The Australian Competition and Consumer Commission (ACCC) received more than 5,800 reports of business scams in 2018, with total losses due to these scam activities of more than $7.2 million, an increase of 53% on the previous year. Almost 75% of those impacted were micro and small businesses, most commonly attributed to false billing scams. Even the average loss of $10,000 could mean the end for a small business.
Scams have been around since the dawn of civilisation, but modern technology has provided a wealth of opportunities for scammers, including the ability to hit millions of targets at once.
Many scams simply exploit the better side of human nature. Others rely on sophisticated technology that few people understand. Either way, the first line of defence is awareness.
Know the enemy
The most common threats to small business include:
- False invoices: businesses receive fake invoices for goods or services that were not ordered. The attached invoice may also contain malware.
- Change in supplier details: businesses are duped into updating a customer’s bank account details, diverting payments to a scammer.
- Malware: hidden programs in emails allow scammers access to your computer files or to your company’s entire server.
- Phishing: emails usually purporting to come from your bank and aimed at stealing your password and login details.
- Ransomware: locks up your computer with a demand of payment to unlock it.
- Hacked emails: someone gains access to your email address and sends requests to an employee to pay an invoice. The money is directed straight to the hacker’s bank account, which cannot be traced after the transfer.
Sadly, this list is growing…
Protecting your business
The solution to most online threats lies in a combination of vigilance and technology. You also need to ensure your employees are alert to threats and are equipped to deflect them.
A security policy should include the following at the very least:
- Internet security programs: choose a reputable provider, schedule daily updates, and perform regular scans. If a threat is detected, immediately alert all staff and your IT support service.
- Passwords: ensure they are strong, individual to each site and each user within your business.
- Daily backups: your server or all computers must be backed up on a daily basis to an external drive. A copy of this backup should be kept off site or stored in a fireproof safe. Remember to test backup files regularly to ensure they are working correctly.
- Payments: implement a rigorous system for confirming the validity of all invoices. Limit the number of people authorised to pay invoices.
- Confirm requests: if an email is received from a supplier requesting changes to payments, phone the supplier to confirm first.
Prevention is always better than the cure so learn more about this important aspect of running a business. Depending on the size and potential vulnerability of your business, it may pay to have your system expertly evaluated by a trusted consultant to strengthen it against any possible threats.
It is also worth considering insurance specific to this threat commonly referred to as Cyber Insurance. Traditional business insurance policies may not cover losses related to cyber-attacks and given the snowballing risks, Cyber Insurance is becoming another essential for business owners.
Millions of today’s businesses would not exist without the Internet, and the opportunities it provides seem limitless. Unfortunately those opportunities extend to a growing number of fraudsters, but by staying alert and following some simple rules you can protect your business from those looking for an easy ride.
