1 00:00:00,680 --> 00:00:05,000 Speaker 1: Hello, my name's Santasha Nabananga Bamblet. I'm a proud yord 2 00:00:05,160 --> 00:00:08,760 Speaker 1: Order Kerni Whoalbury and a waddery woman. And before we 3 00:00:08,800 --> 00:00:11,440 Speaker 1: get started on She's on the Money podcast, I would 4 00:00:11,520 --> 00:00:14,520 Speaker 1: like to acknowledge the traditional custodians of the land of 5 00:00:14,560 --> 00:00:18,680 Speaker 1: which this podcast is recorded on a wondery country, acknowledging 6 00:00:18,680 --> 00:00:22,560 Speaker 1: the elders, the ancestors and the next generation coming through 7 00:00:23,040 --> 00:00:27,159 Speaker 1: as this podcast is about connecting, empowering, knowledge sharing and 8 00:00:27,200 --> 00:00:30,560 Speaker 1: the storytelling of you to make a difference for today 9 00:00:31,040 --> 00:00:34,200 Speaker 1: and lasting impact for tomorrow. Let's get into it. 10 00:00:34,360 --> 00:00:58,240 Speaker 2: She's on the Money, She's on the Money. Hello, and 11 00:00:58,400 --> 00:01:01,440 Speaker 2: welcome to She's on the Money the podcast Millennials who 12 00:01:01,480 --> 00:01:05,160 Speaker 2: want financial freedom. Guys, as you probably already know, my 13 00:01:05,280 --> 00:01:08,280 Speaker 2: name is Victoria Devine and I don't have someone here 14 00:01:08,280 --> 00:01:10,800 Speaker 2: with me today. I have a little solo episode for 15 00:01:10,840 --> 00:01:14,839 Speaker 2: you today, all about keeping your small business cyber safe. 16 00:01:15,080 --> 00:01:17,199 Speaker 2: I feel like at the moment, it's another day another 17 00:01:17,360 --> 00:01:21,840 Speaker 2: high profile data breach Medibank, Canva Optist Latitude. But it's 18 00:01:21,959 --> 00:01:25,880 Speaker 2: not just big corporations that are being targeted. Literally every day, 19 00:01:26,000 --> 00:01:29,480 Speaker 2: individuals and small businesses are under attack and these stories 20 00:01:29,760 --> 00:01:32,399 Speaker 2: just don't make the news because they're not that newsworthy 21 00:01:32,440 --> 00:01:35,560 Speaker 2: according to the media. As a small business owner myself, 22 00:01:35,600 --> 00:01:39,320 Speaker 2: this kind of terrifies me, and a cybersecurity attack could 23 00:01:39,360 --> 00:01:43,120 Speaker 2: literally end my business but also ruin my reputation and 24 00:01:43,240 --> 00:01:46,160 Speaker 2: hurt my community. But it is so easy to ensure 25 00:01:46,160 --> 00:01:48,960 Speaker 2: that your business and your community and your customers are safe, 26 00:01:48,960 --> 00:01:51,520 Speaker 2: and it's something that we all gloss over, right as 27 00:01:51,520 --> 00:01:53,640 Speaker 2: a small business owner, it is something that we are 28 00:01:53,760 --> 00:01:56,360 Speaker 2: so good at overlooking because it's always on the back burner. 29 00:01:56,360 --> 00:01:59,000 Speaker 2: There's always something so much more important to do. But 30 00:01:59,040 --> 00:02:01,400 Speaker 2: today I really want to chat to you about how 31 00:02:01,400 --> 00:02:04,560 Speaker 2: to get cyber safe. But first i'm Statskirl, so I 32 00:02:04,600 --> 00:02:06,840 Speaker 2: have come prepared with a number of stats for you. 33 00:02:07,360 --> 00:02:10,480 Speaker 2: So research shows that women are not as confident as 34 00:02:10,520 --> 00:02:13,280 Speaker 2: men when it comes to preparing, managing, and responding to 35 00:02:13,360 --> 00:02:16,639 Speaker 2: cyber attacks, even though we are less likely to be 36 00:02:16,720 --> 00:02:19,960 Speaker 2: scammed compared to our male counterparts. I feel like that's 