Keeping Your Small Business Cybersafe

and lasting impact for tomorrow. Let's get into it.

not just big corporations that are being targeted. Literally every day, individuals and small businesses are under attack and these stories just don't make the news because they're not that newsworthy according to the media. As a small business owner myself, this kind of terrifies me, and a cybersecurity attack could literally end my business but also ruin my reputation and

hurt my community. But it is so easy to ensure that your business and your community and your customers are safe, and it's something that we all gloss over, right as a small business owner, it is something that we are so good at overlooking because it's always on the back burner. There's always something so much more important to do. But today I really want to chat to you about how to get cyber safe. But first i'm Statskirl, so I have come prepared with a number of stats for you.

So research shows that women are not as confident as men when it comes to preparing, managing, and responding to cyber attacks, even though we are less likely to be scammed compared to our male counterparts. I feel like that's

the only good thing to come out of that. A survey of more than two thousand small business owners and employees showed that while female business owners are less likely to be scammed compared to their male counterparts, they're not as confident as men when it comes to their general cybersecurity knowledge. And this survey it was part of the Council of Small Business Organization cyber Warden's program A mouthful, but it was developed in partnership with the CBA, so

the Commonwealth Bank and Telstra. All right, let's start with arguably the most vital step, and that is passwords. I feel like I'm talking to myself here, one because this is a solo episode, but two because I'm really bad at passwords. They all used to just be one word, and everyone in my entire team used to know that word. If you knew my family, you probably knew that word. It wasn't good. But passwords really are your first line of defense against cyber break ins, and it's essentially the

keys to your business. So strong, long and unique passwords make your accounts more secure and are more likely to keep out hackers. But now with the rise of supercomputers and AI having a short and simple password, it means that these are really easy for cyber criminals to crack. Reusing passwords across different businesses or even personal accounts can make you a target for what they call credential stuffing scams. One compromised account is like giving cyber criminals the master

key to your entire business, which is really scaring. In really busy small businesses, the temptation to use short, simple passwords and repeat them is a really easy trap to fall into, and one I used to fall into until I learned about this and had to get myself to get If you're doing your best to create secure passwords and then struggling to remember them all, you're not alone. So pass phrases are actually your best line of defense. Now,

if you're wondering what a passphrase was. When I first heard passphrase, I was a little confused, so they let me talk you through it. A passphrase are a type of password that are harder for cyber criminals to crack, and they're easy to remember, which makes them an easy

cyber safety win. Passphrases are longer, and they actually contain a sequence of really random words, usually four or five of them, and the trick is making sure it isn't a proper sentence, but an easy combination for you to remember. So if you're wondering the how do I create a

strong passphrase? A good passphrase generally contains at least four words that are completely unrelated and completely unpredictable, and the best way to generate a passphrase is to choose completely random words, be extra careful, and make sure that they don't contain any personal information. So if you were me, you wouldn't go, all right, well, I'll use my cats and my dog's name and my husband's name, because that is really easy to guess because it's all over the internet.

It is not hard to find that information. Many websites now require you to have it a capitalized character, number and symbol, so you could still add this to a passphrase. So you could capitalize random letters, or you could add hashes, or you could add the at sign. You could also spell out numbers instead of just using the number and mix it all up. So that's what I've ultimately done. And the important thing here is that they're not words that are relatable to you. So I haven't used my name,

i haven't used my cat's name. I've literally used random words. I've written down four key points that are kind of like pro tips when using passphrases. So let me whip through these really quickly so that we're all on the same page. Number one don't duplicate your passphrases. So what we want to do is ensure that each passphrase for each account is unique and we never double up. Ever, this means that if one does become compromised, you haven't

breached all of your accounts. Number two, We're going to keep our passphrases to ourselves, so we're not going to share our log in details with team members. It might save some time and some money, but it honestly increases your cyber risks and it is not worth doing it. Number three is use a password manager to safely store passwords. So this has been a game changer for me. Apps can be used to securely manage passwords for all of your accounts, and using one is going to keep all

of your accounts more secure. Number four is add a virtual alarm by pairing passphrases with multi factor authentication. So if your passphrase is ever compromised, multi factor authentication is going to add another layer of security to keep your account protected. And this for me, I thought it was going to be really complicated, but it's not. I have an app on my phone and it guards all of my accounts. It's a simple code. I pop it in and it just makes so much sense in all honesty,

