Recently, small business owner, Phoebe Bell of Sage and Clare, a popular homeware designer business in Australia, opened up about her company falling prey to email scammers. Sage and Clare lost $10,000 from the hi-tech thieves who Bell says were most likely tracking the company’s emails for months.
As they have done countless times before, Sage and Clare placed a routine stock order with an unnamed supplier. In fact, Bell handled the order herself, emailing back and forth with the supplier about the order for several weeks.
In the midst of negotiating the order, the supplier informed Bell they had a new bank account to pay the money into for the order. Again, this was nothing out of the ordinary, Bell says because suppliers often change bank accounts.
After paying the $10,000 into the supplier’s “new account,” Sage and Clare discovered that their business was the victim of a scam, where a third party posed as the initial supplier. The scammers most likely hacked emails and read through the correspondence between Sage and Clare and the supplier, intercepted the specifics, and then redirected the payment funds.
Fortunately for Sage and Clare, they have the capital to recover from this loss. For some small businesses, losing $10,000 would cripple them.
Ms. Bell said that she was both embarrassed and distressed that this sort of thing could happen to her. She thought that she was smart enough to spot a dirty trick like this. When she opened up about the incident online, she found that many others had gone through a similar experience. She says that if someone had broken into her shop and stolen $10,000, the local police would come out and do a full investigation. But since the incident happened online, there’s nothing the police can do. She did report the theft to her bank, the Australian Federal Police, and the Australian Cybercrime Reporting Network (ACORN).
How Can I Train My Team to Spot Hackers?
How can you keep your business safe from these types of email scams? What kind of safeguards can you put in place to ensure that your business does not fall prey to thieves prowling for businesses who practice naive online transactions?
Routinely Train Your Employees
Almost 90% of Cyber Attacks are Caused by an employee’s human error or an honest mistake, according to a cyber consultant, Willis Towers Watson. These circumstances are commonly a result of employees giving sensitive information to hackers who pretend to be clients in need of information.
Routinely scheduling an online security awareness training for all your team will keep your company updated and vigilant to fend off hackers.
Improve Your Technology
Having anti-virus software in place to protect your company’s site from viruses and malware is the first step in good cybersecurity.
It is essential to have the software updated on a regular basis. We all get the update software notices, and it’s easy to ignore or delay the update to the next day, week or month. Make sure your IT department stays on top of all updates and patches. This will ensure that each computer is up-to-date.
Here are some questions to ask yourself and your team to ensure you are protected from viruses and malware:
Being able to confidently answer these questions will give you peace of mind that you are doing your best to keep your business safe from cyber-attacks.
Keep a Tight Rein on Internet Access
This key step is often overlooked by employers but is so important. Your IT department can set up your computers so that they cannot access risky sites. Make sure that important company information can only be accessed by a chosen few.
Another good tip is to make it a practice to stay informed about current online data breach scams. Routinely making a habit of following a blog that reports the latest hacking news will help you stay vigilant.
Don’t Keep Unnecessary Data
It isn’t necessary to store old data or customer information that is outdated or no longer useful for the company. Too often, though, companies don’t take the time to purge old records. Instead, they end up keeping information such as credit card numbers and other sensitive information in their system for customers who are long gone.
When the information is of no further use to your company, have a system in place where it is deleted. This will ensure that you avoid the risk of revealing unnecessary customer information if you are breached.
Adhere to a Phishing Awareness Checklist
Sticking to a protocol of routinely checking off safety practices will keep you aware of potential phishing attacks.
Here are some suggestions of important checklist questions you may want to include:
If not, hover your mouse over the “From:” field to check for the right domain (i.e., an email from Yum Dog Treats should have a domain name of yumdogtreats.com).
Don’t open anything when their name is not matched up with the email address. If “Katie Jones” from “Yum Dog Treats” sends you an email, her email address should most likely say something like firstname.lastname@example.org, not email@example.com.
Be suspicious of all attachments, but especially ones that have two extensions (i.e., file.doc.scr) or small files that are zipped.
If so, does the URL convey the message of the email? You can simply hover your mouse over the link to check the URL to read it.
With the current situation, cyber-attacks are increasing dramatically in Australia and around the world. No one is safe. It’s every person’s duty to remain informed and aware of these scams. Ms. Bell learned her lesson the hard way and it cost her $10,000 to do so. You may not be financially able to learn such an expensive lesson.