sb-au logo
Story image

Small businesses unprepared for the latest wave of scams - Westpac

14 Aug 2019

Over half of Australian small business owners are concerned their business will be scammed, yet a quarter do not have processes in place to prevent the latest wave of scams, according to new research.

The Westpac State of SME Scams report found small businesses are paying a hefty price to scammers; on average losing $38,845 and recovering much less than half (44%).

Almost half (46%) of small businesses suffered additional financial consequences after the incident, most commonly having to invest significantly in improved scam protection (25%).

Despite the financial implications, two-thirds of small business owners are not training staff in scam awareness and prevention and three in five don’t believe they need to invest more in staff development to prevent scams.

Westpac SME banking general manager Ganesh Chandrasekkar is encouraging small businesses to think about their people as the most effective defence against scams.

“While most small businesses are confident they can identify scams, many of the latest scams we’re seeing, like business email compromise scams and remote access scams, are so well-disguised it takes a lot of expertise to recognise and safely avoid them.

“The research reveals scams are not only money-wasters, they are time wasters too. On average, it takes small businesses 33 days to rectify a scam and 42% of business owners said they lost valuable time that should have been spent in their day-to-day operations.

“With increasingly sophisticated methods being used to target small businesses, causing financial and reputational hardship, it’s important business owners strengthen their defences. A good start is putting more resources into education and training to increase awareness among staff,” says Chandrasekkar.

The findings show the most frequent forms of scams encountered by small businesses are phishing followed by false billing and invoice, and domain name renewal scams.

It’s those relating to false billing and invoicing which are the most effective, impacting one-third of small businesses today.

‘Scam shame’ is a common emotional side effect, affecting two-thirds of small business owners who have been scammed.

Two in five small business employees were also worried they would lose their job when they realised their business had been impacted.

The results show the consequences of being victim to a scam are not just internal facing, as a third of small businesses also faced brand and cultural repercussions, with 15% reporting their clients were negatively impacted.

To create a safe space for local businesses and communities to come together to learn more about scams, Westpac has launched Scam Awareness and Protection Seminars across Australia.

Some of Westpac’s top tips for scam protection are:

Be on the lookout and educate your staff about scams targeting businesses - always verbally validate any payment requests or account changes that are delivered via email. Regardless if the sender claims to be from a supplier or appears to be someone in your company, call them on a trusted number to verbally confirm first.

Be suspicious - refrain from clicking on links/pop-ups, opening attachments or downloading software if you are unsure of the source. If something appears suspicious, it is better to be safe than risk exposing your business to the dangers of a scam.

Ensure you have adequate and current anti-virus security software – and make sure the level of protection suits the needs of your business.

Use strong passwords – unique and strong passwords should be used for each system and changed regularly. Implementing a multi-factor authentication where available will add another layer of protection.

Keep data safe - implementing a regular backup procedure is a simple way to safeguard critical business data. Setting user PC permissions and encrypting your databases will also help.

Beware of impersonators - criminals often like to pose as well-known organisations to entice you into fulfilling their requests. Common impersonations include ASIC, the ATO, energy companies or utility companies.

Register for Stay Smart Online Alert Service or Scamwatch Radar alerts - these are free Government initiatives that alert of new online threats as they are identified.

Implement a cybersecurity strategy to counter the evolving cyber threats. E.g. ensuring secure remote access protocol and setting up firewall rules.

Review your bank accounts and payee list regularly – call your bank immediately if you do not recognise a payee in your list or if you detect anything unusual.

Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Download image
74% of APAC IT leaders say security culture is essential to business success
You can join these leaders in designing security awareness and training with your employees in mind.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More