All Episodes

July 12, 2024 20 mins

Another day, another high profile data breach, Medibank, Canva, Optus, Latitude – but it’s not just big corporations that are targeted. Every day, individuals and small businesses are under attack, and these stories don’t make the news. As a small business owner, a cyber security attack could end your business and really hurt your customers. But it is so easy to ensure that your business and customers are safe.

Join Victoria for this bonus episode giving you some simple steps to take to keep your small business cybersafe!

Acknowledgement of Country By Natarsha Bamblett aka Queen Acknowledgements.

The advice shared on She's On The Money is general in nature and does not consider your individual circumstances. She's On The Money exists purely for educational purposes and should not be relied upon to make an investment or financial decision. If you do choose to buy a financial product, read the PDS, TMD and obtain appropriate financial advice tailored towards your needs.  Victoria Devine and She's On The Money are authorised representatives of Money Sherpa PTY LTD ABN - 321649 27708,  AFSL - 451289.

 

See omnystudio.com/listener for privacy information.

Mark as Played
Transcript

Episode Transcript

Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Hello, my name's Santasha Nabananga Bamblet. I'm a proud yorder
order KERNI Whoalbury and a waddery woman. And before we
get started on She's on the Money podcast, I would
like to acknowledge the traditional custodians of the land of
which this podcast is recorded on a wondery country, acknowledging
the elders, the ancestors and the next generation coming through

(00:23):
as this podcast is about connecting, empowering, knowledge sharing and
the storytelling of you to make a difference for today
and lasting impact for tomorrow. Let's get into it.

Speaker 2 (00:34):
She's on the Money, She's on the Money.

Speaker 3 (00:57):
Hello, and welcome to She's on the Money the podcast
Millennials who want financial freedom. Guys, as you probably already know,
my name is Victoria Devine and I don't have someone
here with me today. I have a little solo episode
for you today, all about keeping your small business cyber safe.
I feel like at the moment, it's another day another
high profile data breach Medibank, Canva Optist Latitude. But it's

(01:21):
not just big corporations that are being targeted. Literally every day,
individuals and small businesses are under attack and these stories
just don't make the news because they're not that newsworthy
according to the media. As a small business owner myself,
this kind of terrifies me, and a cybersecurity attack could
literally end my business but also ruin my reputation and

(01:43):
hurt my community. But it is so easy to ensure
that your business and your community and your customers are safe,
and it's something that we all gloss over, right as
a small business owner, it is something that we are
so good at overlooking because it's always on the back burner.
There's always something so much more important to do. But
today I really want to chat to you about how
to get cyber safe. But first i'm Statskirl, so I

(02:04):
have come prepared with a number of stats for you.
So research shows that women are not as confident as
men when it comes to preparing, managing, and responding to
cyber attacks, even though we are less likely to be
scammed compared to our male counterparts. I feel like that's
the only good thing to come out of that. A
survey of more than two thousand small business owners and

(02:25):
employees showed that while female business owners are less likely
to be scammed compared to their male counterparts, they're not
as confident as men when it comes to their general
cybersecurity knowledge. And this survey it was part of the
Council of Small Business Organization cyber Warden's program A mouthful,
but it was developed in partnership with the CBA, so

(02:46):
the Commonwealth Bank and Telstra. All right, let's start with
arguably the most vital step, and that is passwords. I
feel like I'm talking to myself here, one because this
is a solo episode, but two because I'm really bad
at passwords. They all used to just be one word,
and everyone in my entire team used to know that word.

(03:06):
If you knew my family, you probably knew that word.
It wasn't good. But passwords really are your first line
of defense against cyber break ins, and it's essentially the
keys to your business. So strong, long and unique passwords
make your accounts more secure and are more likely to
keep out hackers. But now with the rise of supercomputers

(03:26):
and AI having a short and simple password, it means
that these are really easy for cyber criminals to crack.
Reusing passwords across different businesses or even personal accounts can
make you a target for what they call credential stuffing scams.
One compromised account is like giving cyber criminals the master
key to your entire business, which is really scaring. In

(03:49):
really busy small businesses, the temptation to use short, simple
passwords and repeat them is a really easy trap to
fall into, and one I used to fall into until
I learned about this and had to get myself to
get If you're doing your best to create secure passwords
and then struggling to remember them all, you're not alone.
So pass phrases are actually your best line of defense. Now,
if you're wondering what a passphrase was. When I first

(04:11):
heard passphrase, I was a little confused, so they let
me talk you through it. A passphrase are a type
of password that are harder for cyber criminals to crack,
and they're easy to remember, which makes them an easy
cyber safety win. Passphrases are longer, and they actually contain
a sequence of really random words, usually four or five
of them, and the trick is making sure it isn't

