Safeguard Your Small Business: Cybersecurity Must-Dos
Safeguard Your Small Business: Cybersecurity Must-Dos
Discover essential cybersecurity practices to shield your Australian small business from cyber threats. Learn to navigate the digital landscape safely and secure your business's future.
Cybersecurity has been in the news a lot lately. Australia recently witnessed large-scale data breaches that affected some of the country’s most prominent corporations. These highlighted that no business is impervious to cyber-attacks, which is why it’s especially important for small business owners to protect their businesses against cyber threats .
The Australian Cyber Security Centre (ACSC) Small Business Survey revealed that a staggering 62 per cent of the small to medium business owners surveyed had been victims of cyber-crimei. And these attacks come at a significant cost to businesses. Companies lost over $300 million last year due to cyber-attacks. Notably, the average cost per cybercrime reported to the ACSC rose to over $39,000 for small businessesii.
Given that digital data breaches can have a massive impact on a business, what are the challenges faced by small businesses and what are the best ways to keep yours safe?
Understanding Cybersecurity Insurance Options
Antivirus and malware security is an obvious starting point, but there is more to cybersecurity than signing up to a plan or downloading an app.
It’s important to understand what data your business holds, and in what locations. You might have data stored across numerous devices or services whether they are cloud-based or not, which increases the number of applications you need to keep secure. Multiple and numerous systems can also create more opportunities for a cybercriminal to attack, so streamline where possible.
Identify what information needs to be protected, thinking about legal requirements and confidentiality and security of information as well as what assets are most important to your company, including financial data, customer information, and intellectual property.
Effective Password Management Systems
The next step is protecting that information, which at the company level means encryption and using secure passwords. Consider implementing multifactor authentication for an additional layer of security to let the right people in and keep the wrong people out. This involves adding a secondary factor to your password, for example, a mobile phone number to receive an SMS with an access code.
Once you’ve reviewed your password protection, it’s time to think about how you keep track of them. Most businesses use a lot of applications, so password management tools are the best way to keep track of multiple, unique logins and passwords .
Regular Software Updates: Your Cyber Shield
Backing up data doesn’t just protect against cyber-attacks but also against human error and malicious actions as well as hardware failures and natural disasters. If you are using cloud-based applications, data back-up may seem easier as you are not having to manually back up things like hard drivers and servers. However, a note of caution – while the cloud is extremely secure, some providers still recommend doing regular backups with third-party services.
It’s also important to update software regularly to protect against the latest threats. You should regularly update your operating systems, web browsers, and other software to protect against malicious intent.
Cost-Effective Cybersecurity Strategies
Of course, maintaining a secure environment is also about educating your staff on how to avoid cyber-threats .
As well as having policies that describe how your business manages its infrastructure, it’s important that staff are up to date on how to actively avoid threats. All it takes is one person to click on a link in a dodgy email and your business could be vulnerable. The Australian government provides a useful resource for small businesses at www.cyber.gov.au/learn which includes modules and quizzes to help businesses educate their personnel.
Leverage Australian Government Resources
Finally, despite your best efforts, there is always a chance that your business may experience a cybersecurity incident. In such a scenario, it is important to respond quickly and effectively to minimise the damage and get back up and running as soon as possible. Make sure you have a defined process in place that describes who responds and what happens in the event of a breach so that you can react quickly.
Given the cost and time involved in recovering from a cyberattack , it’s worth putting a bit of thought into preventative measures.
The most common cyberattacks impacting small businesses are:
- Scam emails and phishing attacks designed to elicit passwords or confidential information.
- Business email compromise (BEC) emails impersonating a supplier requesting payment.
- Malicious software including ransomware, viruses, spyware, and trojans.
If you're looking for professional advice on how to better protect your business, we're here to assist. We offer a free half-hour consultation aimed at understanding your needs and exploring how we can support you. Feel free to reach out; we'd love to help .
This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.
Don't Fall Victim: How to Spot and Avoid Scams in Australia
Don't Fall Victim: How to Spot and Avoid Scams in Australia
With the increasing sophistication of scammers, anyone can become a target. Australians were expected to lose around $4 billion to scams in 2022, and no one is immune to these threats. Learn how to identify and avoid some of the most common scams in Australia, and protect yourself and your loved ones from becoming a statistic.
While it’s easy to think “it will never happen to me”, people who never expected to be victims of scams are actually among the most vulnerable to being taken advantage of. While the stereotype is that older people are the most likely to be scammed, Gen Xers, Millennials, and Gen Zs are actually more likely than seniors to report losing money to fraud.i
The reality is scammers don’t discriminate and people of any age or demographic who believe they are too smart to be tricked may be less careful and more likely to suffer a loss.ii And the losses are considerable. Australians were expected to lose around $4 billion to scams in 2022.iii
Here are some scams to be aware of that are doing the rounds:
Avoiding Scams from Trusted Brands and Government Agencies.
