Strong passwords, smart choices, safer business.

Cybercrime is one of the biggest risks facing businesses today. From small family-run companies to large organisations, no one is immune to the tactics used by cybercriminals to steal sensitive information or money.

In support of Cyber Security Awareness Month, Suncorp Bank urges customers to stay alert to cyber security threats to protect themselves and their businesses. 

Paul Gardner, Executive Manager Financial Crime Strategy & Operations, encourages business owners to stay informed and implement strategies to reduce threats.

“Scams, Business Email Compromise and Malware Threats are some of the common cyber security threats that can be experienced by all businesses, regardless of their size,” said Mr Gardner. 

“Understanding how these attacks work, recognising the warning signs and putting protections in place can be critical for business resilience.”

Be alert to Phishing Scams

Cybercriminals will use phishing scams as a tactic to trick unsuspecting individuals into sharing sensitive information or sending money. 

“A phishing scam sees a cybercriminal posing as a representative of a trusted organisation. They will contact you via phone, email or text asking you to complete a task such as sending money or providing a password, account number or verification code,” said Mr Gardner.  

While some phishing scams can look realistic, Mr Gardner explains that cybercriminals often leave clues to help you identify if something isn’t right.

“There are several warning signs that help identify a phishing scam. Look for unpersonalised greetings, discrepancies in company branding, incorrect grammar, URLs or spelling, differing account details, the inclusion of suspicious links or a sense of urgency being created.”

“Make sure you think before you click and independently search a third-party's contact information through a legitimate source before liaising with them. Encourage your teams to do the same.”

Stay Safe from Business Email Compromise 

Another common method used by cybercriminals is business email compromise (BEC). BEC, similar to phishing scams, involves a cybercriminal using email to trick someone into sending money. 

“In some cases, a cybercriminal will gain access to a legitimate business’ email account and will alter payment details on invoices sent to the business’ customers.”

Mr Gardner emphasises the importance of confirming payment details before transferring funds. 

“When transferring funds for invoices, it is important to independently verify the payment details – especially if you haven’t used the payee previously. This can be done by calling the intended payee through another source such as the contact number provided on the official website,” said Mr Gardner.  

“It’s important for you, and your team, to be cautious of emails that request urgent or overdue payments, have had a change in contact or payment details, or contain inconsistent domain names compared to the company’s name. Introducing a formalised process to manage payments can help reduce risk.”

Watch out for Malware 

Categorised outside of scams, another cyberthreat for individuals and businesses is malware. Malware, known as malicious software, are programs used by cybercriminals to steal a victim's information or cause harm. 

“There are several types of malware, including ransomware, viruses, spyware or trojans, which serve different purposes for cybercriminals. Malware can steal information, control your device or record you, destroy your computer or corrupt files, and grant others access to your device,” said Mr Gardner.  

Protecting your personal and work devices is important for reducing the risk of introducing or spreading malware.

“It is important that you monitor devices for unusual activity and make sure they are up to date with the latest software. Devices can become infected through simple tasks like visiting infected websites, downloading files from the internet, and by opening email attachments,” said Mr Gardner.

“Malware can have devastating effects and can spread to other devices on the same network. It is important that you and your team understand the steps to take if a device becomes infected or information has been compromised. Disconnecting from the network, contacting the relevant technology support, and contacting your bank to report a potential breach are all steps someone can take if they believe their device is infected.”

Encourage a strong Security Culture in your business  

While cyber threats continue to evolve and grow in complexity, Mr Gardner shares that secure businesses don’t focus solely on technology and procedures, they also focus on their people as a line of defence.

“Fostering cyber resilience in your workplace starts by encouraging your teams to think beyond software and training. From backing up files and devices to updating software and using multifactor authentication, passphrases, and passkeys, it’s about embracing a collective mindset where cyber security is built into the foundation.”

“If you’re a Suncorp Bank customer and believe you have fallen victim to a scam or your bank details have been compromised, visit your local branch or give us a call on 13 11 75 immediately. Our friendly team are here to help.”

For more information visit: Identify & Report Threats | Online Security | Suncorp Bank and Small business | Cyber.gov.au