Cybersecurity: protecting your small business from scams

While most of us have coped with COVID-19 by supporting each other, scammers have seen it as an opportunity to ramp up cyber-attacks on small businesses.

According to the ACCC’s Scamwatch website, during the height of the pandemic fraudsters started using COVID-19 in “email compromise” scams by posing as a regular supplier or business who has had to change their banking details due to COVID-19. Any payment made by a company to the new account would then go to the scammer, not the genuine business.

But this sort of behaviour doesn’t just occur during times of crisis or busyness, like a pandemic or Christmas, when we’re more distracted than usual. In fact, small businesses are being regularly targeted by scammers, losing thousands of dollars every year.

Why are small businesses being targeted?

You might think scammers would prefer to target larger companies with more data and money to steal, but in 2019 small and micro businesses reported more email-based scams than medium and large-sized businesses, with average losses of around $11,000*.

The big question is why? Here are two key reasons.

• Cyber criminals may assume smaller businesses don’t have the same defences in place as larger ones, with less experience and fewer funds to put towards IT security. While not always true, businesses can be particularly vulnerable to this when starting out, when it is common for workers to be juggling multiple jobs – including would-be cyber security expert.
• All businesses interact with suppliers or other companies – some of these organisations may hold sensitive data or access to money that makes them an attractive target for cybercriminals. A small business could unwittingly provide a path into this more lucrative network if they are not on the alert to scammers breaking into their own systems.

What are some common examples of cybercrime?

There are many types of cybercrime (and scams generally) that are designed to disrupt and defraud your business, including overpayment scams, malware and ransomware, billing and invoice scams, theft of both identity and money, and attacks on your computer networks and systems.

To protect yourself, cyber security should form part of your daily business processes.

For a detailed overview of the types of scams you should be aware of and the red flags to look out for, refer to the resources listed later in this article.

What are some of the impacts of being scammed?

The chances of recovering money stolen by a cybercriminal are very low. The best you can do (and should do) is report the scam to try and help others avoid it and take steps to shore up your business’s defences and look at training to protect against future attacks.

It’s not only the immediate financial impacts that can be devastating. Your business could also suffer trust and reputational damage, particularly if your customers have also lost money or had their privacy and personal information stolen or compromised. Not to mention there are often significant costs associated with getting your business back up and running.

Depending on your industry and the regulations that apply to you, it’s also possible you could face financial penalties if you didn’t have the required level of IT security safeguards in place to begin with.

How can you stay on top of cybercrime threats?

There are many dedicated resources to help small businesses protect themselves from cyber security threats – and recover if they have been targeted. We’ve rounded up some we believe you will find useful.

• The Australian Cyber Security Centre has developed a Small Business Cyber Security Guide specifically for small businesses. If you’re learning about cyber security for the first time and need the basics on anti-virus software, backing up and restoring data, browsing the web safely and more, this is a good place to start.
• Scamwatch, which is run by the ACCC, is a trusted source of information on all types of scams affecting consumers and small businesses. You can also report a scam via the Scamwatch website and sign up to the ACCC’s Small Business Information Network to receive emails on the latest news for your sector, including information on any scams doing the rounds.
• The Government’s business.gov.au website has a section devoted to protecting your business from online attacks, including tips on developing ongoing plans and procedures to ensure cyber security is a regular part of running your business.
• You could even reach out to your banking account manager or the Chamber of Commerce for your industry to see if they can offer any additional help and resources.

*https://www.scamwatch.gov.au/news-alerts/business-email-compromise-scams-cost-australians-132-million