One of the most common scams at the moment is where a criminal pretends to be a trusted brand or government agency getting in touch to collect personal information or demand a payment. You may be contacted by email, social media, phone call, or text message and they will often direct you to an official looking website.
It’s easy to be taken in via text message as it can appear to be from a legitimate sender as the scammer uses ‘alpha tag’ technology to register a mobile number with a word or acronym – the ATO (Australian Tax Office) for example.
Beware of clicking on links and if you get a text message or call that doesn’t seem right, you can find the official contact details on the company’s website and call them to verify the scam.
Smart Shopping: How to Recognize and Avoid E-commerce Scams in Australia
Scammers prey on consumers and businesses that are buying or selling products and services.
As a buyer you may pay the money and never receive the goods you have paid for. To protect yourself be on the alert for scams - if the advertised price looks too good to be true, it probably is. For rental properties or holiday accommodation, only use reputable online booking agents.
As a seller, you may be tricked into believing the buyer has paid in full or even paid over your advertised amount, including sending falsified payment receipts to support their claim. The buyer may then request a refund for overpayment. To protect yourself, don’t accept a mobile payment from someone you don’t know and never accept or refund a deposit for more than the selling price.
False billing scams request you or your business to pay invoices for services or supplies you did not order so always double check and query demands for payment if in doubt.
Safeguard Your Identity: How to Prevent Scammers from Stealing Your Personal Information
Dating and romance scammers often make their approaches on social media or dating sites and will go to great lengths to gain trust. Protect yourself by never giving money or goods of value to someone you have never met in real life.
Scammers also appeal to our emotions by impersonating genuine charities to ask for donations after natural disasters or major events. To avoid being scammed approach charity organisations directly and check an organisation’s credentials on the Australian Charities and Not-for-Profits Commission (ACNC) website to see if they are a genuine charity.iv
Attempts to gain personal information
These include when a scammer gains access to your personal information by using technology.
Consider using multifactor authentication, a security measure that requires one or more proofs of identity to grant you access to any applications you use regularly and change passwords regularly, making sure to choose secure passwords.
Taking a little extra care to be aware and alert to the possibility of being scammed could save you a lot of heartache. Of course, we are here to help if you think something may be a little suspect.
i https://consumer.ftc.gov/consumer-alerts/2022/11/fraud-reports-and-losses-not-just-grandparents-story
ii https://www.finrafoundation.org/sites/finrafoundation/files/exposed-to-scams-what-separates-victims-from-non-victims_0_0.pdf
iii https://www.news.com.au/finance/money/costs/australia-to-cop-4-billion-scam-loss-in-2022-according-to-scamwatch/news-story/890e469b4b05a6c950e3cb6b4f83f56c
iv https://www.acnc.gov.au/charity/charities
This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.
Common Scams and how to avoid them
Common Scams and how to avoid them
Two, high profile customer data breaches recently have exposed millions of Australians to a new wave of potentially devastating threats from scammers. To mark Scam Awareness Week 2022, we look at two of the most common forms of threat, and what you can do to protect yourself.
Added together, the Optus and Medibank data breaches have put sensitive customer data of roughly half of Australia’s adult population in the hands of cyber criminals!
Changing your password is an important first step when these breaches happen. But the days when a password change could make everything right again are long gone.
What makes these breaches so dangerous for customers who’ve had their data stolen is all the unchangeable, or hard to change data that criminals gain access to.
For example: full name, date of birth, next of kin, mobile number, email addresses, residential address, Medicare, driver’s license and passport numbers, bank and other service provider details.
Armed with just 3 or 4 items from that list it’s very easy for criminals to concoct highly personalised, believable cover stories with which to hoodwink victims.
Two common forms of attack these days are phishing and imposter scams.
Phishing
Phishing is a two stage attack where criminals first trick victims into divulging login or credit card details. Armed with that data, they then commit fraud.
Phishing attacks take many forms and are constantly becoming more sophisticated. But normally the criminal impersonates a service provider or government body, either by electronic communication, or with a phone call. Sometimes they just ask for details. But often, they direct victims to bogus web pages that look legitimate. The victims think they are logging in to a known website, but in fact are entering their log in details into a form controlled by the criminal.
Imposter scams
In this type of attack, the criminals first manage to impersonate close relatives or work colleagues. Soon after they request some kind of money transfer, usually for some urgent reason like an accident, or being stranded somewhere.
A new, and increasingly common form of imposter scam is the “Hi Mum” attack. This
typically starts with a text message from a son or daughter claiming they’ve changed their mobile phone number.
Protecting Yourself
Be Extremely Suspicious of ALL Information Requests and Surprise Notifications
Any time a service provider contacts you, asking for sensitive information, a request to login to their site, for updated information, or a password change, you should treat it as a potential threat.
