With increased use of online bookkeeping programs which in many cases are linked to electronic bank feeds, it is essential that all small business owners have strict security protocol’s to protect their business from cyber fraud.
I recently heard about a medium sized business losing over $100,000 to Cyber Fraud, even though their computer system wasn’t the source of the cyber attack. A supplier of their business computer system was hacked and their financial information was used to steal money from this business.
How was this fraud done;
- Firstly the hackers impersonated the suppliers via online communication with the business. They used personal and financial information obtained via hacking the supplier’s computer to build trust with the business.
- All of this communication was via email and sent directly to the employee who was responsible for handling account payments in the business.
- Once the hackers had gained the employee’s trust they instructed them to change the bank account details of where they now wanted account payments to be paid.
- The employee followed the hackers instructions, changed the bank account details and the business started paying the hacker’s bank account instead of the bank account of the supplier.
When I heard about this I couldn’t believe how easy the fraud was to undertake and how trusting people are today when dealing via online communication.
Small business owners have always wanted to save time on record keeping and administration. Over the past 10 years there has been huge growth in cloud bookkeeping, banking and electronic funds transfer to assist business owners in reducing time on bookkeeping.
The transition to online banking and financial recording has meant that all small businesses are now more vulnerable to cyber fraud.
Here are some tips to protect your business from cyber fraud:
- Never provide your bank account password to anyone, even your bookkeeper
- Ensure you have two (2) factor authentication on all bank accounts. This double checking process should be turned on for every service that you use like making a payment, changing your daily payment limit, changing a payee’s details or adding or deleting an administrator. Two-factor authentication involves the bank sending you a message to your mobile phone with a special code which has to be entered if a payment is made or there are any changes associated with the administration of your bank account. This means you need to have the mobile phone as well as a password to approve the payment or any changes in your bank details.
- Personally confirm all changes to bank payment arrangement requested by your suppliers before a new payment is made. Ensure you speak with someone that you know in the business and never just expect email instructions.
At Hamilton Taggart Business Advisors we take cyber security very seriously. We take constant measures to minimize the chances of our business being affected.
If you have any concerns or would like us to point you in the right direction of a specialist that can help please call our office on 4962 2022.