What to do if you're targeted by cyber crime

What is cyber crime?

Simply put, cyber crime is a term used to describe criminal activities carried out by means of computers or the internet. Cyber crimes are also sometimes called cyber attacks. If your business is the target of a cyber attack, it can be frustrating, expensive, and confusing. So, it’s wise to be prepared so you can help your business to respond and recover quickly.

Why is now the time to consider your business’s cyber security?

According to the Australian Cyber Security Centre (ACSC), in recent years there has been ‘an increase in the number of sophisticated cyber threats against Australians and Australian entities, and an increase in overall cybercrime activity.’

These findings were released in the Annual Cyber Threat Report 2021-22 published by the ACSC, the Australian Government’s cyber security agency.

Why risk management matters when you run a business

Whether you only use email occasionally or run every element of your business online, risks and vulnerabilities exist. If your business experiences a security breach, you’re likely to experience unexpected downtime and lost productivity.

If a cyber crime impacts your customers, too, your reputation may also be damaged. Therefore, it’s important to implement strategies that help to protect your business, and to know how to respond if you do experience a security breach.

The cyber security risk management process

If you run a business, it’s important to know what to do if your systems are targeted by cyber criminals, sometimes also referred to as hackers.

With a risk management plan, you can help defend your business. Here are some steps you can take to help you respond to cyber crime.

Step 1: Confirm details of the security breach

“The first thing to do in the event of a cyber security attack is to get confirmation of the attack and determine what, if any, information has been exposed or potentially stolen, and attempt to contain the breach ,” advises Matthew O’Brien, Telstra’s Cyber Security Executive.

Signs your business may have been hacked 

• Your computer slowing down.
• Difficulty connecting to your domain.
• Unusual network traffic.
• Login attempts made from unknown users.
• The receival of suspicious emails or email attachments.

Real life example of a cyber attack

George (not his real name) is the owner of a balloon supply company that has been targeted by cyber crime. The first sign of a problem was when the business stopped receiving orders one day. A quick investigation showed that his server had experienced a security breach, and that hackers had taken over the homepage of his business website with messages. Taking note of the situation early helped George to get on top of the reporting and recovery process.

Step 2: Report the cyber crime

If you can confirm that a breach has occurred, you may need to report it. How you do so depends on your business location, which is why it’s important to understand the local legal requirements of disclosing cyber crime to industry bodies and the Government.

According to the Office of the Australian Information Commissioner (OAIC), an Australian Government body, ‘a data breach happens when personal information is accessed or disclosed without authorisation or is lost.’ Furthermore, if the Privacy Act 1988 covers your business, you must notify affected individuals and the OAIC when a data breach involving personal information is likely to result in serious harm.

“We believe notification is in the best interest of the business,” Matthew O'Brien says. “It’s also worth noting that if a company has a cyber insurance policy that covers them financially in the event of a breach, failure to notify may void the policy.”

To notify the OAIC of a data breach, businesses can complete a Notifiable Data Breach form online.

What your report must include

Reporting is the first step to getting support. According to the OAIC, when you notify their agency and any individuals impacted by the cyber crime, you should include:

• your organisation or agency’s name and contact details
• a description of the data breach
• the kinds of information involved
• recommendations about the steps individuals should take in response to the data breach.

Step 3: Repair damage caused by security breach

Once you’ve reported the cyber crime, you’ll want to try to repair any damage that’s been done. To identify and close the entry point of the breach, you may need to work with an expert. Agencies who specialise in helping businesses recover from cyber attacks can help your business:

• Understand the risks associated with lost data.
• Form an action plan for recover from cyber crime.
• Inform you of who needs to be notified about the security breach.  

Real life example of recovering from a cyber attack

After his balloon supply company website was targeted by hackers, George worked with an expert who helped him to move the website to a cloud host, as the agency that built the website was unable to assist with recovery efforts. Over the years, George has recruited different IT agencies to help with ad hoc updates, but the result was a website with no backup. Knowing what he knows now, the message he’d give his past self is to set greater expectations for the suppliers he works with.

Step 4: Communicate with those impacted by the security breach

If your business has been the target of hackers, your customers are often impacted, too. When it comes to letting your customers know about a data breach, legal requirements may apply. These requirements often vary depending on your business size and location.

Even if you don’t have a legal obligation to report a cyber crime, you may still make the choice to inform your customers of any incidents that may have occurred. By letting customers know about breaches, you grant them the opportunity to perform actions such as changing their passwords or checking whether there’s been any suspicious activity on their own accounts.

The number one critical item all businesses should have is a response and communication plan. My belief is that, as good corporate citizens, it is incumbent on all businesses to notify their customers if they believe their personal information has been breached.

- Matthew O’Brien, Cyber Security Executive, Telstra

How your business can benefit from a cyber security strategy

The steps outlined above will help your business with its risk management plan, helping you respond to, and recover from, security breaches. But to help protect your business against cyber crime, it’s good to be proactive, not reactive, with your cyber security.

If you build your knowledge of cyber threats, you can work with experts to create a holistic cyber security strategy that may help save you time and money.

To help defend your business against cyber security threats, you can also:

• Read the Privacy Act 1988 and familiarise yourself with the requirements around disclosing a data breach to customers, industry bodies, and the Government.
• Consider investing in a cyber security insurance policy that can cover your business in the event of a breach, if you don’t already have one.
• Protect against attacks before they happen by working with experts to help you come up with a holistic, proactive cyber security plan to serve your current and future business needs.

Originally published June 2021. Updated March 2023.