Protection against cybercrime is vital for ensuring business success. Small businesses have fewer resources and are often pressed for time making them easy targets for scams and cybercrime. Many small businesses don’t believe something will happen to them and therefore have very loose or no security systems and protocols in place. The biggest danger is complacency.
18 – 24 May 2015 is National Consumer Fraud week. I attended a forum on Tuesday run by the ACCC with Dr Louis Geneste, Lecturer at Curtain University, Boaz Fisher, Executive Director CommsNet Group and Christine Linden, ANZ Head of Small Business Victoria and Tasmania. Here are some of the tips they provided to help protect yourself and your business.
- Keep your mail client, web browser and operating system updated.
- Emails may contain malicious programs as attachments or have links to malicious websites full of malware and scams. Think before responding to requests via email or opening an attachment especially a zip file. Exercise extreme caution with email attachments, as they are a common source of infection.
- Use antivirus software. It can help protect you from both mistakes and software bugs that allow malware to run without your permission.
- Back up your data regularly.
- Use strong passwords when creating logins.
- Think twice about what you say and do in an online environment especially social media.
- Never provide your bank, financial and accounting details to someone that contacts you unexpectedly.
- Evaluate your internal controls for effectiveness and identify areas of the business that are vulnerable to fraud.
- Have a clearly defined process for verifying and paying accounts and invoices. Keep your filing and accounting systems well organised—this will make it easier for you to detect bogus accounts and invoices.
- Check the details of any new trader before doing business including their Australian Business Number (ABN) at abr.business.gov.au .
- Never give out or clarify information about your business unless you know what it will be used for.
- Ensure that employees know the warning signs of fraud and basic fraud prevention techniques.
What can you do today?
Assess your threats
What’s lacking in your security right now? How are employees using your company-owned devices? What third-party cloud apps are you using? Are your systems truly backed up? Where are you exposed to risk? Whose job is it to make sure your network is protected and how do you know if they’re doing their job? If you had a security breach tomorrow what would you do? (or how would you know? How are you protected if an employee decides to steal data, misuse information, commit fraud or just makes a mistake? Could you get all the data back if you lost a server, laptop, member of staff, filing cabinet etc?
Create an action plan
Based on what’s discovered, what do you need to do to ensure that your systems, data and operations are secure from theft, compromise, corruption, etc.?
Schedule ongoing maintenance
Don’t take a “set it and forget it” approach to security — attackers won’t. It’s an ongoing process and a necessary part of running any business that relies on data and the Internet for its survival.
The best way to protect yourself and your business is to be aware. Arm yourself with the information needed to make it as difficult and frustrating as possible, which might well send scammers off looking for easier prey.