Cyber safety: keeping your business secure

3 min read

There’s no denying it: many businesses would struggle to exist without an online presence.

But like most things, where there are opportunities, there are also risks.

Today’s business owners are becoming increasingly aware of the importance of cyber safety, familiarising themselves with potential threats to their business. 

In fact, in 2017, the Australian Competition and Consumer Commission (ACCC) received more than 5400 reports of business scams, with total losses due to these scam activities costing more than $4.6 million (an increase of $900,000 on the previous year). Almost 3000 of those hit were micro and small businesses.[1]

While many of these scams exploited the better side of human nature, others relied on sophisticated technology that few people understood. In any case, however, the first line of defence was awareness.

By staying alert and following a few simple rules, business owners can help protect their assets from those looking for an easy ride.

Know the enemy

The most common current threats to small businesses include:

  1. False invoices: businesses may receive fake invoices for goods or services that were not ordered. Many of the email attachments may also contain viruses.[2]

  2. Change in details: businesses can be duped into updating a customer's supplied bank account details, diverting payments to a scammer.

  3. Malware: hidden programs in emails can allow scammers to access your computer files or your company’s entire server.

  4. Phishing: emails purporting to come from your bank can be aimed at stealing your password and login details.

  5. Ransomware: malicious software that locks up your computer, with a demand for payment to unlock.[2]

  6. Hacked emails: someone gains access to your email address and sends requests to an employee to pay an invoice. The money may be directed straight to the hacker’s bank account, which cannot be traced after the transfer. [3]

Sadly, the list continues to grow.

Protecting your business

Prevention is always better than cure, so it’s important to learn more about cyber safety when running a business. The solution to most online threats lies in a combination of vigilance and technology. You also need to ensure your employees are alert to threats and are equipped to deflect them.

Examples of what a security policy could address are set out below:

 

Example

Internet security programs

Choose a reputable provider, schedule daily updates, and perform regular scans. If a threat is detected, immediately alert all staff and your IT support service.

Passwords

Ensure they are strong, individual to each site and user, within your business.

Daily backups

Your server or all computers must be backed up on a daily basis to an external drive. A copy of this backup should be kept off site or stored in a fireproof safe. Remember to test backup files regularly to ensure they are working correctly.

Payments

Implement a rigorous system for confirming the validity of all invoices. Limit the number of people authorised to pay invoices.

Confirm requests

If an email is received from a supplier requesting changes to payments, phone the supplier to confirm first.[3]

 

Depending on the size and potential vulnerability of your business, it may pay to have your system evaluated by a trusted consultant to protect it against any possible threats.

It may also be worth considering insurance specific to this threat, commonly referred to as Cyber Insurance. Traditional business insurance policies may not cover losses related to cyber-attacks.

[1} https://www.accc.gov.au/system/files/F1240_Targeting%20scams%20report.PDF
[2] https://www.business.gov.au/risk-management/cyber-security/identify-cyber-threats-to-your-business
[3] https://www.business.gov.au/Risk-management/Cyber-Security/Identify-cyber-threats-to-your-business

If you suspect any fraudulent activity, contact us immediately:
Technology & Operations 27 Apr 2018
In this digital age, clients are increasingly choosing convenience by submitting transfer and withdrawal instructions via email. Our two case studies below, a result of identity theft via email hacking, highlight the need to ensure any instructions you receive are really from your client.
5 mins
Technology & Operations 25 Oct 2018
Email is the primary method of communication with your clients, but email is also a great channel for fraudsters to steal identities and facilitate fraudulent requests. Read our top tips on what to look out for and actions to take to confirm it’s your client you’re dealing with.
10 mins
Technology & Operations 27 Apr 2018
​A fraudster may be cunning but they do leave clues. Our real-life case studies explain how fraudsters have targeted advisers’ clients and how they were able to stop the thieves in their tracks.
4 mins


The article was prepared by BT Financial Group, a division of Westpac Banking Corporation ABN 33 007 457 14, and is current as at 6 December 2018. 

This information does not take into account your personal objectives, financial situation or needs and so you should consider its appropriateness, having regard to these factors before acting on it. This information provides an overview or summary only and it should not be considered a comprehensive statement on any matter or relied upon as such. This information may contain material provided by third parties derived from sources believed to be accurate at its issue date. While such material is published with necessary permission, no company in the Westpac Group accepts any responsibility for the accuracy or completeness of, or endorses any such material. Except where contrary to law, we intend by this notice to exclude liability for this material.