We all think we’re on the ball when it comes to cyber scams but the truth is the hackers will get us when our guard is down, when we’re distracted.
This recent news article highlights how easy it is for a small business to lose a huge amount of money in an instant https://www.abc.net.au/news/2023-10-15/cyber-threats-hackers-steal-million-dollars-small-business/102789994?utm_source=abc_news_web&utm_medium=content_shared&utm_campaign=abc_news_web
These are my top tips to keep your data and funds secure:
1. Stop using the same password you’ve had since high school on every single log in. I know it’s hard to remember a different password for every thing you have to log into. You don’t have to remember passwords any more, in fact, your passwords should be so unique that you shouldn’t be able to remember them. There are several free or inexpensive password generators you can use to generate a unique password and save it for you to use next time. Check out Lastpass, Dashlane, 1Password, even Google will generate and save a unique password for your log in.
2. Learn what Two Factor Authentication is, and use it. Also known as Two Step Authentication, 2SA or 2FA is a unique number generated by an authentication app which you enter as the third step of your secure log in, after you username and password. An authentication app will change this number every 60 seconds so that it is unique every time. You should be using 2FA on every single log in that you can, from internet banking to your social media accounts. I use a few different authentication apps such as the Google or Microsoft authenticator apps.
3. Stop sharing private information by email. It is not secure to email any document containing your bank account details, tax file number, or any other personal data. PDF and JPEG attachments to an email are easily opened and can be edited or used by hackers. I ask my Xero clients to share any documents containing private data through the Files section of their Xero software. As a Xero Partner, I also use Xero HQ to request these documents from clients who don’t use Xero as their accounting software.
4. Sending clients your invoice as a PDF attached to an email, allows a hacker to intercept the invoice, change the bank account details to their own, and then send that invoice to your client to pay directly to the hacker. Invoices should not be sent as a PDF. Your accounting software will allow you to send the invoice as a link within the email, only accessible by the client with their own secure log in.
5. Set up procedures within your business to reduce your exposure to the possibility of hacking. If you receive an invoice from a client that includes their new bank account details, make a phone call to the client to confirm that they have changed their bank account details before you make that payment.
6. Set up daily payment and transfer limits on your internet banking. If you have to pay an amount above your limit, change it temporarily to make that payment only.
We can’t fall asleep at the wheel when it comes to securing our personal information and data. Hackers don’t care about the devastation they cause. It’s up to us to stay one step ahead, always.