37 00:02:20,000 --> 00:02:22,080 Speaker 2: the only good thing to come out of that. A 38 00:02:22,160 --> 00:02:25,320 Speaker 2: survey of more than two thousand small business owners and 39 00:02:25,400 --> 00:02:29,120 Speaker 2: employees showed that while female business owners are less likely 40 00:02:29,160 --> 00:02:32,360 Speaker 2: to be scammed compared to their male counterparts, they're not 41 00:02:32,440 --> 00:02:34,880 Speaker 2: as confident as men when it comes to their general 42 00:02:34,880 --> 00:02:38,720 Speaker 2: cybersecurity knowledge. And this survey it was part of the 43 00:02:38,800 --> 00:02:42,959 Speaker 2: Council of Small Business Organization cyber Warden's program A mouthful, 44 00:02:43,040 --> 00:02:45,920 Speaker 2: but it was developed in partnership with the CBA, so 45 00:02:46,040 --> 00:02:49,600 Speaker 2: the Commonwealth Bank and Telstra. All right, let's start with 46 00:02:49,840 --> 00:02:53,640 Speaker 2: arguably the most vital step, and that is passwords. I 47 00:02:53,639 --> 00:02:56,360 Speaker 2: feel like I'm talking to myself here, one because this 48 00:02:56,440 --> 00:03:00,000 Speaker 2: is a solo episode, but two because I'm really bad 49 00:03:00,120 --> 00:03:03,079 Speaker 2: at passwords. They all used to just be one word, 50 00:03:03,480 --> 00:03:06,320 Speaker 2: and everyone in my entire team used to know that word. 51 00:03:06,400 --> 00:03:08,880 Speaker 2: If you knew my family, you probably knew that word. 52 00:03:09,120 --> 00:03:12,320 Speaker 2: It wasn't good. But passwords really are your first line 53 00:03:12,360 --> 00:03:15,639 Speaker 2: of defense against cyber break ins, and it's essentially the 54 00:03:15,760 --> 00:03:19,880 Speaker 2: keys to your business. So strong, long and unique passwords 55 00:03:19,960 --> 00:03:22,800 Speaker 2: make your accounts more secure and are more likely to 56 00:03:22,880 --> 00:03:26,880 Speaker 2: keep out hackers. But now with the rise of supercomputers 57 00:03:26,880 --> 00:03:30,240 Speaker 2: and AI having a short and simple password, it means 58 00:03:30,280 --> 00:03:33,480 Speaker 2: that these are really easy for cyber criminals to crack. 59 00:03:33,720 --> 00:03:37,640 Speaker 2: Reusing passwords across different businesses or even personal accounts can 60 00:03:37,760 --> 00:03:41,480 Speaker 2: make you a target for what they call credential stuffing scams. 61 00:03:41,920 --> 00:03:45,400 Speaker 2: One compromised account is like giving cyber criminals the master 62 00:03:45,480 --> 00:03:49,320 Speaker 2: key to your entire business, which is really scaring. In 63 00:03:49,400 --> 00:03:52,520 Speaker 2: really busy small businesses, the temptation to use short, simple 64 00:03:52,560 --> 00:03:55,200 Speaker 2: passwords and repeat them is a really easy trap to 65 00:03:55,240 --> 00:03:57,720 Speaker 2: fall into, and one I used to fall into until 66 00:03:57,760 --> 00:03:59,760 Speaker 2: I learned about this and had to get myself to 67 00:03:59,800 --> 00:04:03,080 Speaker 2: get If you're doing your best to create secure passwords 68 00:04:03,080 --> 00:04:05,600 Speaker 2: and then struggling to remember them all, you're not alone. 