Have you taken the simple steps needed to protect your identity, email, banking and business data from identity thieves, hackers or ransomware?
Scammers are targeting builders because they are more likely to send invoices for large one-off amounts that can be redirected to their own accounts.
In 2019 hackers took control of a number of Kiwi builders’ email accounts, sent out fake invoices and stole thousands of dollars from clients.
The reality is this:
- You’re now more likely to become a victim of a cyber attack than a burglary
- It’s the second most reported crime in the world
- Cyber crime cost New Zealanders more than $100m in 2020, more than 1 in 3 adults affected
As you will have seen from the recent Waikato DHB attack, all it takes is to click on a link in an email, on a website that looks legit or through a Facebook post and you’ve infected your computer or mobile device. Hackers will sit inside your computer system, often for months, observing your activity before they act. They will then shut down your system and demand a ransom, often in the thousands of dollars, to release your files. Or target your customers and redirect large payments to their own accounts.
There are simple steps you can take to minimise your risk of exposure to a cyber attack, including some basic training for you and your staff.
Business tips:
- Have up to date virus, firewall and malware software running. Microsoft provides a free product and there are other well known providers such as Norton, McAfee and Kaspersky.
- Set your computer to accept updates automatically.
- Have a password set up on your computer and pin for your phone
- Make sure you have a strong email password and that it is different to your internet banking one. If they support two factor authentication you should consider this
It’s better to have a long password that you can remember than a short complicated one. For example, try using a phrase that you’ll remember: thefirstletterofmynameisB
- Train staff and others who may have access to your devices to recognise dodgy emails and posts and not to click on them
- Train staff not to share passwords and log in details
- Back up all your files to an external drive or the cloud. You can schedule these in Windows or have your IT provider set one up for you
- Train accounts staff not to make payments to overseas accounts or if they’re unsure about the origin of the invoice
- Don’t change supplier bank account details without verifying this directly with the supplier first
- Tell your clients that you won’t change your bank account under any circumstances, and for them to ring you if they do get an invoice with a different bank account number
There is also good insurance available, which provides immediate professional support to get you up and running after an attack quickly, as well as reimbursing your losses.
Personal tips:
- Don’t give out personal information, either over the phone, personally or online unless you are certain that the person or organisation you’re giving it to is legit
- Dispose of personal information securely. Eg. shred papers (including bank statements and utility bills) and wipe/remove/reset hard drives and phones before selling or disposing of them
- Reduce the amount of identification documents that you carry around, including what you leave in your car on a daily basis. These are valuable items
- Check bank and credit card statements for unauthorised transactions. Report any discrepancies or unauthorised activity to the bank or card issuer immediately
- Be very wary of how much personal information you post online. Personal information can be misused in many ways by identity thieves, some of whom trawl websites
Just in the same way you wouldn’t leave your house or car unlocked, or your tools lying unattended, don’t leave access to your personal information or business systems vulnerable to hackers or identity thieves who will easily exploit them.