- More than half (53%) of small business owners are worried about being scammed
- Yet only a third train staff in scam awareness and prevention
- Australian SMBs lose an average of nearly $40,000 per scam
Scams on small businesses are costing owners more than $20,000 a scam according to new research from Westpac.
The Westpac State of SME Scams Report found that on average small businesses lose $38,845 to a scam and recover less than half (44%) of that money.
Meanwhile, nearly half (46%) of those hit by a scam suffered additional financial consequences after the incident, with 25% spending on improved scam protection.
Despite the three, two thirds of small business owners don’t train staff in scam awareness and prevention, while 60% don’t believe they need to invest more into staff development to prevent scams.
Westpac’s General Manager of SME Banking Ganesh Chandrasekkar said many of the latest scams, involving business email compromise and remote access scams, are so well disguised it takes high levels expertise to recognise and avoid them.
“On average, it takes small businesses 33 days to rectify a scam and 42% of business owners said they lost valuable time that should have been spent in their day-to-day operations,” he said.
“With increasingly sophisticated methods being used to target small businesses, causing financial and reputational hardship, it’s important business owners strengthen their defences. A good start is putting more resources into education and training to increase awareness among staff.
The Westpac scams report found most frequent forms of scams encountered by small businesses are phishing, followed by false billing and invoice, and domain name renewal scams.
False billing and invoicing are the most effective, hitting a third of small businesses.
More importantly, a third of small businesses had to deal with brand and cultural repercussions, with 15% reporting their clients were negatively impacted.
Westpac has launched scam awareness and protection seminars nationwide. The details can be found here.
The bank has also released 9 things a business can do to increase their scam protection.
1. Be on the lookout and educate your staff about scams targeting businesses.
Always verbally validate any payment requests or account changes that are delivered via email. Regardless if the sender claims to be from a supplier or appears to be someone in your company, call them on a trusted number to verbally confirm first.
2. Be suspicious
Refrain from clicking on links/pop-ups, opening attachments or downloading software if you are unsure of the source. If something appears suspicious, it is better to be safe than risk exposing your business to the dangers of a scam.
3. Ensure you have adequate and current anti-virus security software.
Make sure the level of protection suits the needs of your business.
4. Use strong passwords
Unique and strong passwords should be used for each system and changed regularly. Implementing a multi-factor authentication where available will add another layer of protection.
5. Keep data safe
Implementing a regular backup procedure is a simple way to safeguard critical business data. Setting user PC permissions and encrypting your databases will also help.
6. Beware of impersonators
Criminals often like to pose as well-known organisations to entice you into fulfilling their requests. Common impersonations include ASIC, the ATO, energy companies or utility companies.
7. Register for Stay Smart Online Alert Service or Scamwatch Radar alerts
These are free Government initiatives that alert of new online threats as they are identified.
8. Implement a cyber-security strategy to counter the evolving cyber threats.
E.g. ensuring secure remote access protocol and setting up firewall rules.
9. Review your bank accounts and payee list regularly
Call your bank immediately if you do not recognise a payee in your list or if you detect anything unusual.