One distracted moment… this can be what ultimately gives a cyber-criminal access to your inbox, your digital data, your bank account, your government portals. It is not because you are stupid; most often, it is just because in that moment,you were distracted, multitasking, or tired.
It is no coincidence that Friday afternoon is the most common time for cyber breaches. In the farming sector, harvest time is an equally risky time. You typically have multiple things going on, you are fatigued and stressed. Cyber criminals’ MO is designed to hijack your natural human instincts, prompting an automatic reaction before rational thought can kick in. So how can you protect yourselves?
Understanding the psychology at play
Cyber attacks are successful largely because they exploit basic psychological principles and cognitive biases that affect decision-making, attention, and emotion. Here’s a breakdown of the key psychological tactics and why they work:
| Authority Bias | An email from the ATO? We are more likely to comply with requests from someone we perceive as an authority |
| Scarcity (Urgency) Bias | Available for a LIMITED TIME! Time pressure reduces rational thought, instead activating a survival mechanism so you make decisions faster (but not always better). |
| Incentive-caused bias (greed triggers) | Those Facebook adverts that are too good to be true? Our brains love a hit of dopamine, and the idea of a good deal can often override scepticism. |
| Loss aversion | ASIC Business Register – Act now or you’ll lose your Business name registration!
We are more motivated to avoid losses than to acquire gains. FOMO is real! |
| Cognitive Overload Bias | When we are overwhelmed, we make simpler, ‘rules of thumb’ decisions instead of deliberate analysis. During harvest, you are probably more than half-way to overwhelm already. So an email that ‘looks real enough’ might slip through your defences, when at any other time it wouldn’t have. |
| Reciprocity (Trust) Bias | Ol’ mate sends you a text from a new number (or a Facebook message), asking for a quick $200 transferred as he has lost his phone and wallet. He often buys you a beer at the footy club, so you feel obligated to return the favour. Part of our human evolution means community is built around reciprocity. But sometimes it pays (saves!) to be a bit suspicious – call his missus, or his old number first. |
| Personalization Bias (Spear Phishing) | Compromised data (such as Qantas Frequent Flyers, email accounts) provide cyber criminals the tools to make messages feel more relevant to you specifically. The more tailored it feels, the more legitimate it seems, and so bypasses instinctual scepticism. |
| Optimism/ overconfidence bias | It’ll never happen to me! We all think we are careful, will spot the red flags, and definitely aren’t gullible. The human race wouldn’t have survived this long if it weren’t for this bias. But the exponential increase in cyber-attacks in recent times means it is now a numbers game (throw enough darts, and one is bound to hit the dart board eventually). It is increasingly a matter of ‘when’ not ‘if’. |
So, what can you do to protect yourself and your business?
Leading into and in the midst of harvest, you are already feeling under pressure. The idea of another concern to add to the list may feel overwhelming.
The good news is that the first and most important step is to simply be aware, on the lookout for common red flags. E.g. Suspicious email addresses, unexpected contact, clumsy English, links to login pages, and new bank details. That’s the point of this article – to bring awareness.
The next step is to stop, pause, and delay acting immediately (even if it says URGENT). You’ll find this one a relief during harvest! Then get back to it once you have time to independently verify.
Last step – the tools below are there to help you – consider if any suit you, or if there is someone in your business who should also see this information to help raise their awareness and help you implement any of the below:
- Software updates, antivirus tools, and email quarantine tools
These are simple to engage and play a part – don’t neglect them. - Password best practice
Best practice advises using passphrases and a unique password for each login. With so many to remember these days, a Password Manager app is handy. But most importantly, enable multi-factor Authentication (MFA) whenever available. - Data breach alert tools (through password apps or websites like https://haveibeenpwned.com/)
These let you know when your details have been found in a public dataset on the web (and dark web). Any concerning results should prompt you to change your password for the compromised account and improve your password management practices, especially if any other accounts use the same password. - Training – identifying red flags
The Australian Government is so concerned about cyber threats; they have funded a free online training tool for small businesses: https://cyberwardens.com.au/.