Likewise, be suspicious of notifications about online orders you don’t remember making, warnings that an important account is about to be suspended, or debts you didn’t know about
NEVER trust links or contact information provided in the notification messages in question. Instead use publicly available contact details to reach out and verify the message.
NEVER Use the Same Password Twice
One of the first thing hackers do when they capture usernames and passwords from any site is try those same details on a list of high value sites such as email providers, financial institutions, Amazon, ebay and social networks. So, if you duplicate passwords, you’re extremely vulnerable and you should expect trouble!
Cyber security experts highly recommend the use of password management apps such as LastPass, Dashlane, LogMeOnce and BitWarden. These not only help you keep track of unique passwords and make it quicker to log into many sites; they also help you generate new, hard to guess passwords.
Keep Abreast of The Latest Scams
Scammers are constantly inventing new ploys to catch people off guard that can be stunningly clever. As such it’s worth keeping up to date with the latest methods.
www.scamwatch.gov.au is one trustworthy source of information that provides a lot of up-to-date information on new threats in Australia and ways to outsmart them. Make a point of checking this site regularly.
Should you ever be unsure whether someone requesting your financial details is a trusted source, don’t hesitate to get in touch for our advice.
This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.
What is financial abuse and how do you stop it?
What is financial abuse and how do you stop it?
Until recently, financial abuse was often kept secret, especially where it occurred within the family. Thankfully that’s changing with public awareness campaigns and help becoming more readily available.
The emotional and economic damage caused by financial abuse can be far reaching and devastating. A recent Australian report calculates that in 2020 alone, financial abuse victims lost $5.7 billion while the cost to the broader economy was $5.2 billion.i
Nearly one in 30 women and one in 50 men suffer financial abuse each year, according to the Deloitte Access Economics report The Cost of Financial Abuse in Australia, 2022. These figures are almost certainly an underestimate, the report adds.
There are no typical victims of financial abuse: those affected are of all ages and means. Sadly, the abuser is often a friend, carer, partner or family member.
What is financial abuse?
Financial abuse is when someone uses your money without your permission, prevents you from getting access to money or takes charge of your financial decisions.
These days, financial abuse is considered a form of domestic and family violence, taking away your independence and leaving you feeling vulnerable and anxious. Victims may also suffer physical violence and emotional abuse.
The most common type of financial abuse is withholding income or controlling how it is spent, according to the Deloitte report. But there are other forms of abuse that can be equally harmful such as making a partner liable for a joint debt, preventing someone from working, refusing to contribute to household expenses and refusing to contribute to the costs of raising a child.
Many victims also suffer flow-on effects of the abuse such as financial hardship and stress, leading to mental health issues. Some may also lose their home.
In some cases of family violence, one partner takes control of the couple’s finances, preventing the victim from leaving the relationship. In others, where the victim does manage to leave, the abuser may continue their abuse using tactics such as expensive legal action or disrupting the victim’s work or business.
Recognising the signs
Victims of financial abuse may not be aware of the abuse for some time, allowing perpetrators to empty bank accounts, deplete investments and incur large debts in the victim’s name.
The federal government agency, Services Australia says the warning signs include:
- taking or using your money without your permission
- not being allowed to work
- having to account for how you spend your money
- withholding financial information from you
- spending any government payments you receive without your consent.ii
Incurring debts in your name is another form of financial abuse. Your partner may spend more than you agree on your credit card, pressure you into co-signing a loan with them, or take out a loan in your name, according to Australian Family Lawyers.iii They may also limit your educational opportunities by, for example, preventing you from enrolling in studies that could advance your career.
Older people and those living with disability can be particularly vulnerable to financial abuse if they rely on others for help and advice. Financial abusers may take money from their bank accounts or wallets, ask an older person to change their Will, take jewellery or other valuable items from their home, or take control of their decisions using a Power of Attorney when they are still capable of making their own decisions.
Where to go for help
If you or someone you know is suffering financial abuse, a number of free and confidential resources are available.
The MoneySmart website provides information about free legal advice at community legal centres or legal aid centres, and a number of suggestions if you need urgent help with money.
You can also find free and confidential counselling for family violence, abuse and sexual assault at: 1800RESPECT (24 hours a day, seven days a week)
1800 737 732
For crisis support, contact Lifeline (24 hours a day, seven days a week)
13 11 14
We understand that it can be difficult reaching out for support if you feel you or someone you love is being taken advantage of financially, especially if a family member is involved. Please call us if you would like a confidential discussion about safeguarding your finances.
ii https://www.servicesaustralia.gov.au/what-family-and-domestic-violence?context=60033#a8
iii https://www.australianfamilylawyers.com.au/information-centre/signs-of-financial-abuse
This article is intended as an information source only and to provide general information only. The comments, examples, words and extracts from legislation and other sources in this publication do not constitute legal advice, financial or tax advice and should not be relied upon as such. All readers should seek advice from a professional adviser regarding the application of any of the comments in this article to their particular situation.