Open Systems Support

Menu
Contact us
Free consultation

Don’t Let Cyber Crime Steal an Annual Salary: What your Small to Medium Australian Business Needs to Know

October 8 2025

Australia’s Annual Cyber Threat Report found that small businesses reported an average loss of $49,600 with medium-sized businesses losing an average of $62,000!

Australian small to medium businesses have suffered average losses that could be a chunk of an employee’s annual pay. Lack of dedicated cybersecurity leaves small to medium businesses vulnerable to cyber attacks. This is why your team must remain updated and informed about best cyber hygiene practices.

 

Here’s how you can keep your business safer from cyber threats, with tips on spotting phishing emails and how to report scams. 

 

These are the top three threats for small to medium businesses by percentage:

     

      • 20% of emails compromised

      • 13% online banking fraud

      • 13% business email fraud

     

    Hackers don’t even need sophisticated malware to pose a threat; all they need is your login. Cyber criminals can most commonly use phishing to steal your sensitive information. 

     

    What is Phishing?

    Phishing is a common method that cybercriminals use, they use socially engineered emails designed to gain trust and scam you into disclosing sensitive information and money.

     

     

    Phishing emails can look like

      • Social media emails– these urge you to change or reset your password at risk of losing your account. Emails will often imitate a social media site to trick you into clicking on malicious links.

         

        • Amazon emails – these can look like links to items you have not ordered, surveys, messages about your account being locked or suspended, and prompts to update your payment information.

           

          • Google Docs that look like they are from someone you know; these are imitation Google Forms or Docs.

             

            • MyGov – Emails that urge you to update your personal information or inform you of a refund through their link.

             

            Other phishing emails that might specifically target businesses

               

              • Peer evaluation feedback emails: These look like they are from your workplace HR department; they are professional and neutral in tone. This email attempts to convince the recipient that they have received an anonymous peer review and gives the target a link to “see feedback”.

                 

                • Urgent Software Update: These look like automated admin emails, but urge you to update your system by clicking on a link.

                 

                  • SharePoint Accept or Deny requests, these contain a link to an apparent SharePoint document (spoiler alert, it does not).

                   

                  There are hundreds of ways cyber criminals can use phishing, but generally, these are some red flags:

                     

                    • Generic greetings

                       

                      • Misspelled words or heavy grammatical errors

                         

                        • Blurry logos or images, weird formatting, and fonts

                           

                          • Unknown senders

                             

                            • Requesting personal information; legitimate corporations won’t ask you to disclose personal information over email, they will usually ask you to look and log into their website (do not use a link from an email, open a separate browser and log in as usual, scammers can imitate website login pages and steal your information that way too).

                             

                            What if you have clicked on a suspicious link in a phishing email?

                            If you have clicked on and entered sensitive personal details like your account password and username into an unknown source you should: 

                            Change your password

                            Ensure each of your accounts has a different password. This means that in the case of one account compromise, malicious software cannot use the same password to access your other accounts (this is called credential stuffing).

                            Report the Email

                            First, you should report the phishing email in your email settings; this ensures that you will not receive any more mail from that address again.

                            The Australian Government’s Australian Signals Directorate recommends reporting to the following agencies:

                               

                                • Scamwatch if you think you have been targeted but have not lost any private details or money

                                • ReportCyber if you have been scammed out of money or if your private information has been stolen

                               

                              Recovering from Phishing Attacks

                              Cyber.gov.au has many resources to guide Australian Organisations through phishing scams, alongside a 24/7 incident response and assistance offering.

                               

                              TLDNR: do not click any unexpected links in your inbox! As Scamwatch says: Stop. Better be safe than scammed!