How to Protect Your Business from Cyber Threats and Online Scams
Is your business safe from cyber threats and online scams? Cybercrimes have become sophisticated with technological advancements. Upgrade your business cybersecurity system with a Technology Loan.
All companies are susceptible to cybercrimes, but startups and SMEs have been the most successfully exploited because of their lack of cybersecurity tools and preparation against cyber threats and online scams. Many small business owners do not give much importance to cybersecurity, believing that their organizations are not worth being attacked.
Online Scams Usually Begin as Cyber Threats
Cyber threats are malicious attempts to breach the computer network or system of an organization to disrupt, damage or manipulate it. The attacker seeks to damage data, steal data, or disrupt digital life in general. These threats include malware, data breaches, and Denial of Service (DoS) attacks.
According to the Australian Bureau of Statistics, 1 out of 10 businesses in the country had experienced a cybersecurity incident or a breach in the financial year 2017-2018. Almost 18 % of these businesses were not aware of the attack.
When cyber threats successfully exploit a business's computer system and network, they can cause major financial, reputational and legal damage. The disruption of the business process, theft of highly confidential corporate information, and the repairs of the affected systems can lead to financial loss. Cyber threats also damage your business reputation and consumer trust. Additionally, your staff and clients can sue you for compromising their records.
According to Scamwatch, an online resource run by the Australian Competition and Consumer Commission (ACCC), Aussies lost nearly half a billion dollars to scammers in 2018. Considering that not every victim reports to a government agency, the total financial loss could be higher.
Top Cyber Scams Businesses Should Watch Out For
Out of the ten most common scams in 2019 that are reported to Scamwatch, eight mainly target business entities and are carried out online. These include:
Phishing is the top cyber threat in the country and is the root cause of many scams. The latest number of phishing incidents reported to Scamwatch this year is currently 11,475.
Phishing involves the sending of fraudulent communications to install malware on your computer, which steals sensitive data like your login credentials, credit card details and personal or business information. It is typically done through emails, which mimic a reputable organization by copying its formatting and colour almost perfectly. The goal is to trick you into clicking a malicious link in the email or respond to the sender with the information they requested.
2. Harassment and Extortion (Threats to Life, Arrest or Other)
While most harassments are delivered over the phone where it’s easier to intimidate or persuade by speech, many are sent through emails. These emails usually claim payment for speeding tickets, tax office debt or unpaid bills.
Scammers impersonate police or government officials and use threats to your life, arrest or property to frighten and force you into giving them money or giving your personal information like passport details and bank accounts. Some may also threaten to hijack your computer or steal your identity if you don’t cooperate.
3. False Billing
Scammers whose intent is to infect your computer with malware or ransomware usually use emails with fake bills as attachments. Opening these attachments will automatically install the malicious program unless your computer is protected with an anti-malware or anti-virus.
Some scams send emails of fake billing invoices for directory listings, domain renewals, advertising and office supplies. Others use a payment redirection, where scammers pose as one of your regular suppliers and inform you of the recent changes in their banking details. They then give you a new bank account number for all your future payments transactions. Using the fraudulent account number to update your supplier’s details can cost you thousands, if not millions.
4. Identity Theft
In this type of fraud, scammers use of your identity to steal your money or do other illegal actions under your name.
Identity thieves steal your personal information and credit card details through phishing, hacking, remote access scams, and malware and ransomware. Others access your files through unlocked mailboxes and discarded personal documents, like utility bills and health care records. They can also use fake online profiles to follow you on social media to get more details about your personal life.
5. Remote Access Scams
These scams are typically done over the phone where scammers call you and introduce themselves as employees of well-known telecommunications or computer company or technical support service provider. They then proceed to tell you that you have a computer or internet problem that needs to be fixed immediately. To address the issue, they need remote access to your computer.
Some scammers try to talk you into buying unnecessary software or service to fix the issue. Others intend to get your bank or credit card information during the telephone conversation. The worst, however, steal your personal information when they gain remote access to your computer. Some also install malware onto your system. This could end up in you losing confidential files and control over your computer and online accounts.
When a scammer breaks into your computer, smartphone or network, they can install malware and ransomware. Malware destroys your files, track your activities or steal your login credentials and personal information. Ransomware encrypts your files or locks your computer. You will lose access to your computer system or data until you pay the hacker for the decryption key.
Hackers can also use your personal information for identity theft or they can spend your money and deplete your savings using your banking and credit card details.
7. Investment Scams
These schemes lure you to invest a large amount of money on a promising financial opportunity. One of the most common investment scams done online is sharing promotions and hot tips.
This involves a scammer who contacts you via email or posts a message on social media or forum site that appears to be an insider tip. The message implies urgency and encourages you to buy shares in a company that they predict is about to increase in value. What’s happening is that the scammer is only trying to boost the price of the stock so they can sell shares they have already bought and make a huge profit. After this, its share value will dramatically plummet and you will be left with virtually worthless shares.
8. Classified Scams
If you are an entrepreneur who sells your stuff online or advertises your products through print and online classifieds, beware of scammers who pose as genuine buyers. They pretend to be very interested in your products but need your help to pay an agent or third party for upfront costs like transportation or insurance.
