In an era dominated by digital transactions and virtual communication, safeguarding your business from cyber threats has never been more critical.
As cybercriminals continue to evolve their tactics, it’s imperative to stay one step ahead.
That’s why we’ve compiled this comprehensive guide, drawing insights from some of the most trusted voices in Australian cybersecurity.
From verifying payment details to deploying state-of-the-art identity access management solutions, these expert-backed strategies will fortify your business against potential threats.
Join us as we delve into the essential steps that every Australian business should take to ensure cyber safety and resilience in today’s digital landscape.
Verify payment details
The Australian Cyber Security Centre (ACSC)
“If any party to a property transaction notifies you they have updated their bank details, take extreme care to confirm changes by calling the sender’s established phone number or meeting them face-to-face before transferring any funds.”
Exercise good cyberhygiene
The Attorney General’s Department
“There are a range of good cyberhygiene preventative and proactive measures that can be of immediate benefit to Australian businesses like strong passwords, multi-factor authentication, and backing up data. Further guidance can be found at www.cyber.gov.au/protect-yourself.”
Practice your cyber incident response
ACSC
Developed by the UKs National Cyber Security Centre and now used by the ACSC, the Exercise in a Box online tool promises to help Australian companies of any size discover how resilient they are to hostile actors. It also helps them test and practise their cyber incident response in a secure environment.
Maintain training and awareness
The ACSC
“Ensure staff are trained to identify suspicious emails, including requests to change bank account details or emails linking to fake websites. The latter may be a phishing attack that could capture passwords and compromise account security.”
Deploy a trusted CIAM solution
Chris Gibbs, CEO triSearch
“We recommend firms protect their businesses and their clients from cybercrime by partnering with a cybersecurity firm that provides a scaleable solution protecting a conveyancer or law firm’s infrastructure, applications and enterprise.
“When protecting the enterprise, firms should look to deploy a customer identity access management (CIAM) solution to establish and maintain digital trust with their users by providing a highly-secure and resilient environment for collecting and storing sensitive user information, managing privacy controls, and defending against identity fraud.”
Check your mobile risk
The Law Council Of Australia
In its cyber precedent paper, Your Firm, Their Data, the Law Council of Australia outlines ways to protect your client’s confidential information including on mobility and bring your own devices. And they ask:
• Have you adequately secured you mobile device in case of loss or theft? Do you use a password? Does your device auto lock, requiring you to retype your password to gain access, if left unattended? How long does it take before auto lock engages?
• Who has access to the data you carry around on your phone or portable device?
• Can that equipment or the mechanisms that allow it to work be used to transmit sensitive data or create security breaches?
Information transmitted over public Wi-Fi networks can be accessed by others, for example.
• Should it be required, can you remotely find or control the device to enforce security policies? That is, can you erase the data remotely?
Secure your email accounts
THE ACSC
“Cybercriminals will attempt to access systems through compromised passwords, it is recommended that individuals and businesses use strong passphrases and enable or implement multi-factor authentication on email accounts to help prevent unauthorised access.”
Utilise secure systems
Chris Tyler, CEO Australian Institute of Conveyancers
“Conveyancing is generally safe but several steps could be made to make it safer, including using a dedicated approved portal for transfer of bank details, like PEXA Key or Securexchange.” And, Tyler advised, “using VOI (verification of identity) is a measure that makes identify theft/fraud more difficult. It doesn’t prevent it but certainly makes it harder for threat actors to navigate.”
Comply with VOI
Chris Gibbs, CEO triSearch
“In the rapidly changing landscape of digital conveyancing, conveyancers and their clients should rely on access to cutting edge verification of identity (VOI) technology.
“Not only does it bring efficiencies that speed up the conveyancing workflow but it also provides a superior and differentiated level of customer service.
“These efficiencies also provide conveyancers the ability to scale up their businesses by freeing up resources to service more clients. In Australia today we have thousands of identity checks happening each second.
“This is far beyond what was possible prior to the introduction of mandatory VOI and the technology that has emerged that provides conveyancers and their clients with the speed and convenience of an automated VOI system.”
Install anti-virus and malware protection
The Law Council Of Australia
• Purchase business grade anti-virus and email filtering (don’t use free versions)
• Enforce strong passwords (min 15 character with mix of letters, numbers and symbols)
• Have passwords changed on a regular basis
• Limit access to systems
• Only allow screened persons to view your data
• Update the software regularly
• Have it installed and monitored by a professional
In case of an attack
The Law Council of Australia
The Law Council of Australia has a handy point-by-point strategy to manage a cyberattack. In short:
1. Identify the threat
2. Neutralise the attack
3. Review your system
4. Restore and rectify your infrastructure
5. Recover your data
6. Test and allow operations to resume
7. Report and learn from the experience
Stay up-to-date
Government websites
Here’s a list of Australian websites to keep you updated and alerted to any new threats and recommended security measures to protect your business from ever-evolving cyberthreats.
The ACCC & the ACSC
If you suspect your business has been a victim of a cybercrime, stay calm and contact The Australian Cyber Security Centre’s 24/7 Hotline:
1300 CYBER1 (1300 292 371).
Follow this link to report a cybercrime to the Australian Cyber Security Centre and the police. And click here to report a scam to Scamwatch.
For more insights and tips on cyber awareness, download edition two of the Australian Conveyancer.
