Keeping your business secure while working remotely – Scams Awareness Week 2020

It’s Scams Awareness Week in Australia, which shines the light on the dangers of identity theft. Last year, scams involving loss of personal information cost Australians $15.8 million alone.

As a business, it’s your responsibility to safeguard not only your own information but also any sensitive data that belongs to employees and customers. By keeping informed about cybersecurity and installing security practices throughout your business, together we can build a stronger, more secure online community.

With so many businesses working remotely around the world, it’s important to remember that scammers are always on the hunt for new ways to get access to your information. Here are some simple, easy-to-implement steps to help you protect your business, your employees and your clients online.

#1 – Be aware of phishing

Phishing is the fraudulent attempt to steal personal information, credit card and banking details, or passwords, by pretending to be a legitimate organisation. These fraudulent emails are becoming increasingly sophisticated – posing as legitimate correspondence (invoices, alerts, calls to action) from a wide range of online services. It can be difficult to tell the difference, so if you’re not expecting the email, err on the side of caution.

During the COVID-19 pandemic, there has been an increase in phishing attacks where hackers pretend to be government agencies giving health or pandemic advice in order to spread malware, steal your login credentials and credit card information.

The best way to prevent phishing is to keep yourself and the people you care about informed. At Xero, we have a security noticeboard where we let our customers know about phishing attempts that are pretending to be Xero. Make it a habit to verify the origin of the email and think twice before opening links and attachments. Look out for strange email addresses, mis-spellings or dodgy formatting. We’ve included some examples of things to look out for on the Xero security noticeboard.

#2 – Use unique passwords and two-step authentication

Cybercriminals can steal your password in many ways. It’s important to use unique passwords for any services that are important to you to avoid being vulnerable if your credentials are exposed. Anyone can check to find out if their email address has ever shown up in a list of exposed credentials. Password managers are a great option as they provide an excellent balance of security (strong randomly generated passwords) and convenience (1-tap login across devices).

Two-step authentication (or 2SA) provides an extra layer of security and is mandatory if you’re using a digital software provider that interacts with the ATO, such as Xero. The first layer is your login and password. With Xero, the second layer is a unique code generated from an app on your phone every 30 seconds. You need both in order to log in.

Any other platform will also be more secure if you enable 2SA. It’s especially important on your email accounts, since they can be used to reset your passwords for other services. If someone has access to your inbox, they can potentially gain control of any linked online accounts

#3 – Avoid using open wifi connections 

Open, or public wifi connections can be easily mimicked by cybercriminals. This is when they set up a wifi connection, and pretend to be a trustworthy source. If you connect to any of these, they will be able to see all the data you view or share.

If you don’t have access to a trusted network, try using a mobile hotspot instead, or a Virtual Private Network, commonly known as a VPN. A VPN is a software that encrypts all connections, which means that a cybercriminal won’t know which websites you’re visiting and the credentials you’re using.

#4 – Check all software is up to date

Cybercriminals tend to abuse any bugs in software to make it behave in unintended ways. Most companies are good at monitoring and fixing these bugs, but the problem isn’t solved until you update your computer.

Make sure you and your staff are running anti-virus and anti-malware software on devices that are being used for work purposes. It’s important to regularly check that software is up to date. This includes operating systems, such as Windows or MacOS, as well as any antivirus or local software. If you have the option, choose the option to automatically update your software. 

#5 – Off-boarding

Off-boarding previous employees is just as important as onboarding. If an employee leaves your business, make sure you have a process in place for ending their access to all of your business tools, especially Xero. Also make sure that any login password for joint email accounts (e.g sales) are changed.

Report it!

If you’re unsure or observe something suspicious, raise your concerns with your IT team. If you don’t have an IT team, there are several government agencies that can help you with this, depending on where you are. In Australia, get in touch with the Cyber Security Centre.

For more information on how to work securely on the cloud, read our small business guide or visit Xero’s security page. You can get updates on the latest security issues on Xero’s security noticeboard or forward suspicious, Xero branded emails to phishing@xero.com.