Cybercrime is on the rise and affecting small businesses – which makes landscaping companies vulnerable. Today is a great opportunity to take simple steps to protect your identity, email, banking and business data from identity thieves, hackers or ransomware
Scammers are targeting tradespeople such as landscapers because they may be likely to send invoices for large one-off amounts that can be redirected to their own accounts.
Most small business owners, including landscapers, use email and accounting software, putting you at risk.
The social distancing of Covid led to a surge in businesses digitising their processes, and a corresponding surge in attempted cyber attacks. Jeremy Jones of cybersecurity consultancy Theta said in October 2020 that gangs are happy to attack small businesses for the following reasons:
NZ has extremely high rates of small business ownership.
Lack of preparation and resilience among SMEs.
Lack of awareness of cyber threats.
Inability to mount an effective recovery.
SMEs are more likely to pay a ransom demand as they’re not slowed down by continuous disclosure or corporate governance restrictions.
Between January and September 2020, there were 5,712 attacks reported in New Zealand, or 21 a day, directly causing more than $14m in losses.
MBIE has responded by partnering with private digital services companies to provide tips for small businesses to protect their systems.
Nearly 10,000 small businesses have already signed up online at DigitalBoost.co.nz.
Hackers have recently been happy to attack seemingly benign NZ businesses from Volunteer Service Abroad to MetService to Mt Ruapehu skifields.
The reality is this:
You’re now more likely to become a victim of a cyber attack than a burglary.
Cybercrime is the second most-reported crime in the world.
In 2020, cyber security incidents left New Zealanders $16.9m out of pocket, the highest annual figure recorded by the Computer Emergency Response Team (CERT NZ) since CERT launched in 2017.
As you will have seen from the recent Waikato DHB attack, all it takes is to click on a link in an email, a website that looks legit or a Facebook post and you’ve infected your computer or mobile device. Hackers will sit inside your computer system, often for months, observing your activity before they act. They will then shut down your system and demand a ransom, often in the thousands of dollars, to release your files. Or target your customers and redirect large payments to their own accounts.
There are simple steps you can take to minimise your risk of exposure to a cyber attack, including some basic training for you and your staff.
Business tips
Have up-to-date virus, firewall and malware software running. Microsoft provides a free product and there are other well-known providers such as Norton, McAfee and Kaspersky.
Set your computer to accept updates automatically.
Have a password set up on your computer and PIN for your phone.
Make sure you have a strong email password and that it is different to your internet banking one. If they support two-factor authentication, you should consider this. It’s better to have a long password that you can remember than a short complicated one. For example, try using a phrase that you’ll remember: thefirstletterofmynameisB.
Train staff and others who may have access to your devices to recognise dodgy emails and posts and not to click on them.
Train staff not to share passwords and log in details.
Back up all your files to an external drive or the cloud. You can schedule these in Windows or have your IT provider set one up for you.
Train accounts staff not to make payments to overseas accounts or at all if they’re unsure about the origin of the invoice.
Don’t change supplier bank account details without verifying this directly with the supplier first.
Tell your clients that you won’t change your bank account under any circumstances, and for them to ring you if they do get an invoice with a different bank account number.
There is also good insurance available, which provides immediate professional support to get you up and running after an attack quickly, as well as reimbursing your losses.
Personal tips
Don’t give out personal information over the phone, personally or online, unless you are certain that the person or organisation you’re giving it to is legitimate.
Dispose of personal information securely. Eg, shred papers (including bank statements and utility bills) and wipe/remove/reset hard drives and phones before selling or disposing of them.
Reduce the amount of identification documents that you carry around, including what you leave in your car on a daily basis. These are valuable items.
Check bank and credit card statements for unauthorised transactions. Report any discrepancies or unauthorised activity to the bank or card issuer immediately.
Be very wary of how much personal information you post online. Personal information can be misused in many ways by identity thieves, some of whom trawl websites.
Just in the same way you wouldn’t leave your house or car unlocked, or your tools lying unattended, don’t leave access to your personal information or business systems vulnerable to hackers or identity thieves who will easily exploit them.
Builtin are New Zealand’s Trade Insurance Experts. For more information visit builtininsurance.co.nz, email Ben Rickard at ben@builtin.co.nz or call him on 0800 BUILTIN.