track with getting on top of cyber. But despite this resurgence in the importance and significance of defending against a heightened increase in cyber-attacks, are all organisations receiving the attention and support they need or are we fast developing a cyber ‘underclass’ in this country?

CYBER SECURITY UNDER-CLASS

Helping SMEs improve cyber resilience has always been a tough job. The Federal Government’s approach to date has focused on access to high level, self-help awareness resources like the Stay Safe Online program and Australian Cyber Security Centre’s (ACSC) Small Business Cyber Guidance.

And then there was the small business cyber security grant that really failed to hit the mark. But it’s not all doom and gloom. The Australian Cyber Security Growth Network (AustCyber) has been doing some great work supporting both SMEs directly and the innovative Australian companies that are building the solutions that will solve some of these problems.

Sadly though, this is where Australia’s cyber security strategy appears to lack the broader vision or the will and is running off the tracks. This is an area where we have seen little to no progression from the government over the past 4 years and the fear is that it may miss the boat once again in Australia’s upcoming 2020 Cyber Security Strategy.

We did learn something from the failed small business cyber security grant though. It further validated that small business isn’t going to get engaged on cyber without a stick or at least a much tastier carrot. So what’s the solution?

US TAKES APRA-LIKE APPROACH

The United States Department of Defense’s Cyber Maturity Model Certification (CMMC) program is set to commence in August this year and will require all Defense suppliers to assess their cyber risk posture and adhere to a set of standards.

It is just like the Australian Prudential Regulator (APRA) has done with financial entities and the third, fourth and fifth party suppliers that they use.

Governments at all levels can play a massive role when it comes to driving SMEs to engage on cyber security – and procurement is going to be the key.

Access to government work is somewhat of a holy grail for SMEs and they’ll do pretty much anything to get it and to keep it. If SMEs won’t engage voluntarily on making their businesses more cyber resilient then it’s time for the government to step in.

As the Australian Government finalises its 2020 Cyber Security Strategy it’s critical that we stop focusing on making the strong even stronger and broaden our approach and our thinking.

The return on investment from procurement driven cyber engagement programs targeted at SMEs would provide an uplift to national cyber resilience that would be unprecedented.

The most important point here is to start. It doesn’t have to be perfect. Just get something underway.

We may not have another four years to put this into the ‘too hard’ basket.

https://cybermetrix.com.au

 

Peter Maynard is founder and managing director of Australian cyber security firm CyberMetrix. 

THE Australian Small Business and Family Enterprise Ombudsman Kate Carnell said new research from the NBN proves "once and for all" that digitisation is a key driver of success in small businesses.

A survey of more than 1000 Australians conducted on behalf of NBN Co, has revealed close to half (49%) of respondents had increased their online shopping during the pandemic shutdown period and 70 percent were consciously supporting local businesses online.

But more than two thirds of respondents said even though they would like to support more local businesses, they were restricted by the limited digital presence of those businesses. 

“COVID-19 has delivered a harsh lesson that small businesses can’t rely on outdated business models and brick-and-mortar stores anymore,” Ms Carnell said.

“Digitisation is now essential for a small business to be truly competitive.

“PwC modelling estimates small businesses could unlock more than $49 billion of private sector output over a decade by adopting better use of mobile and internet technologies. More than half of this benefit could be realised in rural and regional Australia.

“The recent Buy from the Bush campaign is an excellent example – in just four months the 275 regional businesses profiled saw an average revenue increase of 300 percent. The campaign delivered $5 million to those featured small businesses – all of which had an online presence," Ms Carnell said.

“Equally, new research for the Shop Small campaign, revealed about a third of shoppers surveyed feel comfortable with returning to shops even though COVID restrictions are easing. It’s clear as we enter this new normal and live with this virus, having an online presence is critical for small businesses.

“We’ve found the most common roadblock to digital adoption has been not knowing where to start and fear of technology.

“There are a number of online workshops that offer good tips to small businesses. In particular, my office has supported the free Grow with Google sessions that cover everything from managing your business remotely to helping your business stand out online.

“We are also backing Kochie’s Business Builders’ Small Business First campaign, offering small businesses a free online directory listing, learning hub and community forum as they work to get back on their feet in these challenging times.”

www.asbfeo.gov.au

ends

Contact Us

 

PO Box 2144
MANSFIELD QLD 4122