Another Scam Alert – Don’t be caught out like our client was!

One of our clients recently experienced a major impact from scammers, highlighting the need for caution as it can affect anyone.

• The client was dealing with business as usual and had no idea something had gone wrong. It was only because a client’s customer rang, querying a discount offer that they had received by email.
• The client had no idea about what the customer was referring to.
• It turned out that our client’s email account had been hacked, and unknown to them the scammers had identified the client’s customer details and had sent out emails to all their customers advising that the bank details had changed and that if they paid promptly to the new account, they would receive a discount.
• The client had lost control of the business email account, and despite promptly contacting as many of their customers as possible, payments were made to the bogus account.
• Even whilst our client was contacting their customers, further emails were being sent, and it took some time for the client to regain control of the business email account.

As you can imagine, such an event has significant ramifications and actual loss.

Minimising the Risk of Malicious Events 

What actions can you take to minimize the risk of these kinds of malicious events from happening to you? Consider the following measures, in consultation with qualified accountants in Sydney:

• Always use secure connections when accessing your information and accounts.

• Maintain strong passwords. Use complex and non-generic passwords and ensure they are never the same between different forums.

• Use multi-factor authentication where ever possible (refer below).

• Use appropriate software, including anti-spam filters, antivirus and malware, where possible.

• Ensure all software and operating systems are kept up to date.

• Take care when accessing emails that you are unsure about. When in doubt, call the sender of the email to confirm the email is legitimate. If this action had been taken in our above example, the transfer of funds to the bogus account could have been prevented.

  – if you receive an email from a bank or government organisation, never enter passwords or personal or banking details.

  – Where possible, try to avoid using hyperlinks embedded in emails and instead type the legitimate web address directly into your applicable web browser.

• Educate and train all your users to reduce the risks.

• Make sure you maintain full backups of all your data. Ensure backups are tested regularly and kept offsite or away from your primary data.

• Review your insurance coverage for such events.

Qualified Accountants in Sydney: Safeguarding your Business

By implementing these measures and seeking the guidance of qualified accountants in Sydney, you can minimize the risk of falling victim to scams and protect your business from potential losses caused by fraudulent activities.

Additional Considerations 

Other areas you should know about in relation to your business’s cyber security are as follows.

Multi-factor authentication (MFA)

 Multifactor authentication (MFA) is a system that requires more than one method of authentication of a user’s credentials to verify their identity for a login or other transaction. The goal of MFA is to make it more difficult for an unauthorized person to access accounts and information.

MFA can use various methods to add an extra level of authentication on top of a password. Some examples include SMS, email, an authentication app, security token and even biometric verification. Each method has pros and cons; care should be taken when setting up your MFA.

Reportable event

 In the event of a data breach, you should be mindful of the potential obligation to report the details of the breach under the privacy legislation.

Insurance review

We recommend reviewing your current insurance coverage, in consultation with experienced accountants in Sydney, to ensure you are adequately covered against all your business risks. In particular, a review of Cyber insurance should be undertaken. Cyber insurance can offer a broad range of coverage.

Cyber insurance may cover

• Financial losses suffered by your business as a result of a cyber-incident
• An incident manager to help your business recover.
• Business interruption costs
• Investigation and data recovery costs
• Third-party liability.
• Extortion costs

 If you have any concerns about the issues raised above, the Kreston Stanley Williamson team can review your IT systems and accounting software and discuss the best way to deal with your concerns. If you have any questions, don’t hesitate to contact your client manager.

Kreston Stanley Williamson Team 

*Correct as of 16 December 2020

*Disclaimer – this article has been produced by Kreston Stanley Williamson as a service to its clients and associates. The information contained in the article is of general comment only and is not intended to be advice on any particular matter. Before acting on any areas contained in this article, it is imperative you seek specific advice relating to your particular circumstances. Liability limited by a scheme approved under professional standards legislation.