-
Estimated reading time
6 minKey points
- Cyber security training should be a top priority for any business owner – it can empower your employees to keep confidential data safe and potentially save you hundreds (if not thousands) of dollars.
- Phishing scams, remote access scams, and insider threats are some common types of cybercrime you should teach your employees about.
- Educating your team on the cyber security basics and cultivating a healthy cyber culture are essential to encouraging cyber-smart behaviours in your business.
When it comes to running a business, there are many moving parts you need to prioritise – launching products, keeping up with your cash flow, managing stakeholder relationships and so on. But the one element that requires just as much attention is cyber security.
While 80% of small-to-medium businesses believe that cyber security is important, half of small businesses have poor cyber security practices and lack the knowledge necessary to keep their business safe.1 For many small businesses, lacking cyber security practices and training might impact staff and employees might be more susceptible to cybercrime simply because they can’t identify a scam message or apply basic cyber security measures.
“Cyber security is everyone’s responsibility,” says Karen Kosčak, an ANZ Product Owner in Cyber Security Education. “It’s not just one person’s job to ensure your staff know how to spot a scam or how to report something suspicious – it’s up to everyone to learn the cyber security basics.”
So, what can you do to ensure your employees know how to respond to a cyber security threat or prevent one from happening? From knowing the types of threats to educate your staff about, to the different ways to train them, we’re going to show you some of the essentials of cyber security training to help you (and your employees) protect your business from cybercriminals.
Why is cyber security training for employees important?
With more than 2.5 million businesses in Australia, scammers are spoilt for choice when finding their next target – they can cast their net far and wide to see which businesses they can snare.2 In 2023, cybercrime cost Australian small businesses an average of $46,000 ($97,200 for medium businesses).3
“People often make mistakes because they don’t recognise the red flags,” Karen explains. “Around 82% of cyber security incidents happen because of human error.”
This highlights just how important it is to train employees on cyber security fundamentals. Not only can it help stop a scam or fraud before it begins, but it can also help protect your business in the long term.
For example, an employee might get an email with a link from someone claiming to be their boss. In the email, the message might explain that the business is updating all computer software and urge the employee to click on a link. The staff member might click the link and accidentally download ransomware, which results in stolen money or customer data. This could all have been avoided if they had known the warning signs.
“Educating your staff on cyber security is key to protecting your business from online threats,” continues Karen.
5 common cyber threats to teach your staff
1. Phishing scams
“Phishing scams are the number one cause of data breaches and cybercrime impacting businesses,” Karen explains.
In a nutshell, a phishing scam is when a scammer attempts to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers. They will often send a message that’s designed to look genuine and often copy the format used by the organisation the scammer is pretending to represent, including their branding and logo. In these messages, there might be a link that takes you to a fake website that looks genuine. The reality is that these websites are a platform for scammers to try to steal money from businesses or manipulate you into handing over important business information.
2. Ransomware attacks
An employee might accidentally install ransomware onto their work device. Ransomware is a type of malicious software (malware) that can steal your files or hold them hostage in exchange for a ransom. This cyber threat can happen in many ways, such as downloading a corrupted attachment in an email or unknowingly visiting a harmful website.
3. Insider threats
In some cases, a cyber threat can originate from within your business. These are called insider threats and can happen in a variety of ways. For example, a person in HR might create a fake employee in the payroll system and funnel money to them from the business. Or an employee might steal customer data and sell it on the dark web for their own gain.
However, the ‘insider’ isn’t always your employees – it can be business partners, suppliers, contractors, or other stakeholders. Another example of an insider threat is when a contractor deliberately accesses confidential data beyond the agreed work scope.
4. Remote access scams
Remote access scams are one of the top scams that businesses experience, resulting in a financial loss of $4.9 million in 2023.4 With this threat, the cybercriminal will pose as a trusted telco or computer company and contact you (usually unexpectedly) to offer technical support. They’ll ask for remote access to your device to diagnose the problem. Instead, they install malicious software to steal your business’ data or money.
5. False billing and fake invoice scams
False billing and fake invoice scams cost businesses $11.8 million each year, making them one of the top scams impacting businesses in Australia.5 Small businesses are more likely to fall victim to these scams because they may lack the technology to detect the problem before it’s too late.
False billing occurs when you’re charged for a product or service that wasn’t provided, causing businesses and individuals to pay more than they needed to. It usually involves real or legitimate vendors. Fake invoice scams are similar but often involve the creation of entirely fabricated invoices not related to any legitimate business relationship.
While they may involve insiders (like business employees) or external criminals accessing the system, both types of scams underscore how important it is to check and confirm the details on invoices.
How to train your employees on cyber safety
- Educate your team on the basics of cybersecurity. This includes implementing measures such as turning on multi-factor authentication (MFA) for all accounts, having a strong and unique password or passphrase, and pausing to think before you act if you receive an unexpected message or call.
- Develop a cyber security training program. Identify the gaps in your team’s cyber safety knowledge and develop a program around that information gap. Use online resources, such as guides from the Australian Signals Directorate, to help shape the content. You can also enrol team members in accredited courses.
- Conduct simulated phishing exercises. This is when you send your employees a fake, malicious-looking email and assess how they respond. Running this type of exercise can help teach your staff how to recognise a phishing email and, in turn, help protect your business.
- Cultivate a healthy cyber safety culture to encourage cyber-smart behaviour. Discuss cyber safety openly with your team and create a safe space for them to share when they’ve spotted something suspicious.
How can your team respond to a scam?
- If your employee has shared financial information or transferred money, contact your bank immediately. If you’re an ANZ business customer, contact us immediately to report the fraud.
- If you have shared business credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.
Who can you contact if you’ve been scammed?
- Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
- Help others by reporting to Scamwatch or to the Australian Signals Directorate’s Australian Cyber Security Centre’s ReportCyber.
- You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.
- Contact your bank immediately if you share personal, business, or financial information.
- If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us
- Cyber security training should be a top priority for any business owner – it can empower your employees to keep confidential data safe and potentially save you hundreds (if not thousands) of dollars.
Fraud protection.
Now it’s personal.
ANZ Falcon® technology monitors millions of transactions every day to help keep you safe from fraud.
Falcon® is a registered trademark of Fair Isaac Corporation.