skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Find ANZ Support Centre
Find ANZ Contact
Article related to:

How to protect your business

Cyber security training for employees

ANZ Security specialist

2024-09-18 00:00

Estimated reading time
 6 min

Key points

  • Cyber security training should be a top priority for any business owner – it can empower your employees to keep confidential data safe and potentially save you hundreds (if not thousands) of dollars.

  • Phishing scams, remote access scams, and insider threats are some common types of cybercrime you should teach your employees about.

  • Educating your team on the cyber security basics and cultivating a healthy cyber culture are essential to encouraging cyber-smart behaviours in your business.

When it comes to running a business, there are many moving parts you need to prioritise – launching products, keeping up with your cash flow, managing stakeholder relationships and so on. But the one element that requires just as much attention is cyber security.

While 80% of small-to-medium businesses believe that cyber security is important, half of small businesses have poor cyber security practices and lack the knowledge necessary to keep their business safe.1 For many small businesses, lacking cyber security practices and training might impact staff and employees might be more susceptible to cybercrime simply because they can’t identify a scam message or apply basic cyber security measures.

“Cyber security is everyone’s responsibility,” says Karen Kosčak, an ANZ Product Owner in Cyber Security Education. “It’s not just one person’s job to ensure your staff know how to spot a scam or how to report something suspicious – it’s up to everyone to learn the cyber security basics.”

So, what can you do to ensure your employees know how to respond to a cyber security threat or prevent one from happening? From knowing the types of threats to educate your staff about, to the different ways to train them, we’re going to show you some of the essentials of cyber security training to help you (and your employees) protect your business from cybercriminals.

 

Why is cyber security training for employees important?

With more than 2.5 million businesses in Australia, scammers are spoilt for choice when finding their next target – they can cast their net far and wide to see which businesses they can snare.2 In 2023, cybercrime cost Australian small businesses an average of $46,000 ($97,200 for medium businesses).3

“People often make mistakes because they don’t recognise the red flags,” Karen explains. “Around 82% of cyber security incidents happen because of human error.”

This highlights just how important it is to train employees on cyber security fundamentals. Not only can it help stop a scam or fraud before it begins, but it can also help protect your business in the long term.

For example, an employee might get an email with a link from someone claiming to be their boss. In the email, the message might explain that the business is updating all computer software and urge the employee to click on a link. The staff member might click the link and accidentally download ransomware, which results in stolen money or customer data. This could all have been avoided if they had known the warning signs.

“Educating your staff on cyber security is key to protecting your business from online threats,” continues Karen.

 

5 common cyber threats to teach your staff 

1. Phishing scams

“Phishing scams are the number one cause of data breaches and cybercrime impacting businesses,” Karen explains.

In a nutshell, a phishing scam is when a scammer attempts to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers. They will often send a message that’s designed to look genuine and often copy the format used by the organisation the scammer is pretending to represent, including their branding and logo. In these messages, there might be a link that takes you to a fake website that looks genuine. The reality is that these websites are a platform for scammers to try to steal money from businesses or manipulate you into handing over important business information.

2. Ransomware attacks

An employee might accidentally install ransomware onto their work device. Ransomware is a type of malicious software (malware) that can steal your files or hold them hostage in exchange for a ransom. This cyber threat can happen in many ways, such as downloading a corrupted attachment in an email or unknowingly visiting a harmful website.

3. Insider threats

In some cases, a cyber threat can originate from within your business. These are called insider threats and can happen in a variety of ways. For example, a person in HR might create a fake employee in the payroll system and funnel money to them from the business. Or an employee might steal customer data and sell it on the dark web for their own gain.

However, the ‘insider’ isn’t always your employees – it can be business partners, suppliers, contractors, or other stakeholders. Another example of an insider threat is when a contractor deliberately accesses confidential data beyond the agreed work scope.

4. Remote access scams

Remote access scams are one of the top scams that businesses experience, resulting in a financial loss of $4.9 million in 2023.4 With this threat, the cybercriminal will pose as a trusted telco or computer company and contact you (usually unexpectedly) to offer technical support. They’ll ask for remote access to your device to diagnose the problem. Instead, they install malicious software to steal your business’ data or money.

5. False billing and fake invoice scams

False billing and fake invoice scams cost businesses $11.8 million each year, making them one of the top scams impacting businesses in Australia.5 Small businesses are more likely to fall victim to these scams because they may lack the technology to detect the problem before it’s too late.

False billing occurs when you’re charged for a product or service that wasn’t provided, causing businesses and individuals to pay more than they needed to. It usually involves real or legitimate vendors. Fake invoice scams are similar but often involve the creation of entirely fabricated invoices not related to any legitimate business relationship.

While they may involve insiders (like business employees) or external criminals accessing the system, both types of scams underscore how important it is to check and confirm the details on invoices.

 

How to train your employees on cyber safety

  • Educate your team on the basics of cybersecurity. This includes implementing measures such as turning on multi-factor authentication (MFA) for all accounts, having a strong and unique password or passphrase, and pausing to think before you act if you receive an unexpected message or call.

  • Develop a cyber security training program. Identify the gaps in your team’s cyber safety knowledge and develop a program around that information gap. Use online resources, such as guides from the Australian Signals Directorate, to help shape the content. You can also enrol team members in accredited courses.

  • Conduct simulated phishing exercises. This is when you send your employees a fake, malicious-looking email and assess how they respond. Running this type of exercise can help teach your staff how to recognise a phishing email and, in turn, help protect your business.

  • Cultivate a healthy cyber safety culture to encourage cyber-smart behaviour. Discuss cyber safety openly with your team and create a safe space for them to share when they’ve spotted something suspicious.

 

How can your team respond to a scam? 

  • If your employee has shared financial information or transferred money, contact your bank immediately. If you’re an ANZ business customer, contact us immediately to report the fraud.

  • If you have shared business credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.

 

Who can you contact if you’ve been scammed?

anzcomau:content-hubs/security/how-to-protect-your-business
Cyber security training for employees
ANZ
Security specialist
2024-09-18
/content/dam/anzcomau/images/security-hub/business-cyber-security/how-to-protect-your-business/cyber-training-banner-1200x800.jpg

Raise awareness and help protect your business

Whether identifying business fraud or using your business credit card wisely, we have tips you can share with your employees to help keep your business safe from cybercrime.

Be cyber-smart

 

Important information

The information set out above is general in nature and has been prepared without taking into account your objectives, financial situation or needs. Before acting on the information, you should consider whether the information is appropriate for you having regard to your objectives, financial situation and needs. By providing this information ANZ does not intend to provide any financial advice or other advice or recommendations. You should seek independent financial, legal, tax and other relevant advice having regard to your particular circumstances.

References

1. Australian Signals Directorate, Cyber security and Australian small businesses: Results from the Australian cyber security centre small business survey (PDF), 2023

2. Australian Bureau of Statistics, Counts of Australian businesses including entries and exits, 2023

3. Australian Signals Directorate, Cyber security and Australian small businesses: Results from the Australian cyber security centre small business survey (PDF), 2023

4. National Anti-Scam Centre, Targeting scams: Report of the National Anti-Scam Centre on scams activity 2023, 2024

5. National Anti-Scam Centre, Targeting scams: Report of the National Anti-Scam Centre on scams activity 2023, 2024

Top