A ‘suspicious email’ rolled into my personal email account over the weekend, gently reminding me that my payment to a UK-based software supply company was overdue.
I smelled a rat. But curiosity did get the better of me, and after a quick peek (which really goes against my better judgement, for fear of unleashing a nasty virus onto my system), I promptly deleted it.
What was interesting about this particular invoice though, was that it looked totally legit. And, because it was asking me to pay less than $150, if it turned up in a company accounts department, depending on processes and who has what level of payment authority, it could potentially, go unquestioned.
These kinds of scams are becoming increasingly common.
Statistics from last year show that cybercriminals stole a record $107 million from Australian businesses and individuals – an annual increase of 18% on what they netted in 2017.
This is cyber fraud at its best. Hackers are having a field day, too. By targeting usernames and passwords they’ve almost doubled their earnings since 2017, and garnered, illegally, more than $10 million.
Undoubtedly, hackers are getting smarter and more sophisticated. Because we tend to be more educated generally, about phishing scams and dubious pop ups and promises of large sums of money (remember the Nigerian email swindle?), scammers have had to adapt to a more wary, cynical, online user base.
They’ve upped their game.
The other reason they’re so successful frankly, is that more of our information is held online.
People tend to also live a lot of their lives online, uploading photos and personal details to social media without thinking twice.
Some social media giants (most notably Facebook) have recently got themselves into a great deal of trouble with the law for not actually carefully explaining to users that the apps associated with social media are able to access some of their data, unless they specifically ‘opt out’.
For the savvy cybercrime specialist these people are easy pickings. In an interconnected world, it doesn’t take long to join the dots, figure out a likely username and a password using the name of their pet cat, or even to personalise a scam using the energy company they’ve admitted to belonging to, the local council they’ve whinged about, or a charity they’ve publicly stated an interested in. Identity theft is no longer the stuff of science fiction, either.
So – the lesson for us as people, is to keep our security settings up to date and to be careful about the personal information we share online.
The challenge for us as businesses is to keep our business security in tip top shape. Encryption, where your whole system gets shut down for ransom, is another threat. Protecting your own data with firewalls and virus protection is paramount.
We also need to take utmost care with our customers’ data.
Mandatory breach reporting became law last year which means that if a company faces a data breach, or even a suspected one, they must, by law, report this to both the government, and their clients.
This is a total business killer if ever there was one. Don’t let it happen to you.
There are four things you need to consider as a small business owner to reduce your risk.
Firstly, if you’re not already using it, make the shift to cloud for sensitive information, if not all your business administrative functions. We’ve blogged recently on this topic, in particular how using Blockchain technology is much more secure than leaving data on a local server.
Secondly, usernames and passwords are your frontline defence, and they need to be changed often.
Even your Mailchimp account could be vulnerable, allowing crims to send an email to your entire database within minutes.
The latest cyber security information suggests that if you have a long password, you’re less likely to be targeted. By all means, still use letter/symbol/number combos, but make them into phrases, rather than just words. More than 16 characters is your goal.
Thirdly, educate your staff. Have written policies, and put internal processes in place for dealing with anything that looks dodgy: emails, web activity, social media communications etc.
Lastly, be vigilant. Build cyber security reviews into your planning. Budget for them, and make them a regular part of business and risk management practice. There are a number of reputable specialist IT firms that can tell you where your weaknesses are. None of us can afford to be complacent. Technology is changing at a rapid pace, and we really do need experts.
This is not something that you can ignore, or skimp on investing in.
This is the digital age. We have no choice but to operate within it, and it has many advantages. Cybercrime is an unfortunate downside, so we need to make sure we adequately protect ourselves and our customers/clients to the best of our ability.