So far, so normal — it’s something that businesspeople like her do every day. That afternoon, the consultant has a call from her credit card’s fraud department. Did she charge $800 of fuel to the card from a petrol station in western Sydney that morning? No, she didn’t. Her credit card has been “skimmed”.

How might this situation have been averted? Could this executive put better personal and business cyber protections in place?

It’s a good question. Cyber risk is a major issue for big business. Leaders at Australia’s big banks have called out malicious attacks on their systems as the top risk they face. But for smaller players like sophisticated investors, owners of private businesses, small ­enterprises that typically rely on credit cards, mobile phones and excel spreadsheets as part of their communications — these risks may not be on the radar.

Research shows that more than 72 per cent of private enterprises are reliant on email for reporting highly sensitive information within the business.

Quite apart from the financial risks, cyber fraud is also becoming a major concern for families through their use of networks at home for personal communication and game playing.

The frequency of cyber attacks targeting the identity of individual family members is on the rise. In some cases, the resulting impact on family reputation and the ­potential threats to personal ­security can be far worse than the financial losses incurred.

Globally, research shows that over a quarter of private enterprises have been subject to cyber-­security threats. In Australia, KPMG research highlights a similar number has had to deal with such incidents. Respondents cite cases of financial loss mainly attributable to “phishing” with more than 53 per cent of private enterprises subject to phishing attacks.

In one recent example, an elderly investor residing in aged care was called on the phone for their email address and bank details. The attack was sophisticated and convincing, with the target innocently disclosing their personal information. More than $300,000 in savings was taken from their ­account, and it was unable to be ­recovered.

On the same theme, the Australian Taxation Office has reported an increase this year of people losing money to automated phone scams through threats of tax file number suspension. As the ATO says, it does not suspend TFNs and will never request payment of a fine or transfer money in order to protect a TFN. Nor does the ATO make unsolicited calls to people.

Yet cyber awareness among investors of all types remains low, and that’s a serious problem. The federal government acknowledges that all Australians are high-risk cyber targets and this includes retirees and those with self-managed super funds.

There are seven key steps against cyber attack:

Act now: Ask your financial adviser to set up a system for maintaining ongoing awareness with a quarterly cybersecurity audit and protection strategy.

Protect data: It’s surprising how many businesses don’t have a formal system to back up and protect data. You need one that ­secures your devices and networks and considers encryption of important information.

Implement blocks: Make sure you use a multi-factor authentication system — for example a password and a push authentication step, where a second factor is required to access sensitive data. Mobile apps are used to push a validation request so even if an ­attacker has a valid username and password they can’t access the push notification to access an ­account.

Manage passwords: Effective management means ensuring easy to guess passwords like birthdays or 1234 numbers and using the same password across devices aren’t used and that passwords must be changed regularly as part of the overall IT system structure/strategy.

If you run a business, inform your people: Whether it’s one or two people in the business or a staff of 50 or 100, you need to set robust cybersecurity measures and train your staff to be safe online. That includes things such as ensuring your privacy phone settings are enacted correctly.

Hold a cybersecurity hour/day: Depending on the size of your enterprise, formalise the steps in a training session/cyber awareness day and then update your business systems accordingly, across personal devices and the broader ­office systems.

Education: Educate family members, particularly younger family members on games consoles and on social media, regarding appropriate behaviour and how to deal with strangers.

A key cybersecurity message is that theft and fraud represent permanent losses of capital that may never be recovered.

All investors need to be conscious not only of the risks they take to attract investment returns, but about managing the risks.

Robyn Langsford is head of family business at KPMG Enterprise