Cyber fraud is on the rise and it could be costly for your business. We’re sharing some advice on steps you can take to be more cyber aware.
What is cyber fraud?
Cyber fraud is, essentially, digital financial crime. As technology becomes more sophisticated and as our reliance on it grows, cyber fraud is an increasing risk for small- to medium-sized businesses. We’re sharing advice on common schemes and steps you can take to avoid them, helping to keep your business safe and secure.
Why is cyber fraud an issue for businesses?
The Australian Cyber Security Centre (www.cyber.gov.au) estimates that each reported event of cyber fraud costs a small business around $70,000. Cybercrime is also increasing, up 23 percent on the previous year. On average, a cybercrime is reported every six minutes.
Cyber fraud is also notoriously difficult and time-consuming to resolve. If your company has cyber insurance, often losses can be recouped. However, the process takes time and there are frequently clauses in contracts around cyber preparedness that you can get caught out over. (For example: If your business processes a payment to a fraudulent account, you might be deemed liable for the loss and the bank might not return the funds.)
Some cybercrimes can also effectively shut down business operations. It can take weeks if not months to recover from this if the appropriate redundancy is not in place. Some companies may need to restart operations entirely.
Common types of cyber fraud
Compromised emails and online banking fraud top the list of the most frequent types of cybercrimes for businesses. To break it down even further, here are four common cyber schemes to be aware of.
Ransomware. This is a type of malicious software that locks or encrypts your files, making them inaccessible. The cybercriminals behind this activity then hold these files for ransom, demanding payment (usually in the form of cryptocurrency) to restore your access to the files.
Domain spoofing. Spoofing uses lookalike domains to trick suppliers into providing information to a fake website. For example – instead of ‘mywebsite.com.au’, the lookalike domain would be ‘mywebbsite.com.au’. It’s difficult to catch, especially in our busy day-to-day lives; we understandably become familiar and complacent, especially with suppliers we’ve worked with before.
Another form of spoofing is using a lookalike email address (‘me@mywebbsite.com.au’ or ‘mywebsite@gmail.com’) to trick the recipient into making a fraudulent payment or sharing sensitive information.
Business email compromise. Cyber criminals will use email to imitate business contacts or compromise the email account of an employee. It’s a more targeted attack where they will send emails to known contacts of the victim. These emails will often include invoices or a request for urgent payment to a new account or bank. This is another scheme that’s slippery to catch. It’s good practice to always validate payment changes in person or over the phone with a trusted contact.
Phishing. These are annoying scam messages designed to trick the recipient into revealing sensitive information, such as passwords or personal details. They might also encourage the recipient to click links that will compromise your electronic device.
How to protect your business from cyber fraud
There are steps you can take to help mitigate the risk of cyber fraud to your business. Here are six of the most important ones:
1. Enable multifactor authentication (MFA). MFA is essentially a number of hoops to jump through before gaining access to a system. This could include something you know (a secure password, for example) and something you have (a SMS message sent to your phone). It could also include something you are, like a fingerprint or facial recognition (face ID). Having MFA makes it much more difficult for cybercriminals to gain access to your accounts and information.
2. Back everything up regularly. Make sure that you have offsite or disconnected backups for your systems and back these up regularly. If one of your systems is rendered unusable through cybercrime (or some other event), it will be much easier to return to business-as-usual. Your IT provider should offer this service.
3. Establish a process to confirm changes to bank details. Never accept an email as blanket proof of bank detail changes. Always validate any changes to bank details with the supplier or customer directly or with a trusted contact for that person. Establish this process with your suppliers and customers at the outset of your relationship.
4. Keep your systems updated. Once cybercriminals have infiltrated a network, they will often leverage vulnerabilities and weaknesses in systems. Your systems provider (Microsoft, for example) will ‘patch’ these weaknesses as they are identified, but it is up to the business owner to ensure the system is updated or ‘patched’.
Tip: If you are using an IT provider, speak to them about patching and make sure it’s occurring frequently.
5. Enable anti-spam services. Mail providers will offer higher levels of filtering for emails to detect phishing and other malicious attempts to gain access to email services. There may be a small cost for this service, but it is recommended.
6. Upskill and empower your team. The more knowledgeable eyes you have looking out for your business and customers, the more likely you are to avoid cyber fraud. Many companies will offer to upskill their employees through training courses. Others will incentivize or reward cyber-savvy behaviour. Cyber safety is everyone’s business, and it’s important to empower your team to help.
*This information is of a general nature only and should not be regarded as financial or legal advice. It does not take into account your individual circumstances or objectives. You should always seek advice from a suitably qualified professional.
For more business tips and advice...
We offer a variety of free advice to help your business thrive, from tips on tax deductions to looking after your mental health.