SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Email Security
#
Banking
Small businesses unprepared for the latest wave of scams - Westpac
Wed, 14th Aug 2019
FYI, this story is more than a year old
By Staff Writer
Follow us

Over half of Australian small business owners are concerned their business will be scammed, yet a quarter do not have processes in place to prevent the latest wave of scams, according to new research.

The Westpac State of SME Scams report found small businesses are paying a hefty price to scammers; on average losing $38,845 and recovering much less than half (44%).

Almost half (46%) of small businesses suffered additional financial consequences after the incident, most commonly having to invest significantly in improved scam protection (25%).

Despite the financial implications, two-thirds of small business owners are not training staff in scam awareness and prevention and three in five don't believe they need to invest more in staff development to prevent scams.

Westpac SME banking general manager Ganesh Chandrasekkar is encouraging small businesses to think about their people as the most effective defence against scams.

“While most small businesses are confident they can identify scams, many of the latest scams we're seeing, like business email compromise scams and remote access scams, are so well-disguised it takes a lot of expertise to recognise and safely avoid them.

“The research reveals scams are not only money-wasters, they are time wasters too. On average, it takes small businesses 33 days to rectify a scam and 42% of business owners said they lost valuable time that should have been spent in their day-to-day operations.

“With increasingly sophisticated methods being used to target small businesses, causing financial and reputational hardship, it's important business owners strengthen their defences. A good start is putting more resources into education and training to increase awareness among staff,” says Chandrasekkar.

The findings show the most frequent forms of scams encountered by small businesses are phishing followed by false billing and invoice, and domain name renewal scams.

It's those relating to false billing and invoicing which are the most effective, impacting one-third of small businesses today.

‘Scam shame' is a common emotional side effect, affecting two-thirds of small business owners who have been scammed.

Two in five small business employees were also worried they would lose their job when they realised their business had been impacted.

The results show the consequences of being victim to a scam are not just internal facing, as a third of small businesses also faced brand and cultural repercussions, with 15% reporting their clients were negatively impacted.

To create a safe space for local businesses and communities to come together to learn more about scams, Westpac has launched Scam Awareness and Protection Seminars across Australia.

Some of Westpac's top tips for scam protection are:

Be on the lookout and educate your staff about scams targeting businesses - always verbally validate any payment requests or account changes that are delivered via email. Regardless if the sender claims to be from a supplier or appears to be someone in your company, call them on a trusted number to verbally confirm first.

Be suspicious - refrain from clicking on links/pop-ups, opening attachments or downloading software if you are unsure of the source. If something appears suspicious, it is better to be safe than risk exposing your business to the dangers of a scam.

Ensure you have adequate and current anti-virus security software – and make sure the level of protection suits the needs of your business.

Use strong passwords – unique and strong passwords should be used for each system and changed regularly. Implementing a multi-factor authentication where available will add another layer of protection.

Keep data safe - implementing a regular backup procedure is a simple way to safeguard critical business data. Setting user PC permissions and encrypting your databases will also help.

Beware of impersonators - criminals often like to pose as well-known organisations to entice you into fulfilling their requests. Common impersonations include ASIC, the ATO, energy companies or utility companies.

Register for Stay Smart Online Alert Service or Scamwatch Radar alerts - these are free Government initiatives that alert of new online threats as they are identified.

Implement a cybersecurity strategy to counter the evolving cyber threats. E.g. ensuring secure remote access protocol and setting up firewall rules.

Review your bank accounts and payee list regularly – call your bank immediately if you do not recognise a payee in your list or if you detect anything unusual.

Related stories
Absolute Security focuses on cyber resilience in company rebrand
Armis acquires Silk Security for a total of $150M
Most enterprise PCs ill-equipped for AI-induced security threats
Three ways employees can spot a deepfake scam
Qualys offers free cybersecurity platform access after NCSC guidance
Top stories
Kaspersky illuminates LockBit ransomware group's advanced tactics
Bugcrowd launches AI bias assessment for secure LLM application use
First-party data collection prioritised due to privacy laws
Cisco boosts Secure Application with added data, cloud security features
MotivationWorks upgrades cybersecurity with Radware