(04:32):
a proper sentence, but an easy combination for you to remember.
So if you're wondering the how do I create a
strong passphrase? A good passphrase generally contains at least four
words that are completely unrelated and completely unpredictable, and the
best way to generate a passphrase is to choose completely
random words, be extra careful, and make sure that they
don't contain any personal information. So if you were me,

(04:55):
you wouldn't go, all right, well, I'll use my cats
and my dog's name and my husband's name, because that
is really easy to guess because it's all over the internet.
It is not hard to find that information. Many websites
now require you to have it a capitalized character, number
and symbol, so you could still add this to a passphrase.
So you could capitalize random letters, or you could add hashes,

(05:16):
or you could add the at sign. You could also
spell out numbers instead of just using the number and
mix it all up. So that's what I've ultimately done.
And the important thing here is that they're not words
that are relatable to you. So I haven't used my name,
i haven't used my cat's name. I've literally used random words.
I've written down four key points that are kind of

(05:37):
like pro tips when using passphrases. So let me whip
through these really quickly so that we're all on the
same page. Number one don't duplicate your passphrases. So what
we want to do is ensure that each passphrase for
each account is unique and we never double up. Ever,
this means that if one does become compromised, you haven't
breached all of your accounts. Number two, We're going to

(05:58):
keep our passphrases to ourselves, so we're not going to
share our log in details with team members. It might
save some time and some money, but it honestly increases
your cyber risks and it is not worth doing it.
Number three is use a password manager to safely store passwords.
So this has been a game changer for me. Apps
can be used to securely manage passwords for all of
your accounts, and using one is going to keep all

(06:20):
of your accounts more secure. Number four is add a
virtual alarm by pairing passphrases with multi factor authentication. So
if your passphrase is ever compromised, multi factor authentication is
going to add another layer of security to keep your
account protected. And this for me, I thought it was
going to be really complicated, but it's not. I have
an app on my phone and it guards all of

(06:42):
my accounts. It's a simple code. I pop it in
and it just makes so much sense in all honesty,
I don't know why I didn't do it earlier. Another
massive threat to your small business is what's called a
bin attack. No, someone doesn't come at you with a
willie bin. Unfortunately, bin attacks are happening in Australia and
they're increasing year on year. At the end of twenty

(07:04):
twenty three, there was an ABC report who talked about
a Melbourne based business who had more than fifteen thousand
attempted transactions through their online shop in just a space
of two months. You're probably wondering what's a BIN. So
a BIN is a bank identification number and it refers
to the initial sequence of four to six numbers that
appears on your credit card. So it's the number used

(07:26):
to identify a cards issuing bank or another financial institution.
And a BIN attack is when cyber criminals steal BIN
numbers and then attempt to generate working cards by guessing
the remaining card numbers to check if these card numbers
are linked to real cards. Fraudsters they test them on
the payment page of your online shop and then if
it's a successful transaction, it means they've guessed a winning

(07:49):
combination of numbers and then they can start making a
heap more fraudulent transactions, which is really scary. So although
every bank card has sixteen numbers, it can be relatively
straightforward and pretty fast for cyber criminals to cycle through
the oldest of numbers that follow the bin in order
to make enough correct guesses and find a live card
number with accounts attached. So generating thousands of guesses and

(08:11):
testing them is actually fairly easy for a cyber criminal
thanks to the help of AI and computer bots. The
cyber criminal might then use these working card numbers to
make transactions themselves, or they might actually on sell those
numbers to other criminals to use them for bigger and
scarier things. Then, attacks pose two major risks to small businesses.
So firstly, they can be really expensive. Depending on the

(08:34):
contract with your payment gateway, you might actually be charged
for each attempted transaction, so this expense can multiply really
quickly if bots and AI are involved and your hit
with a really large attack. Secondly, they can be a
serious reputation risk when victims starts seeing your store charged
on their credit card, which is terrifying because you know

(08:55):
that wasn't you it was actually somebody else. So there
are multiple signs of a bin attack. And here are
some things that you need to look out for. So
are you experiencing lots of low value transactions that might
be pretty unusual for your business. You might have gotten
a heap of notifications that your customer's cards have been
declined multiple times. Have you seen the use of international cards,

(09:17):
so banking cards consistently from countries that are outside of Australia.
Maybe you've experienced a spike in transactions, whether they're attempted
and processed in a short period of time and the
same card number being used for multiple transactions. You might
also have noticed strange transactions outside your normal customer behavior.
So you might see things at three am in the morning,

(09:39):
for example, when all your normal transactions generally take place
between twelve pm and eleven pm. Or you might have
seen an unusually significant increase in transaction fees from your bank.
The final thing I want you to watch out for
is a really unusual spike in customers disputing payments. If
a group of customers all notice that their cards have
successfully been used on your website, they might contact you,

