I have been talking to clients recently about cybersecurity and some simple ways to improve their security “posture”. I have developed an extensive checklist for individuals and small businesses who don’t know where to start. (Contact me if interested in the checklist). Cybersecurity can be scary, so hopefully we can make it simpler for you! Below are some key points to help you get started.
Out damn BSB and A/C!
People often ask me why I firmly recommend to businesses (and individuals) to stop sending manual invoices via email with your bank account details on it. Business Email Compromise scams (BEC) are one of the most common forms of cyberattack (tens of billions of $$ annually), yet we put our heads in the sand and hope that this will not happen to us. Email addresses can be hacked into, email accounts can be impersonated, PDF files can be easily manipulated and it is difficult to track who has actually read and received the email. All along this chain, there are security weaknesses. Use a finance system (such as Xero, Quickbooks etc.) to send invoices, or at the least remove your bank account details from the invoice and use an alternative process to provide bank details to your customer.
There’s trouble on the wire
Wire transfers are a massive security risk. Unlike credit card payments, where a bank will often (eventually) refund the money that has been fraudulently obtained, a wire transfer is largely irreversible. If you use wire transfer as a way of payment, you will need extra processes in place to make sure the payment is going directly to the correct party. Sometimes you may have to rely on that old-fashioned telephone! This is particularly important if you are dealing with a lot of new customers or suppliers on a regular basis.
Hip to be square
Set up a payment processing gateway such as (Stripe, eWay, Square etc.) for your clients to pay you, rather than directly into your bank account. The fees are annoying, and I must say confusing, but the security vulnerabilities are significantly less. If you use finance software such as Xero, you can have both methods available to your customers if you prefer.
Nobody’s fault but mine
Your IT Provider may be fantastic, but they are not responsible for your cybersecurity. This is a myth that most small businesses fall for. If you haven’t already, you may need to look at cyber insurance and understand what can be covered by your IT provider and what is your responsibility. It is better to be aware than ignorant! In any event, there are documents, plans and policies that need to be in place that are the responsibility of the business, not the IT provider.
Cybersecurity is such a broad and confusing topic that most of us just shrug our shoulders and hope that nothing will happen to us. However there are some practical, immediate and simple things we can do now, to help mitigate the risks of cyber exposure.