Unfortunately, there’s no off season for cyber criminals who are always on the prowl, leaving no small business immune especially when it comes to obtaining financial data. With more and more personal information being stored and shared on the internet, cyber criminals are forever devising new scams and spamming methods to get their hands on this sensitive information.
The figures reveal a scary insight. According to NetSafe, more than 7,000 people reported a scam, over $11.7 million dollars lost, and the average loss exceeded $10,000 with the highest loss reaching $2 million.
For most of us, we mainly communicate digitally, making it no surprise that emails and phone messages were identified as two of the most common channels that spammers use to gain access to personal information. So how do you get cyber-savvy and spot a scam?
Spotting a scam
There are many valuable pieces of personal and business information (like names, date of birth, tax file number, bank details, BAS statements etc.) that are often required from trusted authorities – in particular, the Inland Revenue Department (IRD), accountants and tax agents.
Scammers are getting more creative, crafting look-a-like official emails and impersonating official representatives via phone calls, SMS and voicemails. Here are some of the tell-tale signs to keep an eye out for, when trying to spot a scam (ConnectSmart, 2018; Inland Revenue, 2018):
- Whilst the IRD does communicate with small businesses via email, Please remember that government agencies will never call you to ask for your bank account or credit card details.
- Receiving an email which is not addressed to you directly
- Be very careful with emails which may contain links or attachments, these may contain malware viruses
- Check the email address which the email has been sent from
- Scam emails will often be poorly worded and use incorrect grammar
- Emails, text messages or phone calls asking for your bank account/ credit card details to process a tax refund
Common scams that target small business owners
Phishing emails: Keep an out for emails that pretend to be from a trusted entity like the IRD. These emails will usually ask you to fill out a form or click on a link which then enables the scammers to infect your computer with a virus and malware. This is one of the popular ways a scammer will try and steal your identity and money.
GST/Tax refund scam: A scammer may contact you advising that you have overpaid your GST/tax and that you are entitled to a GST/tax refund. The scammer may then ask for financial details or request you pay an administration fee via an electronic transfer.
GST/Tax owed scams: A scammer may claim that you have underpaid your GST/tax and required to repay the debt. They may ask you to purchase a pre-paid debit card which they will then ask for the details of so they can access the money.
Small Business in the sights of scammers
You may be wondering why small businesses are a prime target? Why don’t they just go after the big fish? The reality is, small businesses are viewed as soft targets. A quarter of New Zealand SMEs, or 24 per cent, experienced a digital security breach last year, up from 18 per cent a year earlier, according to a survey of 500 small and medium businesses by anti-malware software firm Norton. Below are some of the reasons why small businesses are in the sights of cybercriminals:
- They hold valuable data: there is a misconception that just because your business is small, you don’t hold a lot of valuable data. This is often wrong. Do you gather or store customer or supplier data (including payment information), have intellectual property or keep sensitive business records electronically? The data that you hold can also act as a great pivot point to accessing the details of your valued partners and suppliers.
- IT infrastructure and network security is generally weaker: do you manage your own IT systems or do you outsource it to a professional IT consultant or company? What security measures have you put in place to protect your systems, for example, anti-virus software and firewalls, and are they updated regularly?
- Lack of education on cyber risks: are you and your employees adequately trained on what to be aware of, how to prevent a cyber incident from occurring and recognising when a data breach has occurred?
- Limited resources: do you have sufficient resources and an incident response plan to manage a potential cyber breach?
Did you know?
- 4 million personally identifiable information (PII) were collected from the 2017 attack (Trend micro, 2018)
- Cyber crime has cost New Zealand SMEs an average of $15,592 in the last 12 months.
Protecting your business
Be a step ahead of the game by making sure your business is educated, aware of the different scams and cyber risks that are out there, and ensure you have a solid cyber-security strategy in place. The IRD and Connect Smart provide regular updates about scams which may be circulating and are a good resource for staying in the know. In addition, the IRD also lists the latest scam alerts in which they are being impersonated by scammers.
As they say, prevention is better than cure, and that’s where Cyber Liability insurance can be a valuable tool in protecting your business.
What is Cyber Liability insurance cover?
Cyber Liability is designed to cover your business against the expenses and legal costs associated with data breaches that may occur after being hacked, or from the theft or loss of valuable client information. A potential breach could occur from something as simple as accidentally leaving your laptop in a taxi where it can end up in the wrong hands.
What is covered?
- Business interruption costs
- Investigation and data recovery costs
- Fines and penalties
- Extortion costs
- PR and crisis management costs
What is not covered?
- Any amount misappropriated by fraudsters
- Replacement equipment
- Property damage
- Prior known facts/instances
- Intentional acts
How to report a scam
No matter how careful your business may be in preventing a scam, it, unfortunately, can still happen. These are some of the key government bodies you can report an incident to:
Scamwatch website provides an online form to report the crime through https://www.consumerprotection.govt.nz/general-help/scamwatch/report-a-scam/
The Inland Revenue Department provides information on current scams involving the IRD, how to verify and report an IRD impersonation scam: http://www.ird.govt.nz/identity-security/scam/scam-alert.html
Netsafe NZ is a secure reporting and information hub for cybercrime and any online incidents which could be in breach of the law: https://www.netsafe.org.nz/
The impact of falling victim to a scam or cyber-attack can have a devastating impact on a business, especially if the financial capacity isn’t there to recover from the incident. Don’t let cyber criminals scam their way into your small business this tax time, start protecting your business today.
This is general advise only