69 00:04:05,640 --> 00:04:08,920 Speaker 2: So pass phrases are actually your best line of defense. Now, 70 00:04:08,920 --> 00:04:11,280 Speaker 2: if you're wondering what a passphrase was. When I first 71 00:04:11,320 --> 00:04:13,640 Speaker 2: heard passphrase, I was a little confused, so they let 72 00:04:13,680 --> 00:04:16,240 Speaker 2: me talk you through it. A passphrase are a type 73 00:04:16,240 --> 00:04:18,880 Speaker 2: of password that are harder for cyber criminals to crack, 74 00:04:18,960 --> 00:04:21,720 Speaker 2: and they're easy to remember, which makes them an easy 75 00:04:21,720 --> 00:04:25,359 Speaker 2: cyber safety win. Passphrases are longer, and they actually contain 76 00:04:25,440 --> 00:04:28,920 Speaker 2: a sequence of really random words, usually four or five 77 00:04:28,960 --> 00:04:32,159 Speaker 2: of them, and the trick is making sure it isn't 78 00:04:32,240 --> 00:04:35,599 Speaker 2: a proper sentence, but an easy combination for you to remember. 79 00:04:36,000 --> 00:04:38,159 Speaker 2: So if you're wondering the how do I create a 80 00:04:38,200 --> 00:04:42,080 Speaker 2: strong passphrase? A good passphrase generally contains at least four 81 00:04:42,120 --> 00:04:46,000 Speaker 2: words that are completely unrelated and completely unpredictable, and the 82 00:04:46,040 --> 00:04:49,320 Speaker 2: best way to generate a passphrase is to choose completely 83 00:04:49,480 --> 00:04:52,080 Speaker 2: random words, be extra careful, and make sure that they 84 00:04:52,080 --> 00:04:54,880 Speaker 2: don't contain any personal information. So if you were me, 85 00:04:55,040 --> 00:04:56,880 Speaker 2: you wouldn't go, all right, well, I'll use my cats 86 00:04:56,880 --> 00:04:59,200 Speaker 2: and my dog's name and my husband's name, because that 87 00:04:59,360 --> 00:05:02,760 Speaker 2: is really easy to guess because it's all over the internet. 88 00:05:02,839 --> 00:05:06,240 Speaker 2: It is not hard to find that information. Many websites 89 00:05:06,320 --> 00:05:09,039 Speaker 2: now require you to have it a capitalized character, number 90 00:05:09,080 --> 00:05:11,960 Speaker 2: and symbol, so you could still add this to a passphrase. 91 00:05:12,000 --> 00:05:15,800 Speaker 2: So you could capitalize random letters, or you could add hashes, 92 00:05:16,080 --> 00:05:18,479 Speaker 2: or you could add the at sign. You could also 93 00:05:18,600 --> 00:05:21,640 Speaker 2: spell out numbers instead of just using the number and 94 00:05:21,720 --> 00:05:24,599 Speaker 2: mix it all up. So that's what I've ultimately done. 95 00:05:24,839 --> 00:05:27,560 Speaker 2: And the important thing here is that they're not words 96 00:05:27,560 --> 00:05:29,839 Speaker 2: that are relatable to you. So I haven't used my name, 97 00:05:29,920 --> 00:05:34,200 Speaker 2: i haven't used my cat's name. I've literally used random words. 98 00:05:34,640 --> 00:05:37,400 Speaker 2: I've written down four key points that are kind of 99 00:05:37,440 --> 00:05:40,279 Speaker 2: like pro tips when using passphrases. So let me whip 100 00:05:40,320 --> 00:05:42,479 Speaker 2: through these really quickly so that we're all on the 101 00:05:42,520 --> 00:05:46,440 Speaker 2: same page. Number one don't duplicate your passphrases. So what 102 00:05:46,440 --> 00:05:48,800 Speaker 2: we want to do is ensure that each passphrase for 103 00:05:48,839 --> 00:05:51,520 Speaker 2: each account is unique and we never double up. Ever, 104 00:05:52,120 --> 00:05:55,080 Speaker 2: this means that if one does become compromised, you haven't 105 00:05:55,120 --> 00:05:58,479 Speaker 2: breached all of your accounts. Number two, We're going to 106 00:05:58,560 --> 00:06:00,760 Speaker 2: keep our passphrases to ourselves, so we're not going to 107 00:06:00,800 --> 00:06:03,480 Speaker 2: share our log in details with team members. It might 108 00:06:03,520 --> 00:06:06,599 Speaker 2: save some time and some money, but it honestly increases 109 00:06:06,600 --> 00:06:09,200 Speaker 2: your cyber risks and it is not worth doing it. 110 00:06:09,640 --> 00:06:13,359 Speaker 2: Number three is use a password manager to safely store passwords. 