Keeping your business safe online
The Australian Competition and Consumer Commission (ACCC) received more than 5400 reports of business scams in 2017, with total losses due to these scam activities of more than $4.6 million, an increase of $900,000 on the previous year. Almost 3000 of those hit were micro and small businesses. They accounted for just shy of $3 million lost, most commonly attributed to false billing scams. Even the average loss of $10,000 could mean the end for a small business.
Modern technology has provided a wealth of opportunities for scammers, including the ability to hit millions of targets at once.
Many scams simply exploit the better side of human nature. Others rely on sophisticated technology that few people understand. Either way, the first line of defence is awareness.
Know the enemy
The most common threats to small business include:
- False invoices: businesses receive fake invoices for goods or services that were not ordered. The attached invoice may also contain malware.
- Change in supplier details: businesses are duped into updating a customer’s bank account details, diverting payments to a scammer.
- Malware: hidden programs in emails allow scammers access to your computer files or to your company’s entire server.
- Phishing: emails usually purporting to come from your bank and aimed at stealing your password and login details.
- Ransomware: locks up your computer with a demand of payment to unlock it.
- Hacked emails: someone gains access to your email address and sends requests to an employee to pay an invoice. The money is directed straight to the hacker’s bank account, which cannot be traced after the transfer.
Protecting your business
The solution to most online threats lies in a combination of vigilance and technology. You also need to ensure your employees are alert to threats and are equipped to deflect them.
A security policy should include the following at the very least:
- Internet security programs: choose a reputable provider, schedule daily updates, and perform regular scans. If a threat is detected, immediately alert all staff and your IT support service.
- Passwords: ensure they are strong, individual to each site and each user within your business.
- Daily backups: your server or all computers must be backed up on a daily basis to an external drive. A copy of this backup should be kept off site or stored in a fireproof safe. Remember to test backup files regularly to ensure they are working correctly.
- Payments: implement a rigorous system for confirming the validity of all invoices. Limit the number of people authorised to pay invoices.
- Confirm requests: if an email is received from a supplier requesting changes to payments, phone the supplier to confirm first.
Prevention is always better than the cure so learn more about this important aspect of running a business. Depending on the size and potential vulnerability of your business, it may pay to have your system expertly evaluated by a trusted consultant to strengthen it against any possible threats.
It is also worth considering insurance specific to this threat commonly referred to as Cyber Insurance. Traditional business insurance policies may not cover losses related to cyber-attacks and given the snowballing risks, Cyber Insurance is becoming another essential for business owners.