In this technological era, so much of our information is floating around cyber-space. It is so important as a business owner that you know what the latest cyber scams are and how to help protect your business from them. It is unfortunate that small and medium business owners are quite frequently the target of scammers.
These scammers can pretend to be from organisations, businesses or even individuals you trust. They trick you into giving them money or your personal or business details in order to commit fraudulent activity.
Lack of cybersecurity can have a devastating effect on any business but there are ways to ensure that you and your business are cyber security savvy, so you can protect your business and information.
Let’s start with, what are these scams?
False Billing and Payment Redirection
False billing scams target businesses by sending out false invoices for things such as:
- fake directories
- advertising and
- domain name renewal.
They may also issue you an invoice from one of your legitimate providers claiming that they have recently changed banks and wish to provide you with new payment details, asking you to redirect payment. If this happens you should always ring the company to verify the new details.
This one is probably the most common. These are fake links that are sent via email or text message, the aim of these is to get you to provide personal, commercial, or financial details via these links. They can often appear to be from trusted sources such as:
- your bank,
- well-known companies or
- government agencies such as the Australian Tax Office.
You may receive a message saying your account has been frozen for some reason and in order to gain access to it again, you need to click the link and enter information that may be of a personal or financial nature. Which scammers will then use to carry out other fraudulent activity.
Malware and Ransomware
A malware scam involves scammers sending emails or social media messages or using pop-ups that offer ‘free’ file downloads. If you click the link, it will redirect you to a fake website which asks you to install software in order to be able to access the content or view the video.
If you download the software, your computer will then be infected with malware (malicious software). This software can then allow scammers to access your files or watch what you are doing on your computer. They can then steal your personal details and use this information to do things such as making unauthorised transactions or transfers on your credit cards and accounts.
Ransomware is a type of malware that blocks or limits access to your computer or files, and demands a ransom be paid to the scammer for you to gain access again. Infected computers will often display messages to try to convince you into paying the ransom. Scammers may also impersonate the police and claim you have committed an illegal activity and need to pay a fine, or simply demand payment for a ‘key’ to unlock your computer. Even if the ransom is paid there is no guarantee that they will unlock your computer. It is most likely after the payment is received that they may then turn around and demand more money.
What Can You Do to Protect Your Business?
There are many steps that you can take to help protect your business.
Use Strong and Secure Passwords
It is a good idea to develop strong passwords that don’t contain personal details such as birthdays etc. Consider using a passphrase that includes numbers and symbols which is easy for you to remember but difficult for someone to guess. It is also recommended that you change these passwords on a regular basis and do not share them.
Multi-factor authentication is also another added layer of security when it comes to needing to log in. This requires users to provide multiple pieces of information in order to prove their identity – for example, a code or one-time password sent in a text message to your phone that will need to be entered when logging in to a website.
Remove System Access for Those That No Longer Require it
Ensure system access is kept up to date by removing employees that no longer work for you or have moved positions and no longer require the same access. The fewer people who have access, the better chance of being able to keep the information secure.
Ensure the Latest Available Security Updates are on All Devices
With the amount of viruses and malware out there, It can be easy to accidentally click on an email or website link which can infect your computer. To help prevent this, run regular antivirus and malware scans to ensure that any viruses and malware are caught as soon as possible.
It is also important that you keep on top of any anti-virus/malware software updates across all devices when they are released. This helps to ensure that your software is doing what it is designed to do.
Use a Spam Filter on Your Email
Always use a spam filter on your email account to help weave out any unwanted emails and clear out your spam folder regularly. Most importantly do not open any emails that look suspicious.
Be wary of downloading attachments or opening email links you receive, even if they are from a person or business you know. They can infect your computer with malware and lead to your business or client information being used to commit fraud.
Keep an Eye on Your Accounts for Unusual Activity and transactions.
It is important to pay attention and look out for any unusual or suspicious transactions and activity on all your accounts. This includes bank accounts, digital portals, and social media.
If an organisation you deal with sends you an email alerting you to unexpected changes on your account, don’t click on any included hyperlinks or log on to the organisation’s website by using links or attachments included in that email, no matter how authentic it looks.
You can take action immediately by checking those accounts and contacting the organisation by phone.
Do Not Leave Your Information Unattended
Secure your electronic devices wherever you are. Your information can be stolen in an instant. In some situations, you won’t even know it’s been stolen.
Make sure you:
- do not leave information unattended
- do not get up from your computer and leave it unlocked
- secure your electronic devices (such as phones or tablets) with passcodes
- securely store portable storage devices (such as thumb and hard drives) when not in use.
It is important you keep all your business, staff and client information secure. If your data is lost or compromised, it can be very difficult, time-consuming and costly to recover. If you do happen to become aware of a cyber scam becoming an issue for you or your business you can report it to the Australian Cyber Security Centre.