With yet another devastating cyber attack making headlines recently, managing security is top-of-mind for many business owners – and it’s not just about computer security.

With the Australian Cyber Security Centre reporting that there were 14,804 cyber security incidents affecting Australian businesses between July 2015 and June 2016, the security of all business services and the protection of sensitive information should be paramount for all SME owners in order to reduce the risk of cyber crime and fraudulent activities.

Here we talk to a cyber security and privacy expert about the importance of business security and ways you can keep all your sensitive information secure.

Michael McKinnon, an expert at leading Australian cyber security consulting practice Sense of Security, says while controlling access to business information is key, there’s also the need to classify that data.

“Businesses need to identify and understand what critical information they’re holding – they need to think laterally about how and why that data might appeal to an attacker – and take appropriate measures to treat all data according to the risk that holding it represents,” he says.

“And protecting confidential information doesn’t just mean keeping it private; there’s also the need in business to ensure the data cannot be tampered with by unauthorised parties.

“In terms of practical steps that businesses need to address, managing staff credentials is important as well as having password policies in place that govern how complex passwords need to be and how often they may need to be changed.”

He says awareness is central to avoiding the risk of fraud.

“Businesses need to be aware of any financial processes where obvious fraud can occur such as supplier payment systems, expense claims, payroll, discount vouchers, coupons and refund payments,” he says.

“More complex and less obvious examples can involve modifying stock levels in a database, or writing inventory off as damaged, but then selling it to second-hand buyers.

“Any assets that the business is in possession of that isn’t part of an asset register but that could be cashed-in quickly are at risk.”

Restricting access can reduce risk

Ensuring that only relevant staff members are approved to access company credit cards and accounts, fuels cards for the refuelling of fleet vehicles and internal databases, can reduce the risk of fraudulent activities.

Some fuel cards offer extra security in additional features that can track fuel usage and have a vehicle-specific PIN. They can also offer dedicated customer service for stolen cards.

Find out how Caltex StarCard can help protect your business from fraud.

McKinnon says keeping antivirus software up to date on office and employee computers, laptops and mobile devices should be part of a broader strategy.

“Using antivirus software can be helpful at detecting malicious software and apps, but it forms only one part of what should be a much larger strategy for protection,” he says.

“Keeping all office and employee computers and mobile devices up to date with the latest security updates, and running the latest operating system versions that have been patched against known vulnerabilities is critical.

“In the recent WannaCry ransomware outbreak, for example, the devices mostly affected were Windows 7 computers that had not been updated in the preceding two months. ‘Patch management’ – the process that businesses should be employing to manage how they’re updating their computers – should be treated as a default requirement of every IT department.”

Keep it safe

The Federal Government’s Stay Smart Online initiative offers the following checklist to assist in business security and fraud prevention.

* Create cryptic passwords to ensure the online safety of your business.

* Regularly back up all your business information including accounting files, invoicing and quoting systems, letters and emails, information and resources, and even your website files.

* Stay vigilant and up to date with news on the latest scams and threats.

* Know who has access to your business information and make sure employees have their own logins and passwords. By limiting access on a need-to-know basis, you reduce the risk of an ‘insider’ accidentally or maliciously releasing confidential information.

* Ensure you have anti-virus software that is automatically updated, and don’t trust wi-fi networks you don’t control.

* When it comes to mobile phones, keep them locked when not in use in case of loss or theft. Also try to limit the business information stored on them, including email.

Original article found HERE at SmartCompany.com.au

Queensland’s financial and cyber crimes group has shut down three more “fake trader” websites advertising barbecues and fitness equipment, three months after two Latvian nationals were arrested for their alleged roles in setting up a range of similar sites.

Australians continue to be caught out by websites advertising sales on large outdoor items like barbecues and complaints have been made to the Australian Cybercrime Online Reporting Network (ACORN) from shoppers who had been scammed sites promising the delivery of goods, according to Fairfax.

On Tuesday Queensland Police confirmed it had shut down three shopping websites it has identified as fake: www.barbecuecity.com.au, www.gardenoutdoorsales.com.au, and www.topmarineoutboard.com.au.

Investigations into the area of fake trader sites continue after two Latvian nationals were arrested by Queensland Police in June, after allegedly defrauding customers of $250,000 through fake shopping websites.

Fairfax reports the police do not believe the same pair are directly behind the new websites, but are considering links between the newly closed websites and so-called “fake trader” sites that have previously been uncovered.

The three sites closed this month asked for payment details from shoppers but did not deliver the advertised goods, say Queensland Police.

“Anyone who wanted to purchase these items were asked to provide credit card details and also offered a further discount if payment was made via direct bank to bank transfers. Customers who paid the money never received the equipment,”  Detective Acting Inspector Brad Hallett said in a statement.

Police advise any shoppers who believe they may have been affected by a similar scam to contact ACORN directly, and recommend only using trusted websites and those that provide buyer protection when making purchases online.

SmartCompany contacted ACORN and Queensland Police for further comment but did not receive a response prior to publication.

Brand trust is key

When the issue of fake trader sites was raised by police earlier this year, Small Business and Family Enterprise Ombudsman Kate Carnell said there was “no doubt” such websites are costing small businesses money.

SMEs can be affected by these sites in a number of ways, she said, from being caught out by scammers themselves, to the effect of shoppers being reluctant to trust online shopping sites more generally.

“For a small business legitimately trading online, you don’t want any reduction in the confidence consumers have with online traders,” she said.

Director of InsideOut PR Nicole Reaney says stories like this present a significant challenge to new online sellers, because establishing brand trust can be difficult if a business enters the online market with no existing reputation.

Smaller operators can overcome these concerns by using a couple of approaches, she says.

The first is to jump on any negative news around online shopping and warn your networks that this occurs.

“Legitimate brands can embed a trusted position by communicating this consumer concern to its existing customers and encouraging them to be careful and share this information,” she says.

The second approach is to make sure there’s an opportunity for customers to connect with a real person through your business page, so customers can feel assured they are dealing with a legitimate person.

Checking in with your shoppers will ensure they feel connected throughout the process, Reaney says.