During the first six months of 2016, small businesses reported losses due to scam activities of more than $1.6 million. That may seem like a drop in the ocean compared to the billions of dollars’ worth of business conducted over the Internet each day, but for the businesses affected the results can be catastrophic. Incredibly, sixty per cent of businesses that experience a cyber-attack cease operating within six months of the incident.
Scams have been around since the dawn of civilisation, but modern technology has provided a wealth of opportunities for scammers, including the ability to hit millions of targets at once.
Many scams simply exploit the better side of human nature. Others rely on sophisticated technology that few people understand. Either way, the first line of defence is awareness.
Know the enemy
The most common threats to small business include:
- False invoices: businesses receive fake invoices for goods or services that were not ordered. Many of the emails that the invoices are attached to also contain viruses.
- Change in supplier details: businesses are duped into updating a customer’s bank account details, diverting payments to a scammer.
- Malware: hidden programs in emails allow scammers access to your computer files or to your company’s entire server.
- Phishing: emails usually purporting to come from your bank and aimed at stealing your password and login details.
- Ransomware: locks up your computer with a demand of payment to unlock it.
- Hacked website: someone gains access to your website administration and defaces it or denies you access.
Sadly, this list is growing…
Protecting your business
The solution to most online threats lies in a combination of vigilance and technology. You also need to ensure your employees are alert to threats and are equipped to deflect them.
A security policy should include the following at the very least:
- Internet security programs: choose a reputable provider, schedule daily updates, and perform regular scans. If a threat is detected, immediately alert all staff and your IT support service.
- Passwords: ensure they are strong, individual to each site and each user within your business.
- Daily backups: your server or all computers must be backed up on a daily basis to an external drive. Remember to test backup files regularly to ensure they are working correctly.
- Payments: implement a rigorous system for confirming the validity of all invoices. Limit the number of people authorised to pay invoices.
- Confirm requests: if an email is received from a supplier requesting changes to payments, phone the supplier to confirm first.
Prevention is always better than the cure so learn more about this important aspect of running a business. Depending on the size and potential vulnerability of your business, it may pay to have your system expertly evaluated by a trusted consultant to strengthen it against any possible threats.
It is also worth considering insurance specific to this threat commonly referred to as Cyber Insurance. Traditional business insurance policies may not cover losses related to cyber-attacks and given the snowballing risks, Cyber Insurance is becoming another essential for business owners.
Millions of today’s businesses would not exist without the Internet, and the opportunities it provides seem limitless. Unfortunately those opportunities extend to the fraudulently minded, but by staying alert and following some simple rules you can protect your business from those looking for an easy ride.
Stay Smart Online: https://www.staysmartonline.gov.au/business
Protect yourself from scams: http://www.scamwatch.gov.au/get-help/protect-yourself-from-scams
What you need to know about small business scams: http://www.accc.gov.au/publications/small-business-scams
Australian Cybercrime Online Reporting Network http://www.acorn.gov.au