- Article by Madeleine Swain
More than half (53 percent) of small business owners are worried their business will be scammed.
Despite this, two-thirds don‟t train their staff in scam awareness and prevention.
On average, Australian small businesses lose almost $40,000 per scam.
To mark National Scam Awareness Week (12 to 16 August) Westpac has launched a new report that reveals Australian small businesses are being increasingly and successfully targeted by scammers – losing significant amounts of money. With many architectural and design practices numbering fewer than 10 staff and modest turnovers, it’s a risk can be ill afforded.
Over half of Australian small business owners are concerned their business will be scammed, yet a quarter do not have processes in place to prevent the latest wave of scams hitting our shores, according to new research.
The Westpac State of SME Scams Report found small businesses are paying a hefty price to scammers; on average losing $38,845 and recovering much less than half (44 percent).
Almost half (46 percent) of small businesses suffered additional financial consequences after the incident, most commonly having to invest significantly in improved scam protection (25 percent).
Despite the financial implications, two-thirds of small business owners are not training staff in scam awareness and prevention and three in five don’t believe they need to invest more into staff development to prevent scams.
Ganesh Chandrasekkar, general manager of SME Banking at Westpac, is encouraging small businesses to think about their people as the most effective defence against scams.
“While most small businesses are confident they can identify scams, many of the latest scams we’re seeing, like business email compromise scams and remote access scams, are so well-disguised it takes a lot of expertise to recognise and safely avoid them.
“The research reveals scams are not only money-wasters, they are time wasters too. On average, it takes small businesses 33 days to rectify a scam and 42 percent of business owners said they lost valuable time that should have been spent in their day-to-day operations.
“With increasingly sophisticated methods being used to target small businesses, causing financial and reputational hardship, it’s important business owners strengthen their defences. A good start is putting more resources into education and training to increase awareness among staff,” says Chandrasekkar.
The findings show the most frequent forms of scams encountered by small businesses are phishing followed by false billing and invoice, and domain name renewal scams. It’s those relating to false billing and invoicing that are the most effective, impacting one-third of small businesses today.
‘Scam shame’ is a common emotional side effect, affecting two-thirds of small business owners who have been scammed. Two in five small business employees were also worried they would lose their job when they realised their business had been impacted.
The results show the consequences of being victim to a scam are not just internal facing, as a third of small businesses also faced brand and cultural repercussions, with 15 percent reporting their clients were negatively impacted.
Top tips for scam protection:
Be on the lookout and educate your staff about scams targeting businesses – always verbally validate any payment requests or account changes that are delivered via email. Regardless if the sender claims to be from a supplier or appears to be someone in your company, call them on a trusted number to verbally confirm first.
Be suspicious – refrain from clicking on links/pop-ups, opening attachments or downloading software if you are unsure of the source. If something appears suspicious, it is better to be safe than risk exposing your business to the dangers of a scam.
Ensure you have adequate and current anti-virus security software – and make sure the level of protection suits the needs of your business.
Use strong passwords – unique and strong passwords should be used for each system and changed regularly. Implementing a multi-factor authentication where available will add another layer of protection.
Keep data safe – implementing a regular back-up procedure is a simple way to safeguard critical business data. Setting user PC permissions and encrypting your databases will also help.
Beware of impersonators – criminals often like to pose as well-known organisations to entice you into fulfilling their requests. Common impersonations include ASIC, the ATO, energy companies or utility companies.
Register for Stay Smart Online Alert Service or Scamwatch Radar alerts – these are free government initiatives that alert of new online threats as they are identified.
Implement a cyber-security strategy to counter the evolving cyber threats – e.g. ensuring secure remote access protocol and setting up firewall rules.
Review your bank accounts and payee list regularly – call your bank immediately if you do not recognise a payee in your list or if you detect anything unusual.
To create a safe space for local businesses and communities to come together to learn more about scams, Westpac has launched Scam Awareness and Protection Seminars across Australia. For further information visit www.westpac.com.au/security.