Sydney-based natural health company Go Vita was left reeling after one of its 125 privately owned stores was hacked in September 2021 to the tune of almost $90,000.
The hackers managed to hijack a Go Vita monthly statement and insert their own bank account details.
Then, a $90,000 bill was paid to a different banking address and the store owner didn’t realise they had been hacked, until their account was put on hold – for not 'paying' the bill.
Also read: $26.5 million gone in ‘devastating blow’
Go Vita managing director Clinton Hayes said the scammers were so efficient that by the time the police and banks started investigating, the money was long gone.
Following an alarming rise in cyber attacks against Australian businesses, experts are warning January is a prime time for ransomware attacks.
Cyber-attacks are up 30 per cent in the past six months as cyber criminals exploit the pandemic and the ongoing pressure of remote working.
Experts are warning Australian small business owners to ensure they are well set up in 2022 to avoid being a primary target for cybercrime.
Business Australia general manager products Phil Parisis said Australian small businesses could be easy targets.
Parisis said small and medium enterprises (SMEs) accounted for nearly half of all cyber-crime incidents.
“Research shows that business owners are aware of cyber-crime, but they are just not prepared - 90 per cent of attacks are still successful due to human error,” he said.
“We often hear from businesses that, ‘I'm just a small law firm, a building company, why would anybody target me?’.”
Parisis said the reality was that cyber criminals weren’t necessarily attacking any particular individual. He said it was more likely they had become the accidental victim of a broad-scale phishing attack.
“Then all it takes is one employee to make a mistake and it triggers an interest in your business,” he said.
“Attackers are also incredibly creative at playing on human emotions, creating links someone is most likely to click.”
Langs Building Supplies also found themselves victim to a massive ransomware attack.
Brisbane CIO Matthew Day realised the company's systems had been compromised when he went into the office and saw an anonymous message pop up on his screen.
The message announced that his employer had been hacked and they were demanding a $15 million ransom.
Luckily, Langs had a policy of never paying up for such ransomware attacks and had a good system of protection in place.
When the hackers realised their attack had been unsuccessful and the company would not pay, they targeted staff via emails telling them their data would be sold.
Langs’ systems were too sophisticated for that to happen, so the emails were quickly ignored and the evidence was reported to the Australian Federal Police.
Here are seven practical steps for businesses to prevent a cyber-attack in 2022, according to Business Australia.
Create a human firewall: Building a human firewall - or educating yourself and employees - is the most effective way of preventing a cyber-attack.
Protect your passwords: It’s critical that passwords are not easy to guess. It might be worth considering a password manager and multi-factor authentication, providing a second wave of authentications.
Beware of public Wifi: Logging on to a public Wifi is one of the easiest ways to get hacked. If you, or members of your team, are working remotely, a safer option is hot-spotting to their phone.
Careful with what you buy: Purchasing cheap cables for iPhone chargers from unreputable stores have been found to allow hackers to use malware to hijack your device, so the safest way is to use store approved products.
Upgrade your software: Ensure all your devices’ operating systems are upgraded regularly. This will include recent security patches.
Consider insurance: Cyber insurance doesn't reduce the risk; it reduces the financial impact of a cyber-attack. It can also help a business recover faster.
Update business policies and procedures: Ensure your business processes are up to date to protect, prevent and recover from any suspicious behaviour.