Another type of classified scam for sellers involves a scammer sending you a cheque for more money than the sale price of your product. The scammer will then ask you to refund the excess amount through an online banking transfer or a wire transfer. Once the money is refunded, the cheque has bounced and the buyer is nowhere to be found.
How to Prevent Cyber Attacks and Scams
1. Install anti-malware and antivirus protection.
This is one of the basic steps that you should do to keep your business from cyber threats. Anti-malware and anti-virus protection can easily detect and clean malicious software or viruses that are typically acquired from visiting infected websites, social media pages and phishing emails. If not removed from your company computers, they could damage important data and harvest personal information.
Run anti-malware and antivirus protection on all your company computers, as well as on your mobile devices. Encourage your employees to do this regularly on their assigned computers or, if you have an IT staff, instruct them to do a regular check-up and maintenance of your computer systems and network. Also, keep your software programs and operating system up-to-date with the latest patches and updates.
2. Educate your employees about cybersecurity and data privacy.
Make your employees aware of cybersecurity threats and how they can be prevented by good online behaviour. It only takes one unsuspecting employee in order for hackers to infiltrate your company’s defences and carry out a targeted attack.
Remind them not to open attachments or click links from unsolicited emails, not to visit websites that are known to contain malware, and not click links sent by people they don’t know. Encourage them to regularly change the passwords of their personal and company computers and smartphones, emails, as well as their social media accounts. Also, require them to encrypt their emails to protect personal or sensitive information.
3. Get the right partners and platforms.
Get a Web Application Firewall (WAF) to protect your websites from known, unknown, and modified web attacks. Ensure that your hosting company constantly patch security vulnerabilities. You can also hire an outside expert to evaluate your risks for cyber-attacks and guard your data online.
If you run an eCommerce website or a platform that accepts plastic payments, make sure that it is Level 1 compliant with the Payment Card Industry Data Security Standards (PCI-DSS). This organisation requires businesses to follow a set of security standards designed to maintain a secure environment for all companies that accept, process, store or transmit credit card information.
4. Secure your hardware.
Physically lock down your computers and network storage in order to prevent theft and data breaches. Keeping your server room doors locked and using Kensington locks or rack-mounting hardware will make the burglars’ job tougher. You can also secure servers with USB security keys and hardware-based encryption. Even if the drives are stolen, they would be unusable to the thieves.
Install tracking software on mobile laptops and company smartphones. This will help authorities locate the devices if they get stolen. You can also password-secure them if it goes missing. If the stolen devices have a camera, the software can also take photos and send photos of the thief. On top of these security measures, do not forget to install security cameras and alarms in your office, especially in high-risk areas.
5. Lock your network.
Data encryption ensures that your company data is securely protected from external users, especially when the data is in the cloud. You can also prevent opportunistic hackers from destroying and stealing confidential information because they cannot breach the high security level. If these cybercriminals get into your system, they can encrypt your data and demand a ransom in exchange for the password.
Additionally, you are assured that the values and information are correct and easily accessible anywhere with an Internet connection. Most current operating systems come with full-disk encryption tools, like BitLocker on Windows-based PCs and FileVault on Macs. Once turned on, these tools will encrypt every file and program on the drive with no noticeable performance lag.
6. Encrypt your data.
Choose a wired network for your business as much as possible. Wired networks offer better security than wireless networks because hackers can’t access them. Your staff, meanwhile, can access the network by either plugging into physical outlets or using hacking modem ports.
If a wireless network is essential to your business operations, however, you can disable the service set identifier (SSID) broadcasting function on the wireless router. This creates a cloaked or hidden network, invisible to casual Wi-Fi snoops and accessible only to users with the exact network name. Just periodically change the network's information and give the updated network name and passcode to the intended users.
If you're using Wi-Fi, update it to the latest encryption standard. WPA2, the current standard, has a longer encryption key that is more difficult to break into. To make your data even safer, create a nonsense password with numbers, special characters and capital letters. This will take hackers a million years to crack the code.
What to Do If You Have Been Hacked
- Change your passwords and update your computers and network. If you see unusual activities on your business emails, social media pages, websites and other online business accounts, immediately change your passwords, check all your computers for malware and your network for rogue clients. Closely monitor your accounts for more unusual activities thereafter.
- Report any unusual financial transactions to your bank. If you’re keeping an eye on your balances and notice a discrepancy, like unauthorised access or huge money transfer to an account where you don't do business with, contact your bank immediately to have it investigated. The sooner you do this, the sooner you can prevent any financial damage.
- Call your local police for any stolen or tampered computers. They can investigate deeper into the incident and can contact the appropriate authorities, including the Australian security services if needed.
- Report any cybercrime incident to the Australian Cybercrime Online Reporting Network (ACORN) and scams to the Australian Competition and Consumer Commission (ACCC).
With cyber threats happening every second of every day, it’s important to stay ahead of the game by updating and managing your business’s technology and IT needs. Protect your business from cyber criminals.