(10:02):
or they might just go direct to their bank and
dispute the payment because they go, well, this is fraudulent,
and process a refund or a chargeback. So these are
things that I need you to be looking out for.
And any small business with an online presence that accepts
payments over the internet is ultimately at risk. And this
includes me and I don't even have physical products. So
the best thing that you can do is actually set

(10:24):
yourself up with a payment processor that can identify these
types of attacks. So when you're searching for this type
of service for your online shop, I really need to
make sure that you're reading through what they offer in
regards to fraud prevention. Some processors may offer multiple additional
layers of protection, requiring customers to type in a capture
three D secure and the rate limit that you can

(10:46):
easily implement on your website. And I've got a few
points that I've written down here, so bear with me,
my friends. So what these processes are going to do
is check transactions are real and not a robot. This
means that you're making sure that genuine customers can make
their purchases, but a scammer using software to test various
credit card numbers might not be able to get through.
Adding a capture is one way that you can do this.

(11:09):
So then we're going to want to limit transactions and
set alarms for large transaction volumes. A rate limit actually
prevents the number of new customers who can be created
from a single Internet address in one day, which is
really important if you're a small business where a customer
only places maybe like one or two orders. A rate
limit is a really sensible option and isn't going to

(11:29):
impact your genuine customers because what type of customer is
creating lots and lots of different accounts from the same
Internet address right What it's going to do for you
is ensure that a scammer can't process hundreds or even
thousands of purchases through your website, which protects you and
your consumer. And then the next thing you want to
do is turn on a virtual alarm for online payments.

(11:51):
Are you familiar with multi factor authentication for your online accounts?
When you try to log in, you might have to
enter like a code or a one time password to
double check it's you. I mention before that I've got
an app on my phone that lets me get into everything.
And when I say everything, I mean everything. If I
can multi factor authenticate something. I have my Facebook, my Instagram,
obviously my bank, but also were recently I was able

(12:14):
to multifactor my pet food ordering company. So we are
going hard on this because it's so important, and to
be honest, my credit card details are where my pet
food is ordered, so I don't particularly want anyone jumping
into that. And business is. You can do the same
for all online payments. Its official name is three D
Secure or three DS, but it works really simply when

(12:36):
a customer's card is attempted to be charged, they will
have to verify that you're the one trying to make
a payment. Think of it like turning on a virtual
alarm to online payments, which I think is really smart.
Now let's go to a really quick break, because I
feel like I have been talking underwater with a mouthful
of marbles. So I'm gonna grab a coffee, and when
we get back, i'm gonna give you my top four
security tips for small businesses, and we're going to be

(12:58):
talking about how to pimp your passwork. So don't go anywhere,
all right, guys, we are back, and I did promise
that I would give you my top four security tips
and in a minute, I'll get to how to pimpy
a password, but calm down, we actually need to get
through these top four security tips first. So number one,
I need you to make sure that you don't ignore

(13:20):
software upgrades. I am always clicking the button that says
remind me later, and it's really easy to do that
when pesky software updates pop up on your phone or
computer screen. Literally I have only just updated my iPhone
and it has been months since the last update came out,
and that is honestly not good enough. I also feel
like whenever my computer needs an update, it always pops

(13:41):
up at the most inopportune time. I'm jumping into a
Teams meeting and my computer's like, oh hey, they good
time to update your computer, and I always hit remind
me later. But what you're gonna do if that happens
is just set a little reminder on your phone so
that you can come back to it. Software updates often
contain really important patches or fixes for secure flaws in
your operating system or software, so what we need to

(14:03):
do is make sure that they're always up to date.
Cybercriminals know about these weaknesses, and they know how to
exploit them. It's why your software company wants to update
them because they've identified them as well, and usually it's
through a breach. So updating your software can close the
gaps to make it harder for cyber criminals to break
into your business, which is a win for everyone. And

(14:23):
cyber criminals, let's be honest, they're quite intelligent. I mean
I wish that they would use their intelligence for better
but they don't. But they know this and they attempt
to impersonate these trusted organizations to scam small businesses. So
always check who is sending you this notification. Is it
an email, Is that a trusted email? If it's a
text message, make sure you're trusting where this is coming

(14:46):
from before you action anything. In fact, across my entire life,
I have decided to never click a link in a
text message ever again, and I think that most businesses
are on board with this nowadays. I know the banks
are jumping up and down about how do not click links?
We would never send you a link, We would never
do that to you. So I feel like, if you
want my business, you will not send me a link.

