Don’t let the fact that no-one was injured during a crime convince you for a moment that white-collar crime has no victims. There is an epidemic at the moment, and whether it be cybercrime or employee fraud , there are real victims trying to run a business and the losses are very real.
The most recent disturbing trend is that of false requests for payments apparently sent from the CEO to the senior accountant. These scams previously contained spelling mistakes, and come from odd email addresses. Now they look so legitimate with email addresses almost identical to the real thing, it is near impossible to pick up in time. Generally, once the payment is made, the money is gone for good, not to be seen again.
Authorities are struggling to keep up with the demands for resourcing authorities to investigate. The Government has recently introduced “ACORN” – Australian Cybercrime Online Reporting Network, a website to help assist direct victims of cybercrime through the process. It also contains valuable resources and links to help keep your business safe.
Business owners can keep up-to-date with significant and trending cybercrime events at https:/www.acsc.gov.au/news.html. The government has also produced a guide to Staying Safe online. It was developed in collaboration with ANZ Bank, Australia Post, Commonwealth Bank, National Australia Bank, Westpac and Telstra. The Small Business Guide is very simple to read, so please take the time to visit https://www.staysmartonline.gov.au/smallbusinessguide.
Some of the important points included in this guide are:-
PRIVACY - Take protecting your business seriously—do not share passphrases or keep sensitive business or customer data on computers outside your control.
Administrators need greater access privileges than normal users so they can undertake activities that may impact several users or business processes. Avoid software that gives standard users the same access privileges as administrators.
In addition, employees should have individual access credentials for each business system (not shared credentials). Your employees should only have access to the information they need to do their job. By limiting that access on a need-to-know basis, you reduce the risk of an 'insider' accidentally or maliciously releasing confidential information.
PASSPHRASES - If you are running a small business, you need to educate your team to protect your business information held on desktop computers and mobile devices such as smartphones and tablets. Put simply, passphrases are a series of words that are longer, easier to remember and harder to guess than traditional passwords.
AWARENESS - Staying smart online is not just about you and your team, it's about insisting your business partners and suppliers, and even your family and friends, stay up-to-date with the latest scams, spam and internet threats.
Being aware also means knowing the right questions to ask. As a business owner, you need to be able to have an informed discussion with your IT provider to ensure they can meet your needs.
Awareness also extends to being on the lookout for suspicious messages, including:
NETWORK & DEVICE SECURITY - Having antivirus software that is updated regularly is a good start, as well as setting your systems to automatically update software.
Mobile phones and tablets may provide access to your sensitive business information. Insist workers lock them with PINs in case of loss or theft and limit business information stored on them. Treat any network that your business does not control as insecure, particularly public wi-fi. Educate your workers to be wary of plugging unknown USB drives into their computers as these drives may contain viruses.
BACKUPS - Not backing up your data can cost you your business. You can lose accounting files, invoicing and quoting systems, letters and emails, information and resources, and even your website files.
Regularly backing up your data or setting devices to automatically back up can help you quickly recover from a cyber attack, hard disk failure or another disastrous event.
Cyber Insurance Policies to protect your business from the consequences of these type of attacks are becoming much more common and are providing more protection to companies that may have otherwise had to incur the cost of the damage themselves. It is becoming a “must have” policy.
For more traditional Employee Fraud, it is a case of always being vigilant and keeping a thorough oversite on all aspects of your business. Remember:
Make sure your business has crime insurance including Employee Dishonesty coverage (sometimes referred to as “Fidelity Insurance”).
Gow-Gates specialises in this type of risk placement, so if you believe that this issue is relevant to your business, please feel free to contact Rebecca Fleming, Account Manager of our Travel Industry Division at Gow-Gates Insurance Brokers on (02) 8267 9919 or rfleming@gowates.com.au to discuss your circumstances or to obtain a quotation.
Gow-Gates Insurance Brokers advises that persons should not act on the material contained in this article as the items are of a general nature only and may be misinterpreted. We therefore recommend that advice be sought before acting in these areas.