Six ways to help save your SME from cybercrime

It's easy to think cybercrime and identity theft only happens to big business. It doesn't. With over two million small businesses in Australia, lifting awareness, improving education and taking real action to prevent these incidents is fundamental for the health of the sector.

While a small business will never be able to stop theft 100 per cent of the time, it can make it as hard as possible for criminals to operate. This is important to ensure businesses don't lose their hard work, built-up business and reputation.

"It's easy to think cybercrime and identity theft only happens to big business. It doesn't."
Christine Linden, Head of Small Business Banking ANZ, Victoria and Tasmania

Click image to zoom Tap image to zoom

There are many different types of cybercrime that directly affect small businesses, including but not limited to invoice duplication, email hijacking, malware and phishing. Luckily, there are also some practical and helpful hints for small business owners to use to ensure they have these issues covered.

What you can do


I know it sounds old school in the digital age but mailboxes should have locks on them. In offices, make sure your documents are locked away when you are not around.

This includes things like cheque books (if you still have them) and extends beyond your banking documents to the not-so-obvious documents such as your tax information, employee personal information, passwords to your computers and payment terminals, suppliers' details, invoices and customer information.

When it's time to throw documents out, don't just chuck them in the bin. Shred all documents containing business and personal information.


Don't be an absent small business owner because you trust your staff totally. Don't get me wrong, trust is a great thing and fundamental to managing a great team - but you need to operate with an inquisitive nature. Get involved and understand what your staff are doing and, importantly, how they are going about it.

Regularly assess what your employees are accessing. Ask: what level of access they have to your bank accounts, both on and offline? Regularly reviewing invoices can help reduce the potential for issues.


Think about the policies you have in place with your employees around internet security. What are the standards you are setting – and how do your staff know about them?

It's important to educate your staff as much as yourself about what the potential risks are. As how you are ensuring the segregation of critical duties in your business - for example, invoices should not be able to be raised and paid by the same staff member.

This also includes how you onboard staff, contractors and consultants. Mandating National Police checks are a good start but so are reference checks and asking professionals you deal with for their input.


It sounds so obvious but you need to know who you are getting into business with. This includes customers, suppliers, service providers, your bank and your employees.

A rhetorical question for small business owners: if you received an invoice that looked the same as the one the previous month except for the account number it was being paid to, would this be picked up in your business?

At ANZ, we see examples of fraud where a simple detail is missed - like an unusual fax number a request has come from or an email address that has changed. How do you know the simple details are not being missed in your business?

Before dealing with a new supplier, customer or setting up a service arrangement, do some checks and ask questions. You can check the business entity you are planning to deal with is registered and the ABN is valid. You can ask for references from your accountant, your banker, your legal adviser or an industry association. Seek out opinions.

You can do an online search and see what media are saying. It's amazing what you can find on social media these days! Importantly, ask lots of questions. If something doesn't seem right, it probably isn't.


Firstly, passwords on post-it notes stuck to your computer does not equal security. Keep your systems safe by having up-to-date security software, check you are only using trusted sites for purchasing items and never open emails you're not sure about.

Scan all the files on your computer periodically including incoming and outgoing emails. If the technology side is too complex for you get the experts in for real advice.

On business accounts, don't leave bank reconciling to BAS time. Make it a regular part of your business. Be alert for any unusual bank transactions or missing mail. If you see a transaction you cannot explain, report it to your bank.

Order a copy of your credit report from a credit reporting agency on a regular basis. This will contain information on your credit history. ASIC's MoneySmart website is a great place to start.

Have a think about running unannounced audits internally every now and then to make sure your business is being supported the way you expect it to be.


I am always surprised to hear from customers who don't have simple banking security in place and haven't checked with their bank as to what is actually available.

I encourage small businesses to think of their banking security no differently than they do with their document security or their office software.

There are many complex security tools and systems banks use to protect customers, including encryption, voice biometrics, data matching, system lock outs and time outs and other measures.

But small businesses themselves play an important role in stopping identity crime. It is critical to make sure that regardless of what bank you are with you check that you have all available security they offer.

In closing, we need to remember cybercrime and identity theft is just as relevant for small business as it is anywhere in the market. The aim is to make sure your business is not the most attractive target.

If you think of a row of houses on a street, the ones with security doors, alarms and dogs are less attractive to homes where the keys are left in the front door.

Remember, it's important to trust BUT verify. Know your staff, your customers, other businesses you rely on and ask lots of questions if you are still not sure.

Christine Linden leads ANZ's Small Business teams across Victoria and Tasmania.

The author would like to record her appreciation for the help provided by Peter Malvaso, ANZ Manager Fraud Risk Strategy.

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

10 Jun 2015

Cryptic questions for cryptocurrencies

Andrew Cornell | Past Managing Editor, bluenotes

Cryptocurrencies and their enabling technologies have been back in the news with more traditional financial institutions globally, including banks, announcing trials or at least interest.

14 Apr 2015

Four ways to safeguard business from financial crime

Mark Evans | Managing Director Transaction Banking, ANZ

Imagine being offered a job which promises excellent money in exchange for very little work. It sounds like a dream.