Home > Accounting Advice  > Keeping your business safe online

Keeping your business safe online

The Australian Competition and Consumer Commission (ACCC) received almost 6000 reports of business scams in 2016, with total losses due to these scam activities of more than $3.7 million. More than half of those hit were small businesses. They accounted for over $2 million lost, most commonly attributed to online hacking of email addresses. Even the average loss of $10,000 could mean the end for a small business.

Scams have been around since the dawn of civilisation, but modern technology has provided a wealth of opportunities for scammers, including the ability to hit millions of targets at once.

Many scams simply exploit the better side of human nature. Others rely on sophisticated technology that few people understand. Either way, the first line of defence is awareness.

Know the enemy

The most common threats to small business include:

  • False invoices: businesses receive fake invoices for goods or services that were not ordered. Many of the emails that the invoices are attached to also contain viruses.
  • Change in supplier details: businesses are duped into updating a customer’s bank account details, diverting payments to a scammer.
  • Malware: hidden programs in emails allow scammers access to your computer files or to your company’s entire server.
  • Phishing: emails usually purporting to come from your bank and aimed at stealing your password and login details.
  • Ransomware: locks up your computer with a demand of payment to unlock it.
  • Hacked website: someone gains access to your website administration and defaces it or denies you access.

Sadly, this list is growing…

Protecting your business

The solution to most online threats lies in a combination of vigilance and technology. You also need to ensure your employees are alert to threats and are equipped to deflect them.

A security policy should include the following at the very least:

  • Internet security programs: choose a reputable provider, schedule daily updates, and perform regular scans. If a threat is detected, immediately alert all staff and your IT support service.
  • Passwords: ensure they are strong, individual to each site and each user within your business.
  • Daily backups: your server or all computers must be backed up on a daily basis to an external drive. Remember to test backup files regularly to ensure they are working correctly.
  • Payments: implement a rigorous system for confirming the validity of all invoices. Limit the number of people authorised to pay invoices.
  • Confirm requests: if an email is received from a supplier requesting changes to payments, phone the supplier to confirm first.

Prevention is always better than the cure so learn more about this important aspect of running a business. Depending on the size and potential vulnerability of your business, it may pay to have your system expertly evaluated by a trusted consultant to strengthen it against any possible threats.

It is also worth considering insurance specific to this threat commonly referred to as Cyber Insurance. Traditional business insurance policies may not cover losses related to cyber-attacks and given the snowballing risks, Cyber Insurance is becoming another essential for business owners.

Millions of today’s businesses would not exist without the Internet, and the opportunities it provides seem limitless. Unfortunately those opportunities extend to the fraudulently minded, but by staying alert and following some simple rules you can protect your business from those looking for an easy ride.