111 00:06:13,360 --> 00:06:15,599 Speaker 2: So this has been a game changer for me. Apps 112 00:06:15,600 --> 00:06:18,320 Speaker 2: can be used to securely manage passwords for all of 113 00:06:18,320 --> 00:06:20,720 Speaker 2: your accounts, and using one is going to keep all 114 00:06:20,760 --> 00:06:23,960 Speaker 2: of your accounts more secure. Number four is add a 115 00:06:24,040 --> 00:06:28,400 Speaker 2: virtual alarm by pairing passphrases with multi factor authentication. So 116 00:06:28,480 --> 00:06:32,599 Speaker 2: if your passphrase is ever compromised, multi factor authentication is 117 00:06:32,600 --> 00:06:35,159 Speaker 2: going to add another layer of security to keep your 118 00:06:35,279 --> 00:06:38,160 Speaker 2: account protected. And this for me, I thought it was 119 00:06:38,200 --> 00:06:40,359 Speaker 2: going to be really complicated, but it's not. I have 120 00:06:40,440 --> 00:06:42,880 Speaker 2: an app on my phone and it guards all of 121 00:06:42,920 --> 00:06:45,280 Speaker 2: my accounts. It's a simple code. I pop it in 122 00:06:45,400 --> 00:06:47,720 Speaker 2: and it just makes so much sense in all honesty, 123 00:06:47,880 --> 00:06:50,880 Speaker 2: I don't know why I didn't do it earlier. Another 124 00:06:51,000 --> 00:06:53,440 Speaker 2: massive threat to your small business is what's called a 125 00:06:53,480 --> 00:06:56,400 Speaker 2: bin attack. No, someone doesn't come at you with a 126 00:06:56,400 --> 00:07:01,080 Speaker 2: willie bin. Unfortunately, bin attacks are happening in Australia and 127 00:07:01,279 --> 00:07:04,480 Speaker 2: they're increasing year on year. At the end of twenty 128 00:07:04,520 --> 00:07:07,680 Speaker 2: twenty three, there was an ABC report who talked about 129 00:07:07,680 --> 00:07:11,280 Speaker 2: a Melbourne based business who had more than fifteen thousand 130 00:07:11,440 --> 00:07:15,080 Speaker 2: attempted transactions through their online shop in just a space 131 00:07:15,120 --> 00:07:18,640 Speaker 2: of two months. You're probably wondering what's a BIN. So 132 00:07:18,760 --> 00:07:21,640 Speaker 2: a BIN is a bank identification number and it refers 133 00:07:21,680 --> 00:07:24,040 Speaker 2: to the initial sequence of four to six numbers that 134 00:07:24,120 --> 00:07:26,840 Speaker 2: appears on your credit card. So it's the number used 135 00:07:26,880 --> 00:07:30,480 Speaker 2: to identify a cards issuing bank or another financial institution. 136 00:07:30,880 --> 00:07:33,800 Speaker 2: And a BIN attack is when cyber criminals steal BIN 137 00:07:33,880 --> 00:07:37,480 Speaker 2: numbers and then attempt to generate working cards by guessing 138 00:07:37,520 --> 00:07:40,480 Speaker 2: the remaining card numbers to check if these card numbers 139 00:07:40,520 --> 00:07:43,720 Speaker 2: are linked to real cards. Fraudsters they test them on 140 00:07:43,760 --> 00:07:46,360 Speaker 2: the payment page of your online shop and then if 141 00:07:46,400 --> 00:07:49,080 Speaker 2: it's a successful transaction, it means they've guessed a winning 142 00:07:49,120 --> 00:07:51,240 Speaker 2: combination of numbers and then they can start making a 143 00:07:51,280 --> 00:07:55,320 Speaker 2: heap more fraudulent transactions, which is really scary. So although 144 00:07:55,400 --> 00:07:58,760 Speaker 2: every bank card has sixteen numbers, it can be relatively 145 00:07:58,800 --> 00:08:02,160 Speaker 2: straightforward