I don't know why I didn't do it earlier. Another massive threat to your small business is what's called a bin attack. No, someone doesn't come at you with a willie bin. Unfortunately, bin attacks are happening in Australia and they're increasing year on year. At the end of twenty twenty three, there was an ABC report who talked about a Melbourne based business who had more than fifteen thousand attempted transactions through their online shop in just a space

of two months. You're probably wondering what's a BIN. So a BIN is a bank identification number and it refers to the initial sequence of four to six numbers that appears on your credit card. So it's the number used to identify a cards issuing bank or another financial institution. And a BIN attack is when cyber criminals steal BIN numbers and then attempt to generate working cards by guessing the remaining card numbers to check if these card numbers

are linked to real cards. Fraudsters they test them on the payment page of your online shop and then if it's a successful transaction, it means they've guessed a winning combination of numbers and then they can start making a

heap more fraudulent transactions, which is really scary. So although every bank card has sixteen numbers, it can be relatively straightforward and pretty fast for cyber criminals to cycle through the oldest of numbers that follow the bin in order to make enough correct guesses and find a live card number with accounts attached. So generating thousands of guesses and testing them is actually fairly easy for a cyber criminal

thanks to the help of AI and computer bots. The cyber criminal might then use these working card numbers to make transactions themselves, or they might actually on sell those numbers to other criminals to use them for bigger and scarier things. Then, attacks pose two major risks to small businesses.

So firstly, they can be really expensive. Depending on the contract with your payment gateway, you might actually be charged for each attempted transaction, so this expense can multiply really quickly if bots and AI are involved and your hit with a really large attack. Secondly, they can be a serious reputation risk when victims starts seeing your store charged on their credit card, which is terrifying because you know that wasn't you it was actually somebody else. So there

are multiple signs of a bin attack. And here are some things that you need to look out for. So are you experiencing lots of low value transactions that might be pretty unusual for your business. You might have gotten a heap of notifications that your customer's cards have been declined multiple times. Have you seen the use of international cards, so banking cards consistently from countries that are outside of Australia.

Maybe you've experienced a spike in transactions, whether they're attempted and processed in a short period of time and the same card number being used for multiple transactions. You might also have noticed strange transactions outside your normal customer behavior. So you might see things at three am in the morning, for example, when all your normal transactions generally take place

between twelve pm and eleven pm. Or you might have seen an unusually significant increase in transaction fees from your bank. The final thing I want you to watch out for is a really unusual spike in customers disputing payments. If a group of customers all notice that their cards have successfully been used on your website, they might contact you, or they might just go direct to their bank and dispute the payment because they go, well, this is fraudulent,

and process a refund or a chargeback. So these are things that I need you to be looking out for. And any small business with an online presence that accepts payments over the internet is ultimately at risk. And this includes me and I don't even have physical products. So the best thing that you can do is actually set yourself up with a payment processor that can identify these

types of attacks. So when you're searching for this type of service for your online shop, I really need to make sure that you're reading through what they offer in regards to fraud prevention. Some processors may offer multiple additional layers of protection, requiring customers to type in a capture three D secure and the rate limit that you can easily implement on your website. And I've got a few points that I've written down here, so bear with me,

my friends. So what these processes are going to do is check transactions are real and not a robot. This means that you're making sure that genuine customers can make their purchases, but a scammer using software to test various credit card numbers might not be able to get through. Adding a capture is one way that you can do this. So then we're going to want to limit transactions and

set alarms for large transaction volumes. A rate limit actually prevents the number of new customers who can be created from a single Internet address in one day, which is really important if you're a small business where a customer

only places maybe like one or two orders. A rate limit is a really sensible option and isn't going to impact your genuine customers because what type of customer is creating lots and lots of different accounts from the same Internet address right What it's going to do for you is ensure that a scammer can't process hundreds or even thousands of purchases through your website, which protects you and

your consumer. And then the next thing you want to do is turn on a virtual alarm for online payments. Are you familiar with multi factor authentication for your online accounts? When you try to log in, you might have to enter like a code or a one time password to double check it's you. I mention before that I've got an app on my phone that lets me get into everything. And when I say everything, I mean everything. If I

can multi factor authenticate something. I have my Facebook, my Instagram, obviously my bank, but also were recently I was able to multifactor my pet food ordering company. So we are going hard on this because it's so important, and to be honest, my credit card details are where my pet food is ordered, so I don't particularly want anyone jumping into that. And business is. You can do the same

for all online payments. Its official name is three D Secure or three DS, but it works really simply when a customer's card is attempted to be charged, they will have to verify that you're the one trying to make a payment. Think of it like turning on a virtual alarm to online payments, which I think is really smart. Now let's go to a really quick break, because I feel like I have been talking underwater with a mouthful

of marbles. So I'm gonna grab a coffee, and when we get back, i'm gonna give you my top four security tips for small businesses, and we're going to be talking about how to pimp your passwork. So don't go anywhere, all right, guys, we are back, and I did promise that I would give you my top four security tips and in a minute, I'll get to how to pimpy a password, but calm down, we actually need to get

through these top four security tips first. So number one, I need you to make sure that you don't ignore software upgrades. I am always clicking the button that says remind me later, and it's really easy to do that when pesky software updates pop up on your phone or computer screen. Literally I have only just updated my iPhone and it has been months since the last update came out, and that is honestly not good enough. I also feel like whenever my computer needs an update, it always pops

up at the most inopportune time. I'm jumping into a Teams meeting and my computer's like, oh hey, they good time to update your computer, and I always hit remind me later. But what you're gonna do if that happens is just set a little reminder on your phone so that you can come back to it. Software updates often contain really important patches or fixes for secure flaws in your operating system or software, so what we need to do is make sure that they're always up to date.

