Cybersecurity risk in business – it’s personal

“Making it personal for my team has made it real,” Corey Scott, Managing Director of Brisbane-based tool and construction equipment provider TEN Group says. 

Click image to zoom Tap image to zoom

TEN has learned a lot since falling victim to a business email compromise (BEC) scam – an attack where cybercriminals gain the trust of victims, often resulting in fraudulent online transactions or wire transfers.

"It’s easy to overlook the protection of personal assets which can just as easily compromise a business.”

Scott says TEN made significant changes to its systems and policies as a result - including improving employee cybersecurity knowledge and skills so staff are not only able to detect scams within the business but also, just as critically, in their personal lives and at home.

“It’s helped them understand the high stakes of falling victim to a scam,” Scott says. “The simplicity and effectiveness of cyberattacks can be shocking. They’re not just a matter of business; they’re a fact of life - and they can happen to anyone.”

For many, business has always been personal. It’s a concept at the core of scores of small-to-medium enterprises (SMEs) which take great time and care investing in relationships with customers, employees and suppliers.

That investment is sadly not something unique to SMEs. Today’s cybercriminals are also proficient in building relationships - albeit virtual - and gaining the trust of many people, including business owners.

With 45 per cent of Australian employment represented by small businesses, the sector is particularly appealing to fraudsters as it typically has a modest amount of data with minimal security. 

What’s the threat?

It’s this lack of security which makes some of the most-common security threats for small business potentially the most damaging.  Below are four of the most-common attacks.

  • Malware

Malware is malicious software used to, access IT systems, disrupt them and/or collect sensitive information. It is often received through phishing, spam emails or online activity.

  • Ransomware

Some malware can restrict access to a machine or entire network unless terms are met; a debilitating state of affairs for any business.  

  • Phishing

Spam emails which aim to attain sensitive information like usernames, passwords or financial details are called ‘phishing’. Presented as official when they are anything but, they rely on users performing actions unwittingly and sometimes unknowingly.

  • BEC

An advanced version of phishing, BEC scams dispense with the scattergun approach of spam and target individuals for specific purposes within a business. A common occurrence is a request for an urgent or discreet payment.


There’s a wealth of resources available to SMEs around cybersecurity action and education but the true risk isn’t universally grasped. A recent ANZ insight report found 55 per cent of business owners know little or nothing about cyberattacks. I

It’s probably fair to assume home cybersecurity is subject to the same worrying statistic.

Although many businesses are beginning to implement strategies, procedures and training to help staff identify and manage cyber risks it’s easy to overlook the protection of personal assets which can just as easily compromise a business.

In the home

Many small business owners don’t separate personal and business devices. As home cybersecurity might naturally be more lax it’s important for business-owner families to discuss the risks and ways to manage them.

Make a PACT

In addition to talking to an IT provider about cybersecurity risks and ways to minimise them at work, there are a few simple steps businesses owners and operators can make at home to add an extra layer of protection.

  • Pause before sharing your personal information;
  • Activate two layers of security with two-factor authentication;
  • Call out suspicious messages; and
  • Turn on automatic software updates.


Many business owners claim to be ‘too small’ for a cybersecurity strategy but keeping up-to-date on the latest cybersecurity threats is a must.

Around eight new cyber threats are identified every second, many of which can prove devastating for a business of any size. According to the Australian Small Business and Family Ombudsman 22 per cent of small businesses breached by the 2017 ransomware attacks were so affected they could not continue operating. 

Stay smart

The issue of cybersecurity is at its most prominent during Stay Smart Online Week, an annual Australian government initiative aimed raising cyber awareness.

As part of the initiative a number of businesses – including ANZ will participate in Reverse the Threat, a symbolic change of websites and pages across Australia from colour to black and white to demonstrate a shared mission to reverse the threat of cybercrime.

Cybercriminals don’t discriminate between businesses and homes and will always look for the path of least resistance.

Cyber education, training and risk awareness have a place in the home, not just the office. Everyone can benefits if businesses take the step of becoming more aware of cybercrime and what can be done to protect against it.

Cosi De Angelis is GM Transaction Banking & Asset Finance Solutions at ANZ

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

23 Feb 2018

What CFOs need to know about cybersecurity (and why)

Chris Hockings | Chief Technology Officer, IBM Security

The growing threat landscape in tech has the potential to impact the bottom line.

06 Dec 2017

PODCAST: the gap between boards and cyber risk

Paul Burrow | Security Capability Uplift Manager, ANZ

Boards are told more about cyber risk than ever before, McAfee exec says – but do they understand it?