and pretty fast for cyber criminals to cycle through 146 00:08:02,320 --> 00:08:05,040 Speaker 2: the oldest of numbers that follow the bin in order 147 00:08:05,080 --> 00:08:07,520 Speaker 2: to make enough correct guesses and find a live card 148 00:08:07,600 --> 00:08:11,560 Speaker 2: number with accounts attached. So generating thousands of guesses and 149 00:08:11,640 --> 00:08:14,520 Speaker 2: testing them is actually fairly easy for a cyber criminal 150 00:08:14,560 --> 00:08:17,080 Speaker 2: thanks to the help of AI and computer bots. The 151 00:08:17,120 --> 00:08:20,160 Speaker 2: cyber criminal might then use these working card numbers to 152 00:08:20,200 --> 00:08:23,800 Speaker 2: make transactions themselves, or they might actually on sell those 153 00:08:23,880 --> 00:08:26,360 Speaker 2: numbers to other criminals to use them for bigger and 154 00:08:26,400 --> 00:08:30,960 Speaker 2: scarier things. Then, attacks pose two major risks to small businesses. 155 00:08:31,080 --> 00:08:34,080 Speaker 2: So firstly, they can be really expensive. Depending on the 156 00:08:34,120 --> 00:08:37,439 Speaker 2: contract with your payment gateway, you might actually be charged 157 00:08:37,440 --> 00:08:41,720 Speaker 2: for each attempted transaction, so this expense can multiply really 158 00:08:41,800 --> 00:08:44,559 Speaker 2: quickly if bots and AI are involved and your hit 159 00:08:44,679 --> 00:08:47,720 Speaker 2: with a really large attack. Secondly, they can be a 160 00:08:47,840 --> 00:08:51,800 Speaker 2: serious reputation risk when victims starts seeing your store charged 161 00:08:51,880 --> 00:08:55,360 Speaker 2: on their credit card, which is terrifying because you know 162 00:08:55,440 --> 00:08:59,200 Speaker 2: that wasn't you it was actually somebody else. So there 163 00:08:59,240 --> 00:09:01,880 Speaker 2: are multiple signs of a bin attack. And here are 164 00:09:01,880 --> 00:09:03,920 Speaker 2: some things that you need to look out for. So 165 00:09:04,200 --> 00:09:07,680 Speaker 2: are you experiencing lots of low value transactions that might 166 00:09:07,720 --> 00:09:11,000 Speaker 2: be pretty unusual for your business. You might have gotten 167 00:09:11,040 --> 00:09:13,720 Speaker 2: a heap of notifications that your customer's cards have been 168 00:09:13,720 --> 00:09:17,680 Speaker 2: declined multiple times. Have you seen the use of international cards, 169 00:09:17,720 --> 00:09:22,280 Speaker 2: so banking cards consistently from countries that are outside of Australia. 170 00:09:22,760 --> 00:09:26,160 Speaker 2: Maybe you've experienced a spike in transactions, whether they're attempted 171 00:09:26,240 --> 00:09:29,320 Speaker 2: and processed in a short period of time and the 172 00:09:29,400 --> 00:09:33,600 Speaker 2: same card number being used for multiple transactions. You might 173 00:09:33,640 --> 00:09:37,280 Speaker 2: also have noticed strange transactions outside your normal customer behavior. 174 00:09:37,400 --> 00:09:39,440 Speaker 2: So you might see things at three am in the morning, 175 00:09:39,480 --> 00:09:43,120 Speaker 2: for example, when all your normal transactions generally take place 176 00:09:43,160 --> 00:09:46,160 Speaker 2: between twelve pm and eleven pm. Or you might have 177 00:09:46,200 --> 00:09:50,480 Speaker 2: seen an unusually significant increase in transaction fees from your bank. 178 00:09:50,800 --> 00:09:52,640 Speaker 2: The final thing I want you to watch out for 179 00:09:52,760 --> 00:09:57,000 Speaker 2: is a really unusual spike in customers disputing payments. If 180 00:09:57,000 --> 