Cybercriminals know about these weaknesses, and they know how to exploit them. It's why your software company wants to update them because they've identified them as well, and usually it's through a breach. So updating your software can close the gaps to make it harder for cyber criminals to break into your business, which is a win for everyone. And cyber criminals, let's be honest, they're quite intelligent. I mean I wish that they would use their intelligence for better

but they don't. But they know this and they attempt to impersonate these trusted organizations to scam small businesses. So always check who is sending you this notification. Is it an email, Is that a trusted email? If it's a text message, make sure you're trusting where this is coming from before you action anything. In fact, across my entire life, I have decided to never click a link in a text message ever again, and I think that most businesses

are on board with this nowadays. I know the banks are jumping up and down about how do not click links? We would never send you a link, We would never do that to you. So I feel like, if you want my business, you will not send me a link. You'll say, go to my website. I know your website. Oh key it in myself. Thank you. The second thing we're going to do is use multi factor authentication on your devices. So, as I said before, I'm obsessed with this. I have it now. It does make me feel a

lot safer. Multi factor authentication is an added layer of security for your accounts that makes it so much harder for hackers to break in. Using multi factor authentication means that anyone who wants to log into your account is going to need to supply additional information in addition to your username and password, and some accounts use a unique text message wile others will suggest to use an authenticator app. So I use both. But I think it's really important

that you're implementing these things. I told you that i'd tell you how to pimp out your password, so new financial year knew me, but also new password babe. The new financial year is a great time to wipe the slate clean with old passwords and usher in some new, stronger ones week. Passwords, especially those used across multiple accounts, are one of the biggest risks to cybersecurity for small businesses.

As I mentioned before, a password manager can help you create strong passwords and then save them in a really secure place, meaning you don't need to remember them all for your accounts. They're in your password manager, which is completely protected. And then four, what we're going to do is back up our business. You back yourself in business. You need to back your actual business when it comes

to protecting it from a cyber attack. What will you do if your small business was the victim of a cyber attack and your critical business information couldn't be recovered. There's a few things here, right. Let's pretend that someone attacks your business. You lose a heap of money, and the bank refunds all of your money. Fantastic money win. However, what about your reputation. I know that companies who have experienced these types of breaches lose a lot of customers.

And they don't just lose customers because it happened to them. They lose customers because the reputation that they were safe makes people really, really worried. So it is so much

more important than just worrying about the financial loss. A loss as important as business and customer data could be completely devastating for any small business, and a really good way to help protect yourself from that loss is to make a plan to regularly back up your critical business information, either through an external storage drive or in the cloud, or if you're me, you do both because you have

anxiety while you make up a backup plan. It's a really good time to consider making an emergency plan in the event of a cyber attack. A sound emergency plan will outline how staff should report a suspected cyber incident, who would you contact for help, and how would you communicate any incident to customers or stuff, and how would you manage if critical systems are then offline for any

period of time. An emergency plan sounds a bit silly, but it can actually help you feel in control and recover quickly in the event of a cyber threat or incident. The other thing I would say here is how do you educate your consumer in advance? So I know, because I own a mortgage broken company and we deal with money every single day, that at the bottom of our emails we are always letting customers know. It's literally in our email signature that we will never ask you via

email to transfer funds. If we ever send you bank codes, BSB and account numbers to deposit money, it is not us because we would never do that. And I think that educating your consumer upfront is going to mean that you're protecting yourself as well as you can. Now, I feel like that was a lot, because it is a lot. Cybercrime is sadly on the rise, and I think it's

so important to keep your small business cyber safe. It is something that has slipped to the wayside for a long time for me and now is not, thank God, But I think it's really important that you take it seriously as well. To me, one of the things that stopped me was it felt like an overwhelming admin task. So if you're going to do it, set some time aside and get it done, because it's one of the most important things that you do for your business. But friends,

I know I have talked a lot about this. I'm happy to continue the conversation, but unfortunately when it comes to podcast time, that is all we have time for today. So if you'd like to chat more about this, we can jump into the Business Bible Facebook community. You can join us on Instagram. Obviously, we're a community that shares our business and money tips and tricks every single day free of judgment. So so she's on the Money or the Business Bible on Facebook and join us if Facebook's

not your thing. Though, She's on the Money aus so don't forget to join the conversation and I will see you next time, hopefully for another solo episode. The advice shared on She's on the Money is general in nature and does not consider your individual circumstances. She's on the Money exists purely for educational purposes and should not be

relied upon to make an investment or financial decision. If you do choose to buy a financial product, read the PDS TMD and obtain appropriate financial advice tailored towards your needs. Victoria Divine and She's on the Money are authorized representatives of Money sherper P t y lt D A b N three two one six four nine two seven seven zero eight afs L four five one two eight nine