One of our small business customers, Jason, the owner of a residential and commercial landscaping business, was working remotely from Brazil when his work email was hacked.

Without his knowledge, all his suppliers received an email requesting that future invoice payments be sent to new bank account details.

Fortunately, one supplier was quick to question the email and called to check if it was genuine. Alerted to the scam, our customer, Jason, quickly changed his email passwords, before contacting all his suppliers and customers to let them know.

If not for the swift response, the consequences could have been devastating. Jason estimates the losses might have ranged from $300,000 to $700,000 – and possibly up to $1 million had it happened over the holiday period, when fewer staff might have delayed detection.

Even so, the scam has taken a toll on his business. Some suppliers have become hesitant to continue working with him, citing concerns about security. As a result, he’s spent countless hours repairing relationships and rebuilding trust. He’s also had to engage a software firm to strengthen his security systems.

Being cyber smart

Cases like Jason’s are all too common. But the good news is, many small businesses are now taking proactive steps, like him, to better understand and prepare for cyber threats.

That’s evident, for instance, in the strong attendance we have at our regular cyber security webinars. It also comes through in the conversations we’re having with our customers.

It’s reflected in the data too. Recent NAB research on Small Businesses, found that 56 per cent of small and medium-sized businesses felt ‘reasonably to very confident’ in their ability to handle a cyber incident.

The cost of cybercrime

Nevertheless, it’s important not to become complacent.

The reality is, we’re still seeing a significant number of cases where people are the victim of cyber-crime and the losses are very real. NAB research shows that nearly 3 in 10 small and medium-sized businesses have faced a cyberattack or data breach in their lifetime while, according to the Australian Signals Directorate, cybercrimes are costing small businesses $49,600 on average.

NAB customer, David Webb – owner of Brisbane-based technology company WINBASIC – has been assisting small and medium-sized businesses to bolster their cyber security since 1996. Over the years, he has seen firsthand how vulnerable small business owners can be to cyber-attacks.

But he also knows how easy it is to implement the most basic of protection. As he said, “People put it in the ‘too hard’ basket, but it doesn’t have to be. Simple measures like using strong passwords and enabling multi-factor authentication go a long way, and they don’t have to break the bank.”

A great place to start

Sometimes, all that’s needed is a little more caution.

Take invoice scams, for instance – like the one that caught out our customer, Jason, when he was working remotely in Brazil. I always find it encouraging when someone spots something is off, sees the changed details, and just picks up the phone to double-check with the person directly. It’s exactly the kind of action that can stop a scam in its tracks.

In fact, we’re hearing a lot of our customers are responding this way. They are also regularly changing their passwords and updating their software. Plus, if they have any kind of concern, they’re calling us and blocking an account as soon as possible.

It’s important that responsibility for this doesn’t just fall on the primary business owner though. You need to train all your team, particularly anyone handling the financial tasks, such as the bills or payroll.

At the same time, you want to make sure the suppliers and customers you are dealing with are protecting themselves too. Sometimes that can be a matter of being comfortable asking the hard questions – but it’s worth it.

Help is available

If you still feel unsure of how to proceed, know that you don’t have to do this alone. There’s a lot of support, including government initiatives and NAB’s own security hub, to help keep you on track.

For instance, the Federal Government has developed a Small Business Cyber Resilience Service, which provides free, tailored, person-to-person support for small businesses to improve their cyber security and recover from a cyber incident.

In NSW, the Cyber Health Clinic Program offers free cyber health checks for small and medium-sized businesses to identify security vulnerabilities, which includes a one-hour consultation on advice for uplifting their cyber security.

Queensland, meanwhile, is in the middle of launching a suite of free tools to support small businesses combat cyber threats and cyber security compliance training and other workshops to boost cyber awareness and knowledge.

There’s also specialised support and training available for healthcare providers, including those with small businesses.

The fact is, even small actions can go a long way and protecting your business doesn’t have to break the bank. With so many affordable (or even free) cyber security tools out there, small businesses have more power than ever to stay secure, confident, and connected.