As Aussies ramp up their holiday shopping, the increased demand for online shopping presents itself as the perfect opportunity for scammers to fill up their stockings with last-minute data goods. Businesses across the retail sector and beyond must be ready in case employees unknowingly open the door to scammers waiting to pounce on unsuspecting staff using work devices to shop online.

New data from the ACSC reveals that cybercrime reports increased 13% overall from the previous year.  Financial losses from business email compromise (BEC) scams rose to over $98 million in the 2021-22 financial year, and online shopping was one of the most frequently reported cybercrimes, accounting for approximately 14% of all attacks.

This should be a top concern for businesses, with a Veritas study finding that two-thirds (66%) of Australian employees have admitted to sharing business-critical data over business collaboration tools including Teams, Zoom and Slack. This includes client details (15%), corporate passwords (9%) or even company credit card details (8%).

These statistics alone highlight just how important data security and vigilance is for Australian businesses in the fight against cyber attacks – and there has been no shortage of case studies in recent months to prove how detrimental these attacks can be, on all aspects of a business.

To combat the growing threat of cyber sharks lurking in the water, here are our top five tips to protect your business this holiday season.

  1. Secure the perimeter

Constructing a strict online perimeter ensures that only those associated with your network can gain access to your online services and sensitive data. Tactics such as implementing mandatory two-factor authentication will keep your business under lock and key from external threats. Using two-factor authentication also prevents hackers, even those who have managed to secure a password, from infiltrating your IT system by forcing them to verify their identity on a separate device.

2. Gaining governance and control

We’re all aware of the overwhelming feeling that sinks in when we’ve lost control. Scammers are constantly testing for weak spots until one cracks. It’s therefore critical to have complete visibility of who has access to company data, as it can provide a blueprint as to where potential problems could arise.

Additionally, leaders must ensure they can quickly identify where and how data is being stored, in order to create sufficient security protocols in case of a system breach. To be more efficient in securing their IT infrastructure, organisations can deploy autonomous cloud-based data management solutions that are self-optimising, to ensure their data is always available and resilient from ransomware and other cyber threats.

3. Backup your data

In the event of a cyberattack, having offline copies of data might just mean all is not lost. If you have a clean backup of your data when ransomware strikes, and are able to prevent ransomware from reaching the backup and encrypting it too, you have a safe and easy way to recover without paying the ransom.

Regular and scheduled backups should include both online and offline copies to ensure data and applications can be restored quickly and seamlessly across networks and operating systems.

If your backup and recovery provider offers artificial intelligence, ensure your organisation is updated with the very latest, so your backup and recovery can autonomously adapt to changes in your environment, especially when IT staff are out of the office.

4. Educate and train staff

When it comes to the risk from cyber threats, your first line of defence isn’t technology, it’s people. If your employees aren’t being vigilant, you’re wide open to many different types of attack – the bottom line being that company culture is what will ultimately define your security posture and its effectiveness.

As users of technology, employees should be aware of the right communication tools for the job to keep both their employer and themselves safe from harm. But concerningly, research from Veritas has revealed that 53% of Australian employees admit to saving their own copies of the information they share over work collaboration tools.

Outlining simple tactics such as calling a colleague to validate a request when receiving a suspicious email, never downloading any suspicious attachments/URLs or immediately reporting any unusual activity to your IT team will help a business safeguard itself from accidental leaks.

5. Partner with a credible data management provider

Even with the most thorough plans, things can deteriorate quickly when your precious data lands in the hands of a scammer. Not only can a credible data management provider help your business deploy protection software and ensure your network is secure, it can also work quickly to restore any lost data in the event of a cyber attack.

The festive season will see higher volumes of sensitive and personal information being shared across different online platforms. As scammers become more strategic in their holiday scams, businesses and employees must be continually vigilant when it comes to cybersecurity and company IT equipment. Staying watchful this holiday season and implementing effective barriers will prevent your business from falling victim to the looming threat of cyber attacks.

Pete Murray is managing director of Australia & New Zealand at Veritas Technologies.