Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

We all know that FUD (Fear, Uncertainty, and Doubt) is a tried and true method to get your attention and try to sell you something that you MUST HAVE to protect yourself. Cybersecurity for Small Business is definitely one of those areas that is prone to this tactic.

Whilst I want you to actually know what the risks are about not having a good Cybersecurity strategy for your business, we don’t need to labour on all the FUD.

So here is all the FUD I can find, so you can get it all in one place, and we don’t need to talk about it again, except where it raises questions specifically related to your business.

All of the types of threats

Well the one’s that the Australian Cyber Security Centre wants you to know about. There is also a good quiz on spotting scams.

  • Account Compromise

  • Business Email Compromise

  • Cryptomining

  • Data Breaches

  • Hacking

  • Identity Theft

  • Malicious Insiders

  • Malware

  • Phishing

  • Quishing

  • Ransomware

  • Scams

Annual Cyber Threat Report 2024

This is where the statistic comes from that you will see just about everywhere - that the average self-reported cost of cybercrime for small business is $49,600, and the top 3 self-reported cybercrime types for business are:

  • email compromise (20%)

  • online banking fraud (13%)

  • business email compromise fraud (13%)

And these are only the ones that are reported. Many small businesses do not even report if something has happened.

A newish part of the report is AI and cybercrime. This will become a much bigger area that we need to be aware of.

Alerts and Advisories

The ACSC’s page that lists all the critical vulnerabilities they think you need to know about. If you’ve heard of the terms CVEs or KEVs, then this is where you will find them. But for many small businesses, you won’t have the hardware or software that these are affected. When you start to hear it on the news (eg Log4J), then you probably need to start thinking about it. However, if you do have servers, or hardware connected to the internet, then you do need to know about this stuff, unfortunately. Of course, your first step is to ensure all your devices are set to auto update, so any issues are resolved as quickly as possible.

Have you been hacked

The starting point for finding out what to do if you think you have been hacked.

Beware of your MSP

MSPs have a very important role for Small Businesses, but they can be targets for cyber crime also - and that can affect you. This is what is known as a supply chain attack. This article includes tips on how to engage with MSPs securely, and details the issue where an MSP was hacked.

Not included on this list

Anything to do with your regulated responsibilities such as:

  • Notifiable Data Breaches

  • Privacy Act

  • APRA legislation

  • SOCI legislation

  • etc

Yes, these are very much full of FUD, but these are the ones that you actually do need to know about, if you are covered by a specific piece of legislation or regulation.

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.