Unfortunately, there is a never-ending stream of stories to be heard where honest, unsuspecting people and businesses are frequently being defrauded. This might be in the form of a financial scam, where a victim is misled into parting with their hard earned dollars, or identity-based fraud, where personal and sensitive information is obtained and used for dishonest practices, without the knowledge or consent of the victim.
For some time now there has been strong messaging about how to stay safe and aware in our dealings, particularly when it comes to online activities. More recently, those responsible for these types of malicious acts, and perhaps more notably, the technology that they are utilising to do so, is making it even more difficult to discern a legitimate request or interaction from an ill-intended one.
Not only do we have to be mindful of things such as suspicious links and emails requesting payments be made to a different account, but with the rise of technology applications such as AI (artificial intelligence), voice impersonation and call spoofing, we now also need to be extra cautious when it comes to communicating on our phones as well, whether it is receiving receiving phone calls or interacting with text messages.
So, what do you need to know, and do, to protect yourself and your business, and minimise the chances of falling victim safe in a rapidly progressing and increasingly challenging environment?
Beyond the Computer Screen
As mentioned above, once upon a time, stories of frauds and scams mostly centred on clicking a suspicious link in an email, or perhaps inadvertently giving remote access to a desktop. More recently, scammers and fraudsters have become even more cunning in their approach, shifting focus to perhaps the most readily used piece of technology in society today – our phones.
The schemes they are deploying make it much more difficult to identify when a once-inherently-trusted phone call or text message may not be what it seems.
Increasingly, innocent victims have found themselves speaking to what they believe to be a trusted contact such as a client, supplier or even financial institution, only to realise that they have been duped, using elaborate schemes and devious use of technology.
Artificial Intelligence – for better or for worse?
Of course, there are some wonderfully positive and exciting things happening thanks to the magic of artificial intelligence. But for all the innovation and exploration that is taking place with the view to improving our world, there is a group working hard to use it for less than desirable purposes. It has been reported that scammers and fraudsters are using AI to create voice impersonations and then using those to pose as trusted contacts. They might impersonate a family member and request money to assist with an emergency situation, or in a professional setting, they might present as a client or other stakeholder, requesting you to provide sensitive information. Even for the most discerning person, or at times, even a trained expert, it can be almost impossible to identify the risk when experiencing this type of situation.
Call Spoofing – who is really calling?
Another piece of technology that makes things complex when it comes to trusting incoming calls is the use of “call spoofing”. This is where the caller disguises the true number that they are calling from to instead display a number that you recognise, or at least looks local-based and therefore you assume it is relatively trustworthy. They can do this for text messages too.
Tips for Staying Safe when Taking Calls & Interacting via Text Message
It may feel like you’ve heard these many times over, but as scammers keep scamming, and victims keep falling victim, it is important to stay vigilant and informed.
Here’s some things you can do to minimise your risk.
- Avoid giving sensitive details, or taking significant actions, as a result of an incoming call from a seemingly trusted contact until you are confident that you have successfully verified their identity.
- Never call or communicate with a source and/or phone number provided via text message.
- Ensure/verify that you are speaking with the intended person or business by calling (or calling back) on the number that you usually use to communicate with that source – it could be from your business contacts/records or from their verified business website.
- Ask specific questions that only trusted contacts would know/have the answer to in order verify the legitimacy of the caller.
- Be aware for other signs that the caller may not be who they say they are – listen for unnatural pauses or slightly distorted voice quality.
Steps to Protect Your Business Online
While the scope and reach of scams has changed a lot from where it began, that doesn’t mean that we should let our guard down in the online space.
While we cannot control the seemingly incessant nature of those attempting to infiltrate the personal and private information that we interact with online, there are definitely clear steps that can be taken in order to bolster the security of our online activities and decrease the chances of falling victim to a cyber security incident.
In order to best protect your business online, you need to know what to do. Thankfully, you don’t need to look too hard to get accurate, practical and easy-to-implement information.
The Australian Cyber Security Centre (ACSC) has prepared a handy cyber security checklist for businesses that covers important actions to be taken such as:
- Enabling multi-factor authentication on accounts wherever possible.
- Turn on automatic updates for your devices and software.
- Initiate regular data back-ups and security scans.
- Understand the data your business holds and your responsibilities to protect it.
- Educate employees and determine how cyber security awareness will be taught in your business.
Be sure to take a look at the full checklist and get to work ensuring that you are doing all you can to protect your business and its precious resources.
Upon completing the checklist in your business, it is then recommended that you also become familiar with, and seek to implement the Essential Eight which is a set of mitigation strategies recommended by the ACSC to further enhance protection and make it harder for cyber criminals to impact your business.
It is important to note, that enhanced security measures do not just have the benefit of protecting your business from potential cyber security incidents from external sources, but it is overall good practice to refine and tighten security measures in order to mitigate any potential wrongdoing within the organisation or “closer to home” too.
Prioritise Security for Your Business
Understandably, you might be thinking “But I am already so busy trying to do a million other things. I just don’t have time to do anything about it.” Or perhaps you are of the mindset that it’s unlikely it will ever happen to you. You tell yourself that you haven’t got millions of dollars sitting in an account or anything else really of value so why would criminals bother with you.
The truth is, a “head in the sand” approach is not going to help you if you are unlucky enough for the hard-working criminals to come calling. It really is a numbers game, for both the criminals and the (potential) victims. The more people and businesses they target, the more chance they’ll get their pay day. Importantly, it’s not always about catching the big fish, but all the little fish along the way certainly add up.
With that in mind, addressing and implementing clear and robust security measures for your business really should be non-negotiable. Yes, perhaps you feel like you don’t have the time, but consider the alternative. If you couldn’t possibly find the time to take action to prevent it, think about the amount of precious time and dollars that it will likely cost you in the unfortunate event that you ever do fall victim to a fraud, scam or cyber security incident. Not to mention the emotional and psychological toll it can also take. No-one has time for that.
Seek Professional Cyber Security & Business Safety Help
No doubt, the effects of these types of crime can be devastating and long-lasting. It is certainly not something to be taken lightly.
We urge you to not simply put cyber security and business safety in the “too hard” basket. There are many professional and experienced IT providers and other trusted advisors who are available to provide expert advice and information that is tailored specifically for you and your individual business situation.
Depending on the industry that you operate in, there may also be specific advice and recommendations available to you from industry associations and/or governing bodies.
Expert Business Advice from The Quinn Group
At The Quinn Group, as professional business advisors, we are not here purely to help you balance the ledger and pay your taxes. We are committed to doing our part to help ensure the success of you, and your business, into the future. Cyber security and staying as safe as possible in all dealings is certainly an essential part of today’s society. While we are not cyber security advisors, we feel that it is important to shine a light on this critical issue so that you can be prompted to take action to protect your most precious assets.
Be sure to contact us by calling 1300 QUINNS (1300 784 667) or +61 2 9223 9166 or submit an online enquiry to arrange an appointment to discuss your tax, accounting or legal matter.