00:09:59,319 Speaker 2: a group of customers all notice that their cards have 181 00:09:59,400 --> 00:10:02,480 Speaker 2: successfully been used on your website, they might contact you, 182 00:10:02,840 --> 00:10:05,040 Speaker 2: or they might just go direct to their bank and 183 00:10:05,040 --> 00:10:07,439 Speaker 2: dispute the payment because they go, well, this is fraudulent, 184 00:10:07,520 --> 00:10:10,959 Speaker 2: and process a refund or a chargeback. So these are 185 00:10:11,000 --> 00:10:13,000 Speaker 2: things that I need you to be looking out for. 186 00:10:13,080 --> 00:10:15,920 Speaker 2: And any small business with an online presence that accepts 187 00:10:16,000 --> 00:10:18,920 Speaker 2: payments over the internet is ultimately at risk. And this 188 00:10:19,040 --> 00:10:21,800 Speaker 2: includes me and I don't even have physical products. So 189 00:10:22,120 --> 00:10:24,240 Speaker 2: the best thing that you can do is actually set 190 00:10:24,280 --> 00:10:27,439 Speaker 2: yourself up with a payment processor that can identify these 191 00:10:27,480 --> 00:10:30,320 Speaker 2: types of attacks. So when you're searching for this type 192 00:10:30,320 --> 00:10:32,959 Speaker 2: of service for your online shop, I really need to 193 00:10:33,000 --> 00:10:35,000 Speaker 2: make sure that you're reading through what they offer in 194 00:10:35,040 --> 00:10:39,600 Speaker 2: regards to fraud prevention. Some processors may offer multiple additional 195 00:10:39,679 --> 00:10:43,200 Speaker 2: layers of protection, requiring customers to type in a capture 196 00:10:43,679 --> 00:10:46,199 Speaker 2: three D secure and the rate limit that you can 197 00:10:46,240 --> 00:10:48,760 Speaker 2: easily implement on your website. And I've got a few 198 00:10:48,800 --> 00:10:50,960 Speaker 2: points that I've written down here, so bear with me, 199 00:10:51,080 --> 00:10:53,400 Speaker 2: my friends. So what these processes are going to do 200 00:10:53,559 --> 00:10:56,520 Speaker 2: is check transactions are real and not a robot. This 201 00:10:56,640 --> 00:10:59,719 Speaker 2: means that you're making sure that genuine customers can make 202 00:10:59,720 --> 00:11:03,320 Speaker 2: their purchases, but a scammer using software to test various 203 00:11:03,320 --> 00:11:05,840 Speaker 2: credit card numbers might not be able to get through. 204 00:11:06,240 --> 00:11:08,880 Speaker 2: Adding a capture is one way that you can do this. 205 00:11:09,040 --> 00:11:11,360 Speaker 2: So then we're going to want to limit transactions and 206 00:11:11,440 --> 00:11:15,880 Speaker 2: set alarms for large transaction volumes. A rate limit actually 207 00:11:15,880 --> 00:11:18,520 Speaker 2: prevents the number of new customers who can be created 208 00:11:18,559 --> 00:11:21,120 Speaker 2: from a single Internet addressing one day, which is really 209 00:11:21,200 --> 00:11:24,000 Speaker 2: important if you're a small business where a customer only 210 00:11:24,040 --> 00:11:27,120 Speaker 2: places maybe like one or two orders. A rate limit 211 00:11:27,200 --> 00:11:29,480 Speaker 2: is a really sensible option and isn't going to impact 212 00:11:29,559 --> 00:11:32,959 Speaker 2: your genuine customers because what type of customer is creating 213 00:11:33,000 --> 00:11:35,559 Speaker 2: lots and lots of different accounts from the same Internet 214 00:11:35,559 --> 00:11:38,240 Speaker 2: address right. What it's going to do for you is 215 00:11:38,320 --> 00:11:41,480 Speaker 2: ensure that a scammer can't process hundreds or even thousands 216 00:11:41,520 --> 00:11:45,319 Speaker 2: of purchases through your website, which protects you and your consumer. 