Latest|Cyber Security

How to protect yourself from data and identity theft as a small business

hands-holding-sign-saying-fraud
User Image
Alex Cherniakov
November 29, 20243 mins read

With data breaches and the subsequent use of stolen data on the rise, it’s more important than ever to know how to protect yourself from data and identity theft as a small business.

Large organisations have invested heavily in new solutions to protect both their businesses and their customers from costly breaches, frauds, and scams. However, this is not the case with small and medium-sized businesses (SMEs). Despite 43 per cent of cyberattacks being aimed at small businesses, nearly half of Australian SMEs invest less than $500 annually in cybersecurity. The cost of the average cybercrime incident for small businesses is around $39,000. This is according to Accenture’s Cost of Cybercrime Study and the Australian Cyber Security Centre (ACSC).

To protect your personal and business data, it’s important to be aware of some common methods of data theft.

Common forms of data and identity theft

  • Phishing and Ransomware: Using legitimate-looking emails from reputable brands, recipients are tricked into giving away information or access to their computers and networks. Protect yourself by not clicking on links or attachments in unexpected emails, even if they appear to be from legitimate companies.
  • Account Takeover: This usually refers to your email or social media accounts being taken over by a third party. Imagine losing access to your business emails. This is something that many SMEs experience, often without realising it. Your emails and social media accounts can be used simultaneously with your legitimate use to, for example, alter your invoices so that your customers pay fraudsters instead of you. Protect yourself by selecting strong passwords, changing them regularly, not sharing passwords with anyone, and activating two-factor authentication. Your email or social media provider will ask for an additional verification step if you log in from an unusual device or location.
  • Identity Takeover: Once your identity is stolen, in a data breach or through social engineering/scam, it can be difficult to recover. Bad actors could use it obtain products or services in your name or to commit other nefarious activity, such as money laundering. Be careful with giving away your personal data and identity documents. Do not share it with strangers.

Know the warning signs

Keep an eye on warning signs, including:

  • PC Running Slow: This may indicate that your PC is also being used by bad actors or a bad actor is stealing data from it.
  • Unexpected Phone Calls: Even if it sounds like your bank or your phone/internet provider, hang up and call them on a known phone number.
  • Unexpected Social Media Activity: If the activity is happening on your account, it could take months to resolve, so secure your account beforehand. If the activity is on someone else’s account, call them. Beware of any new accounts with few connections.
  • Unusual and Large Business Orders: As exciting as a large order may be, look out for anything unusual, remembering that the order could be fraudulent, and you could lose it. Apply additional checks, such as identity verification, to that order.

How to protect yourself

Even if you are doing all the right things to protect your data, hundreds of businesses are compromised every year in Australia alone. This creates an opportunity for criminals to cash in on stolen data, and every SME is at risk of being used in that process. If your business accepts payments from customers or offers products or services of resalable or easily transferred value, you are at risk.

  • Know who you are going business with: An Australian SME retailing high-value goods with a free trial period unknowingly accepted stolen credit cards. This led to significant losses as banking processes took weeks to notify the retailer that the payment was fraudulent, leaving the SME on the hook for both a refund on the trialled goods and the credit card company. As a result, the retailer implemented a ‘proof of life’ process, requiring customers to securely take a photo of valid identification and a selfie. The fraud stopped immediately, with no impact on legitimate customers.
  • Data Minimisation: Only keep the data you need. When dealing with sensitive information, including credit card and identity information, store it only for the minimum required period. Talk to your service providers to understand how long your data is retained.

In an era where cyber threats are becoming an everyday reality SMEs need to be vigilant and proactive in their security measures. By implementing robust security practices and staying informed about potential threats, businesses can protect themselves and their customers from the devastating impacts of data breaches, cyberattacks, fraud and scams.

Recommended by IR
Navigating tough times: how small businesses can grow against the odds
Strategy
Navigating tough times: how small businesses can grow against the odds
Common errors in employment contracts that can leave employers vulnerable
Recruitment
Common errors in employment contracts that can leave employers vulnerable
Empowering change: how SMEs can build inclusive workspaces
Planning & Management
Empowering change: how SMEs can build inclusive workspaces
Have you been using Instagram all wrong?
Social Media
Have you been using Instagram all wrong?
How your small business can build its highest-performing team
Leadership
How your small business can build its highest-performing team
Author's latest articles
×
Essential insights delivered straight to your inbox. Sign up now - it's FREE
By submitting your details you confirm you have read our T&Cs and privacy policy.