skip to main content
Business IQ

“Most breaches involve human error”: Why people are key to your cyber security

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Staying on top of internet security updates might be the last thing on your mind, but it’s important. More often, cyber criminals are exploiting weaknesses in your team’s decision making to gain access to your systems.

Stressed man using laptop

“When it comes to employees, your cyber security controls are only as good as your weakest link, with most breaches involving some kind of human error,” explains Telstra’s Cyber Security Product Executive Matthew O’Brien. Often, it’s an innocent slip by an individual – like opening a phishing link in an email or using an unsecured Wi-Fi network when working on the go – that can lead to a serious cyber threat.

Here, we look at how you can evaluate your cyber security risk profile and some of the real-life scenarios and examples of where staff (owners to employees, contractors and suppliers) can erode your business’s cyber security.

Check your cyber security risk profile

Evaluating the gaps in your cyber security can help you make a plan to improve it. Start by breaking down the following things that could potentially compromise your business’s security:

  • Who’s doing the work: humans who provide the first line of defence through their actions.
  • How they’re working: tools and programs used to create, share and store information.
  • Where they’re working: environments and networks where the work happens.

If you’re not sure how your business fares in these areas, try our free Cyber Security Quiz. You’ll receive a personalised report (as well as recommendations to help you strengthen your defences) and it’ll only take a few minutes.

Opening phishing links in emails

One of the most common types of online attacks for small businesses starts by a person clicking on a malicious email link. To help prevent this from happening, educate your team to know what to look out for when it comes to phishing links, so they can steer away – and also advise the business that they received a potential threat.

Letting security software updates slip

It’s easy (and common) to keep hitting the “later” button when a new software update pops up. But it’s important to know that updates are released specifically to combat bugs and to maintain defences against online threats. Encourage your team to allow system updates to automatically install. Or consider making automatic updates part of your device policy for anyone in your business.

Using unsecured Wi-Fi networks

The free Wi-Fi at your local café or at the airport is not a secure connection. Hackers and cyber criminals can easily intercept data by tapping into these networks. You might think your business is too small to be a target, or that a criminal wouldn’t target you as an individual, but there plenty of reports of these kinds of online crimes every day in Australia. One way to mitigate this risk is to secure your sensitive business information with a virtual private network (VPN).

Giving out information on the phone and social media

The way your team shares information can be compromised if they aren’t using secure sharing software. This is especially true if they are working remotely or on the go. Things like reading a credit card number aloud on the phone in a public area or sharing an employee’s details or passwords via private message on social media can pose risks. Hackers can use personal information your team have shared on their personal social media profiles in a number of ways, including posing as someone trustworthy in order to get them to give away information or click on a link. To help mitigate these dangers, implement policies and education on how your team can share information securely.

Use of employee-owned devices (including while working from home)

If your team are using their own devices for business activities without adequate cyber protection, it could leave your business exposed. With more devices in your business network, the urgency to keep up with your business protection increases. Securing personal devices in the age of remote work must extend from desktop to mobile and other connected devices to keep your business secure.

Not using multi-factor authentication

Multi-factor authentication is when a user is only granted access to an application or system after successfully presenting two or more pieces of evidence (like a phone number and a password) to authenticate their identity. Without it, passwords can be guessed by hackers and systems can be more easily accessed by criminals. Staff should be advised not to use the same passwords for work and personal use, and to change them at regular intervals. Consider getting multi-factor authentication software for your business, or speaking to an expert to help you set this up.

To stay vigilant, keep up to date with the latest tech news and government recommendations around cyber security. Create policies and implement processes that educate your employees on the relevant risks and instil habits that will mitigate cyber risks in the first place.

Is your business at risk of cyber crime?

Learn to assess risk and safeguard your business against online threats.

Access free reportIs your business at risk of cyber crime?
Customer Experience
Customer Experience
7 tips on search engine optimisation for your business

SEO for small business can seem like a foreign concept. But once you learn how it’s done, you can help your business get found online. Here are our top 7 SEO tips to improve ho...

Success Stories
Success Stories
How 3 Australian businesses embrace tech innovation to solve challenges and thrive

These forward-thinking businesses are building a better Australia. It’s what made them winners in the Embracing Innovation category at the 2022 Telstra Best of Business Awards....

Business IQ
Business IQ
6 expert tips to make sure your hospitality business thrives in 2022

For many hospitality businesses, the past two years have presented some unique challenges. The post-COVID world has its own obstacles, from finding and retaining staff to chang...

Customer Experience
Customer Experience
Shipping and delivery fundamentals: How to create and communicate a returns policy

2022 research by ShipStation and Inside Retail found that 57% of shoppers pay close attention to an online retailer’s returns policy before purchasing from them for the first t...