As the new financial year begins, cybersecurity experts are urging small business owners to better protect their livelihoods against scammers.
Data from ACCC's Scamwatch website showed scammers have swindled more than $1,371,000 from Australians since the outbreak of COVID-19 began.
Specific COVID-19 scams to small business included scammers compromising business emails by pretending to be a supplier or business the owner usually deals with and using COVID-19 as an excuse to divert usual account payments to a different bank account, where payment goes to the scammer instead of the real business.
But this was not just limited to opportunist scammers exploiting the coronavirus pandemic, according to Cynch Security, small businesses were losing thousands to scammers every financial year.
Susie Jones, co-founder and CEO of Cynch Security, an Australian-owned business focused on cybersecurity for small businesses, said the number one scam that targeted small businesses was the invoicing scam, which could cost owners thousands of dollars every year.
Top three security risks for small businesses:
- Out of date internet-connected systems that can give criminals access to their business
- False billing and/or invoice scams
- Email takeover (often leading to ransomware) from poor password management
"Scammers don't discriminate on the size of your business or where you're located. Invoicing scams and business email hacks are hurting all small businesses in regional areas and in the major cities," Ms Jones said.
"Scammers can hack somebody's username and password within your business to get your personal details or hack a client you work with and start impersonating them.
"They will send fake invoices to you from a vendor with new bank details and even set up forwarding rules on your emails, before you know it you've paid a scam invoice that you thought was for one of your real vendors or clients," Ms Jones said.
Tips to protect yourself from these types of scams:
- Verify any request to change bank details by contacting the supplier directly using trusted contact details you have previously used.
- Consider a multi-person approval process for transactions over a certain dollar amount, with processes in place to ensure the business billing you is the one you normally deal with.
- Keep the security on your network and devices up-to-date, and have a good firewall to protect your data.
Businesses can also sign up to the ACCC's Small Business Information Network to receive emails about new or updated resources, enforcement action, changes to Australia's competition and consumer laws, events, surveys and scams relevant to the small business sector.
Michell Price, AustCyber CEO said trust in digital services and technologies was underpinned by strong cyber security practices.
"The rapid digitisation and digitalisation that has occurred because of COVID-19 has gone hand in hand with an increase in cyber attacks and cybercrime," Ms Price said.
"Protecting our digital infrastructure using tools like multi-factor authentication and keeping your software up to date is vital to protecting the important information businesses hold in their networks and systems. If we're all doing this kind of thing well, it helps to protect our whole economy against cyber attacks.
"Get a cyber health check done today on your business and its digital infrastructure, don't wait, or you may find you are responding to a breach that could have been avoided."
Tips to stop the scammers:
- Protect your passwords. It comes down to poor password management so start using a password manager and enable two-factor authentication
- Don't get tricked. Avoid being tricked by making a call to the business you're paying and check it to confirm before you pay the invoice
- Don't think it won't happen to you. Scammers don't discriminate on size, they can hit thousands of small businesses at the same time
- Get Cyber Fit. Cyber fitness is all about taking small incremental steps to improve your cybersecurity every day. First step is to understand what you have to lose and what tech you rely on. What data do you have and what is valuable?
Ms Jones said many people thought their own process was safe, for example, one password with different letters or numbers and only they know the passwords.
"But it'll come up in a data breach somewhere and their business will be compromised. Anything easy to remember is easy to hack, even if it's unique to you," Ms Jones said.