Ruthless computer hackers are increasingly targeting Australian businesses as the coronavirus pandemic forces companies to go digital.
Sophisticated cyber attacks are jeopardising the future of businesses that Australians and the government have rallied behind through the global shutdown.
Since early March, the Australian Cyber Security Centre (ACSC) has warned of a “significant increase” in attacks on businesses.
Of particular worry is the rise of COVID-19-themed email ‘phishing’ attacks, the ACSC said.
“Small businesses can be big targets for cyber criminals,” ACSC head Abigail Bradshaw said.
These attacks involve cleverly disguised emails designed to make unsuspecting business owners and employees open malicious files.
These phishing scams – and other cybercrime activities – cost Australian businesses an estimated $29 billion each year.
Out of The Heat Group and into the fire
It’s a scenario all to familiar to Gillian Franklin, founder and managing director of The Heat Group – a Melbourne-based cosmetics and consumer goods distributor.
Last year a Russian hacker gained access to The Heat Group’s computers, stealing the majority of her documents and leaving a few remaining files encrypted.
The hacker demanded a $US40,000 ransom (roughly $55,600) – to be paid in Bitcoin – to restore the encrypted files and return the stolen ones.
Initially, Ms Franklin was willing to negotiate with the hacker, and even pay the ransom if he could prove she would get back all of her documents.
“When we logged on that weekend, we had no business – everything was gone,” she told The New Daily.
We couldn’t trade, we couldn’t pay bills.
“So we were willing to pay the ransom because the cost of it was negligible compared with the cost of not getting those documents back. We were just focused on recovery.”
Fortunately, Ms Franklin’s IT team was quick to act, locking down the system and installing new security programs.
Meanwhile, the rest of the team began the gruelling process of contacting the 7000 or so customers relying on The Heat Group – which distributes brands such as Max Factor and Covergirl – to get their cosmetics shipments.
With the support of a quick-witted and dedicated team, Ms Franklin was able to get back to trading within four days.
Even so, being decommissioned cost the business an estimated $2 million all up.
“When it happens to small or medium-sized businesses like ours, it really hurts,” she said.
Cybercrime prevention smarts
When Ms Franklin realised she’d been hacked, she was fortunate to have a good team around her.
“I never for one minute assumed that we wouldn’t get through it,” she said.
“Maybe that’s naive, maybe it’s just part of who I am. But when it happened my whole focus and drive was on how we could fix it.”
And she said other businesses can make it through similar attacks – if they’re ready.
Ms Franklin said businesses need to take every precaution to protect against a hack.
This includes regularly updating – and testing – a company’s cyber security.
Staff should also be regularly tested and educated on the emerging digital threats they may face in their day-to-day work.
Even small things can make a difference, including changing the name of ‘administrator’ accounts so hackers don’t know which have the greatest level of access.
Importantly, she said businesses also need a plan for after they’ve been hacked.
Be sure to save staff contact details in hard copy so they aren’t lost when hackers take over, she said, and keep back ups of everything saved on a different system if possible.
“You can get through these things if you have good people, good resources and good support – and not just internally,” Ms Franklin said.
The ACSC also has a guide for small businesses.
You can hear more from Gillian and other hacking victims on Tuesday at 8.30pm on SBS Insight.