Cyber crime, scams and fraud are key issues facing broker businesses in Australia, but fortunately there are steps businesses can take to help mitigate the risks.
The following content is to be attributed to Laura Hartley, Head of Group Security Culture & Advisory at NAB.
Cyber crime and scams pose a significant threat to Australian businesses, making it crucial for brokers to safeguard themselves and their business customers. October is Cyber Security Month, which serves as a useful reminder of the need to take simple steps to protect your organisation.
In the 2022-23 financial year, the Australian Signals Directorate received one cyber crime report every six minutes, with an average cost of $71,600 for small to medium sized businesses (SMEs).
NAB Group Economics research shows around 3 in 10 Australian SMEs have experienced a cyber attack or data breach during the life of their business. Common threats included malware, ransomware, phishing, and business email compromise, including invoice scams.
To combat these threats, brokers need to stay alert to the red flags of cyber crime and scams and take proactive steps to help mitigate the risks.
Recognising the Red Flags of Scams
The ability to identify suspicious activities is one of the first lines of defence against cyber threats. Common threats include suspicious emails, unexpected attachments or links, unusual requests, and unrecognised phone calls.
The good news is that Australians become more scam savvy than they were a year ago, with new research from NAB Economics finding 70% of people ignore suspicious calls and delete questionable looking emails. But cyber criminals are also becoming more sophisticated in the tactics they use to deceive businesses. Brokers working with business customers should be especially vigilant.
Invoice scams, for example, pose a significant risk in areas such as equipment financing. Scamwatch reported that Australians lost $91.6 million in 2023 to this type of scam – also known as payment redirection scams or business email compromise.
In one recent case, a NAB broker submitted a new equipment finance loan for $150,000 for a business customer to buy a new truck. The loan was approved, and documents were sent to the broker to sign with the customer. The broker returned the signed documents for settlement with an updated invoice and a certificate of currency.
A NAB banker checking the documents noticed that the updated invoice from the dealer included new account details for paying the invoice. The banker stopped the settlement to call the dealership. The dealership confirmed that their system had been compromised and the account numbers provided on the documents were incorrect and likely fraudulent.
Referrer fraud presents another serious risk to brokers and lenders working with business customers.
A broker referred a new business loan to NAB for $5 million to purchase a restaurant. The customer was new to bank. As part of the referral, the broker provided a full package of application forms and all supporting documents.
On reviewing the documents, a NAB Banker identified that one of the bank statements from CBA looked suspicious. The banker was able to confirm with CBA that the bank statement was, in fact, fraudulent. Discussions with the broker revealed that the broker had obtained this opportunity and the documents from an introducer they had never met. On further investigation, NAB discovered that the restaurant didn’t even exist.
This example highlights how important it is for brokers to deal only with professional services as introducers, to ensure they meet face to face with the customer, and complete appropriate due diligence. Most aggregators require broker introducers to be registered. Finally, the broker is responsible for meeting the customer and collecting information directly and not via an introducer.
Steps to protection
Despite the high threat to SMEs, NAB’s research found that this sector is among the least prepared for cyber threats, with only 15% of businesses undergoing thorough training on scams and cyber security risks, while 40% reported having minimal training.
NAB has developed a suite of free training and materials to help businesses enhance their cyber security and protect themselves, and in August 2024 hosted The Big Scam Education Conversation where security experts shared important insights. You can view a recording of this session at nab.com.au/scamsawareness.
Educational materials available via the NAB Business Security Hub at nab.com.au/securityforbusiness include regular webinars, videos and how-to guides for employees, while NAB small business customers can access offers for a free Microsoft Cyber Security Assessment tool and a twelve month subscription to CrowdStrike cyber security software.
Four essential steps for protecting your business and your customers
Beyond recognising scams and staying vigilant, businesses must proactively safeguard their operations. Here are some essential steps:
1) Implement the Australian Cyber Security Centre (ACSC) Essential Eight – developed by the Australian Signals Directorate, these principles provide baseline cyber security mitigation strategies. These are: application control, patch applications, patch operating systems, restrict Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication and regular backups.
2) Turn on automatic updates – using out of date software, antivirus, or operating systems can leave your computer or phone vulnerable to cyber attacks.
3) Have a back up of your important data – your business data is a valuable asset that criminals can target. Having a secure copy of your business data means that if anything goes wrong, you can still access it.
3) Teach your team to spot red flags and stay up to date – educate your employees to identify suspicious emails, texts or phone calls and other scams that could compromise security. By raising awareness and providing continuous education, businesses can better prepare against cyber threats.
Visit nab.com.au/security for the latest insights and check the Australian Cyber Security Centre and Australian government’s ACCC Scamwatch for current threats and recommendations.
JOIN THE DISCUSSION