- More than half (53%) of small business owners are worried about being scammed
- Australian SMBs lose an average of nearly $40,000 per scam
Scams on small businesses are costing owners more than $20,000 a scam according to new research from Westpac.
The Westpac State of SME Scams Report found that on average small businesses lose $38,845 to a scam and recover less than half (44%) of that money.
Meanwhile, nearly half (46%) of those hit by a scam suffered additional financial consequences after the incident, with 25% spending on improved scam protection.
Small business owners need to train staff in scam awareness and prevention.
“With increasingly sophisticated methods being used to target small businesses, causing financial and reputational hardship, it’s important business owners strengthen their defences. A good start is putting more resources into education and training to increase awareness among staff.
The Westpac scams report found most frequent forms of scams encountered by small businesses are phishing, followed by false billing and invoice, and domain name renewal scams.
False billing and invoicing are the most effective, hitting a third of small businesses.
The bank has also released 9 things a business can do to increase their scam protection.
- Be on the lookout and educate your staff about scams targeting businesses.
Always verbally validate any payment requests or account changes that are delivered via email. Regardless if the sender claims to be from a supplier or appears to be someone in your company, call them on a trusted number to verbally confirm first.
- Be suspicious
Refrain from clicking on links/pop-ups, opening attachments or downloading software if you are unsure of the source. If something appears suspicious, it is better to be safe than risk exposing your business to the dangers of a scam.
- Ensure you have adequate and current anti-virus security software.
Make sure the level of protection suits the needs of your business.
- Use strong passwords
Unique and strong passwords should be used for each system and changed regularly. Implementing a multi-factor authentication where available will add another layer of protection.
- Keep data safe
Implementing a regular backup procedure is a simple way to safeguard critical business data. Setting user PC permissions and encrypting your databases will also help.
- Beware of impersonators
Criminals often like to pose as well-known organisations to entice you into fulfilling their requests. Common impersonations include ASIC, the ATO, energy companies or utility companies.
- Register for Stay Smart Online Alert Service or Scamwatch Radar alerts
These are free Government initiatives that alert of new online threats as they are identified.
- Implement a cyber-security strategy to counter the evolving cyber threats.
E.g. ensuring secure remote access protocol and setting up firewall rules.
- Review your bank accounts and payee list regularly
Call your bank immediately if you do not recognise a payee in your list or if you detect anything unusual.