FRAUD FOR FUN AND PROFIT
HACKERS AND FRAUDSTERS KNOW THAT SMALLER BUSINESSES CAN BE EASIER TO PENETRATE, BUT SOME DEFENCES ARE MORE EASILY DEPLOYED BY SMALLER COMPANIES THAN LARGE ONES, WRITES ELLIOT COOPER.
Hackers and fraudsters know that smaller businesses can be easier to penetrate, but some defences are more easily deployed by smaller companies than large ones.
B ragging rights used to be a big driver behind viruses and other malware. Hackers would write a piece of code just to see how many machines they could infect, gaining status in the hacking community.
Those seem like innocent times now. Attacks are increasingly sophisticated and driven by money, not ego.
Viruses are now used as weapons in ransomware attacks that press victims to pay to regain control of their own data. In phishing and whaling attacks, the goal is to trick you into disclosing personal or corporate information such as passwords or credit card details. The attacker may send an email that appears as if it's from a trusted source, or lure you to a website that has been created especially for the attack. These emails and websites are highly customized and personalised, often incorporating your name, job title or other relevant information gleaned from a variety of sources.
Most recently I saw a devastating scam involving a false invoice for $48,000 – which was paid. The target organisation should not have been caught, and yet it did get caught. It cost them a significant amount of money, plus the stress and time wasted dealing with banks to try and recover the funds.
This fraud was an email scam that was quite sophisticated. The email purported to come from the owner of the business, to the accounts person, instructing them to pay the invoice attached to the email. A reply to that email went back to the fraudster, so correspondence occurred that seemed legitimate.
The simplest way for the victim to prevent this fraud was by picking up the phone to the person requesting the payment be made. This is where small businesses can have an advantage over large ones. Small companies are generally not paying thousands of invoices, and making a quick call is totally feasible. I have noted this false invoicing scam often works when the person purported to be requesting the payment be made is overseas, making it more difficult to contact them by phone or discuss it face to face. If in doubt, don’t pay.
At Enprise we have implemented a policy that the person creating the payment in the banking system cannot be one of the two required authorisers of that payment. This way, we have three sets of eyes looking at every payment request.
Most companies greatly understate the risk of a cyber incident, according to EY’s 2016 Global Information Security Survey. EY surveyed 1,735 global executives, information security managers and IT leaders and found that only one in five (22 percent) fully consider information security in their strategy and planning. I bet the proportion is even less for small businesses.
Yet even the smallest businesses have ready access to cheap email filtering, Internet firewall and backup systems.
If your accounting software is hosted or cloud-based it can further reduce cyber-risk, as security is often provided as part of the service.
All this is an excellent start. The biggest vulnerability though, is you and your staff.
Cyber-security firms consistently rank employees as a firm’s greatest area of vulnerability. Combat this by fostering a culture of awareness. Not clicking on links and not plugging in outside devices to your network are basics. Small businesses again have the advantage because they generally work with a core team and are not constantly introducing new staff members.
‘Trust but verify’ is a good motto for any business.
ELLIOT COOPER IS CEO, CO- FOUNDER AND EXECUTIVE DIRECTOR OF LISTED COMPANY ENPRISE GROUP. HE'S A CHARTERED ACCOUNTANT WHO HAS WORKED ON MANY CAPITAL RAISES, AS WELL AS MULTIPLE TRADE SALES TOTALLING MORE THAN $ 50 MILLION.