Small businesses can take a number of steps to protect their business against invoice fraud and other scams. Here are four we suggest.
Invoice fraud is costing small businesses big. In 2021 alone, Australians have lost over $12 million to false billing scams, with the average victim reporting losses of $15,467, according to Xero’s latest research. As scams continue to rise (the ACCC reports they’re already up 95 per cent this year) and cybercriminals look to new avenues to exploit their victims, small businesses need to take the proper steps to safeguard their assets.
But first, what is invoice fraud, and how can you protect against it? Invoice fraud, also known as false billing, involves targeted attacks (like phishing, hacking, or ransomware) by cybercriminals to fraudulently request payment from businesses.
A business may fall victim to a phishing scam where they receive a bill from what looks like a supplier but is instead a cybercriminal impersonating them – often by hacking into their systems. They then funnel the money directly into their own bank account. False billing scams are when a cybercriminal requests businesses to pay fake invoices for services or goods that they did not order. Both can have a significant financial impact, leaving small businesses vulnerable when cash flow is tight.
According to Xero’s research, only two in five (42 per cent) Australian small businesses are confident in detecting a fake invoice. And despite the vast majority (87 per cent) believing it is necessary, 28 per cent don’t spend any money on cyber security protection or education measures for their business.
Thankfully, there are a number of steps small businesses can take to protect against invoice fraud and other scams. If you’re not sure where to get started, here are four ways we suggest:
1. Invest in cyber security technology: Invoice fraud is commonly committed via email, either by sending you one or intercepting one along the way. While email usually has an inbuilt spam filter, it’s not always capable of keeping fraudulent emails out –
especially if a cybercriminal has used more advanced techniques.
Investing in cyber security tools to protect your business’s digital assets is an important step and security fundamentals like securing company emails with strong passwords and multi-factor authentication. This is vital as more and more small businesses move their operations online. If you have a physical store or workspace, you will invest in high-quality locks, security cameras and even alarms to protect against break-ins.
Security measures are just as important for your digital workspaces.
2. Register for e-invoicing: What if there was a more secure way to send and receive invoices? There’s no need to wonder – it has already arrived. E-invoicing is a new way to manage invoices and bills that exchanges invoices directly between accounting software, reducing data entry and human intervention. Normally, invoices are created in accounting software or manually in a word processor and sent via insecure email or printed and posted. Since e-invoicing sends invoices via the secure Peppol network, there is a reduced risk of fraud. For it to work, however, both the sender and receiver need to be connected to the network.
Register now, and you’ll be ready to go when your customers and suppliers join. If you want to learn more about e-invoicing and how to adopt it within your business, reach out to your accountant or bookkeeper for more details.
3. Add checks and balances: Cybercriminals exploit weak spots in a business’ processes. When it comes to fraudulent invoices, this means they hope the person receiving the bill won’t notice or question if something is off. Having solid processes helps prevent these from getting through your filters, including ensuring that the invoice you are receiving is valid (like the payment details). There are plenty of times when small businesses have been unwittingly duped into sending payments to the wrong bank account.
So what steps should you take? Start with education for your employees on how to recognise suspicious emails or invoices. Consider using accounting software to help track invoices and bills. And always double-check the details on an invoice before you pay it (like the ABN, bank details, and even logo) and if anything has changed since the last invoice. If in doubt, pick up the phone and check with the supplier. And importantly, communicate with your team members (if you have any) – especially if something seems a bit off.
4. Assess your cyber security approach: While it’s easy to set and forget, cyber security measures should be checked and updated regularly as the tactics used by criminals are constantly changing – you might have locked the front door, but they’ll have figured
out how to get in through the window. If you’re not sure where to start, the government’s Cyber Security Assessment tool can identify areas to be improved. From there, create a cyber security policy for your business and regularly check if any processes or software need to be updated. There are plenty of resources available, like the Australian Cyber Security Centre’s small business guide, to help you understand and figure out what your business needs.
Cyber security can easily fall down the priority list for busy small businesses, especially following a particularly challenging few years. But being proactive about securing your online operations can protect against malicious activity, like invoice fraud, and the potential losses that come with it. Take some time now to brush up on the basics, and it can save you far more in the long run.
Read more:Cyber security threats have increased, what can we do?
Read more: Ransomware is a killer for SMBs: Here’s everything you need to know
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.