For some, cyber threats may seem somewhat like a rare disease – the last thing on your mind until you have it happen to you.
You may think cybercrime is simply hacking, with dubious computer experts typing lines of code. In reality, cyber fraud and specifically phishing scams, are much simpler than that– which means you can actually detect their attempts. The economic impacts of cybercrime go beyond just the direct cost of scams to businesses, to also encompass reputational damage, loss of client trust/confidence, and time wastes – that according to one expert costs the economy up to $29 billion per year (that’s 1.9% of Australia’s gross domestic product).
This is why it is important to recognise that cyber fraud not only has financial implications, it can put many other business assets at risks, including;
- personalised customer information
- email archives
- financial records
- business planning documentation
- new business ideas
- marketing plans
- intellectual property
- product design
- patent applications
- employee records (which could include sensitive personally identifiable information such as their date of birth.
Often these criminals send emails pretending to be people you know and request payment or update of payment details. It could be that they have changed one letter in the email address – or perhaps they have actually gained access to the email account of your supplier and are making suspicious requests.
Types of Scams
Such scams can be disguised as
- Invoices from a supplier
- Request for payment from upper management
- Requests to reimburse for overpayment
- Attempts to gain personal information
- Phone calls asking for remote access to fix a “problem” on your computer
- Corona Virus related
- Threats and extortion
- Good old unexpected winnings or inheritances (it’s been around for a long time).
While the methods used by scammers are many, there are some basic approaches you and your staff can take to reduce risk and protect your information and money from cybercrime.
So how do you protect yourself?
Here are some starting tips:
- Be alert: If it does not look right then it probably isn’t – verify it.
- Verify Properly: Never verify through the suspicious channel. Set up a two-step authentication protocol with your accounts – such as a phone call or instant messenger. Never use the contact information in the suspicious email or letter.
- Passwords & authentication: Have a variety of strong passwords in use – don’t just use the same one, and change them regularly. Many online services and systems now require the use of two-factor authentication – which is a second way to verify yourself such as via a text message or a security code received on your mobile device. These security measures should be enabled on your systems and applications used by staff wherever possible.
- Anti-Spyware: Ensure you use protection software on all your devices.
- Awareness: Scams come in many shapes and forms. Ensuring your staff are aware of what the major scams are is knowledge worth refreshing periodically.
- Systems and Processes: Do you have a process for screening emails, calls and mail for clues of suspicious activity? Think about what protocols are in place should someone on your staff detect a whiff of suspicious activity.
Here is a short video you can use to highlight to your staff the need for better cyber security and scam awareness ( https://www.youtube.com/embed/BL7WJM342Uc ):
The Australian Competition and Consumer Commission’s website Scamwatch.gov.au has a great deal of up-to-date info on best cybersecurity practices for your business and details of current scam tactics to watch out for.
Awareness is the first step, but scammers are deviously inventive and constantly hatch new schemes. Having the right systems and processes can go a long way to maximizing your cybersecurity. We can provide an independent review of your systems to highlight areas of risk and help you establish stronger protective measures to protect your business. If you have any questions or concerns about how exposed your business is to cyber threats, please don’t hesitate to speak with Reece Jory and Darren Laarhoven.