(15:07):
You'll say, go to my website. I know your website.
Oh key it in myself. Thank you. The second thing
we're going to do is use multi factor authentication on
your devices. So, as I said before, I'm obsessed with this.
I have it now. It does make me feel a
lot safer. Multi factor authentication is an added layer of
security for your accounts that makes it so much harder
for hackers to break in. Using multi factor authentication means

(15:30):
that anyone who wants to log into your account is
going to need to supply additional information in addition to
your username and password, and some accounts use a unique
text message wile others will suggest to use an authenticator app.
So I use both. But I think it's really important
that you're implementing these things. I told you that i'd
tell you how to pimp out your password, so new

(15:50):
financial year knew me, but also new password babe. The
new financial year is a great time to wipe the
slate clean with old passwords and usher in some new,
stronger ones week. Passwords, especially those used across multiple accounts,
are one of the biggest risks to cybersecurity for small businesses.
As I mentioned before, a password manager can help you

(16:11):
create strong passwords and then save them in a really
secure place, meaning you don't need to remember them all
for your accounts. They're in your password manager, which is
completely protected. And then four, what we're going to do
is back up our business. You back yourself in business.
You need to back your actual business when it comes
to protecting it from a cyber attack. What will you

(16:32):
do if your small business was the victim of a
cyber attack and your critical business information couldn't be recovered.
There's a few things here, right. Let's pretend that someone
attacks your business. You lose a heap of money, and
the bank refunds all of your money. Fantastic money win. However,
what about your reputation. I know that companies who have
experienced these types of breaches lose a lot of customers.

(16:54):
And they don't just lose customers because it happened to them.
They lose customers because the reputation that they were safe
makes people really, really worried. So it is so much
more important than just worrying about the financial loss. A
loss as important as business and customer data could be
completely devastating for any small business, and a really good
way to help protect yourself from that loss is to

(17:17):
make a plan to regularly back up your critical business information,
either through an external storage drive or in the cloud,
or if you're me, you do both because you have
anxiety while you make up a backup plan. It's a
really good time to consider making an emergency plan in
the event of a cyber attack. A sound emergency plan
will outline how staff should report a suspected cyber incident,

(17:41):
who would you contact for help, and how would you
communicate any incident to customers or stuff, and how would
you manage if critical systems are then offline for any
period of time. An emergency plan sounds a bit silly,
but it can actually help you feel in control and
recover quickly in the event of a cyber threat or incident.
The other thing I would say here is how do

(18:02):
you educate your consumer in advance? So I know, because
I own a mortgage broken company and we deal with
money every single day, that at the bottom of our
emails we are always letting customers know. It's literally in
our email signature that we will never ask you via
email to transfer funds. If we ever send you bank codes,

(18:23):
BSB and account numbers to deposit money, it is not
us because we would never do that. And I think
that educating your consumer upfront is going to mean that
you're protecting yourself as well as you can. Now, I
feel like that was a lot, because it is a lot.
Cybercrime is sadly on the rise, and I think it's
so important to keep your small business cyber safe. It

(18:45):
is something that has slipped to the wayside for a
long time for me and now is not, thank God,
But I think it's really important that you take it
seriously as well. To me, one of the things that
stopped me was it felt like an overwhelming admin task.
So if you're going to do it, set some time
aside and get it done, because it's one of the
most important things that you do for your business. But friends,

(19:06):
I know I have talked a lot about this. I'm
happy to continue the conversation, but unfortunately when it comes
to podcast time, that is all we have time for today.
So if you'd like to chat more about this, we
can jump into the Business Bible Facebook community. You can
join us on Instagram. Obviously, we're a community that shares
our business and money tips and tricks every single day
free of judgment. So so she's on the Money or

(19:28):
the Business Bible on Facebook and join us if Facebook's
not your thing. Though, She's on the Money aus so
don't forget to join the conversation and I will see
you next time, hopefully for another solo episode. The advice
shared on She's on the Money is general in nature

(19:49):
and does not consider your individual circumstances. She's on the
Money exists purely for educational purposes and should not be
relied upon to make an investment or financial decision. If
you do choose to buy a financial product, read the
PDS TMD and obtain appropriate financial advice tailored towards your needs.
Victoria Divine and She's on the Money are authorized representatives

(20:11):
of Money sherper P t y lt D A b
N three two one six four nine two seven seven
zero eight afs L four five one two eight nine
Advertise With Us

Popular Podcasts

On Purpose with Jay Shetty

On Purpose with Jay Shetty

I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!

Dateline NBC

Dateline NBC

Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com

Stuff You Should Know

Stuff You Should Know

If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.

Music, radio and podcasts, all free. Listen online or download the iHeart App.

Connect

© 2025 iHeartMedia, Inc.