217 00:11:45,800 --> 00:11:47,920 Speaker 2: And then the next thing you want to do is 218 00:11:48,000 --> 00:11:51,280 Speaker 2: turn on a virtual alarm for online payments. Are you 219 00:11:51,320 --> 00:11:54,480 Speaker 2: familiar with multi factor authentication for your online accounts? When 220 00:11:54,520 --> 00:11:56,400 Speaker 2: you try to log in, you might have to enter 221 00:11:56,440 --> 00:11:58,800 Speaker 2: like a code or a one time password to double 222 00:11:58,880 --> 00:12:01,040 Speaker 2: check it's you. I mention before that I've got an 223 00:12:01,080 --> 00:12:03,679 Speaker 2: app on my phone that lets me get into everything. 224 00:12:03,760 --> 00:12:05,959 Speaker 2: And when I say everything, I mean everything. If I 225 00:12:06,000 --> 00:12:10,200 Speaker 2: can multi factor authenticate something. I have my Facebook, my Instagram, 226 00:12:10,240 --> 00:12:14,000 Speaker 2: obviously my bank, but also more recently I was able 227 00:12:14,080 --> 00:12:17,320 Speaker 2: to multifactor my pet food ordering company. So we are 228 00:12:17,360 --> 00:12:20,520 Speaker 2: going hard on this because it's so important, and to 229 00:12:20,559 --> 00:12:23,200 Speaker 2: be honest, my credit card details are where my pet 230 00:12:23,200 --> 00:12:26,160 Speaker 2: food is ordered, so I don't particularly want anyone jumping 231 00:12:26,160 --> 00:12:29,000 Speaker 2: into that. And business is. You can do the same 232 00:12:29,080 --> 00:12:32,760 Speaker 2: for all online payments. Its official name is three D 233 00:12:32,880 --> 00:12:36,360 Speaker 2: Secure or three DS, but it works really simply when 234 00:12:36,400 --> 00:12:39,600 Speaker 2: a customer's card is attempted to be charged, they will 235 00:12:39,640 --> 00:12:41,640 Speaker 2: have to verify that you're the one trying to make 236 00:12:41,640 --> 00:12:43,800 Speaker 2: a payment. Think of it like turning on a virtual 237 00:12:43,800 --> 00:12:47,080 Speaker 2: alarm to online payments, which I think is really smart. 238 00:12:47,240 --> 00:12:49,280 Speaker 2: Now let's go to a really quick break, because I 239 00:12:49,320 --> 00:12:51,840 Speaker 2: feel like I have been talking underwater with a mouthful 240 00:12:51,880 --> 00:12:54,000 Speaker 2: of marbles. So I'm gonna grab a coffee, and when 241 00:12:54,040 --> 00:12:55,839 Speaker 2: we get back, i'm gonna give you my top four 242 00:12:55,880 --> 00:12:58,280 Speaker 2: security tips for small businesses, and we're going to be 243 00:12:58,320 --> 00:13:01,679 Speaker 2: talking about how to pimp your passwork. So don't go anywhere, 244 00:13:05,920 --> 00:13:08,120 Speaker 2: all right, guys, we are back, and I did promise 245 00:13:08,160 --> 00:13:10,559 Speaker 2: that I would give you my top four security tips 246 00:13:10,679 --> 00:13:12,800 Speaker 2: and in a minute, I'll get to how to pimpy 247 00:13:12,800 --> 00:13:15,079 Speaker 2: a password, but calm down, we actually need to get 248 00:13:15,080 --> 00:13:18,040 Speaker 2: through these top four security tips first. So number one, 249 00:13:18,280 --> 00:13:20,559 Speaker 2: I need you to make sure that you don't ignore 250 00:13:20,640 --> 00:13:24,160 Speaker 2: software upgrades. I am always clicking the button that says 251 00:13:24,200 --> 00:13:26,480 Speaker 2: remind me later, and it's really easy to do that 252 00:13:26,640 --> 00:13:29,240 Speaker 2: when pesky software updates pop up on your phone or 253 00:13:29,240 --> 00:13:32,640 Speaker 2: computer screen. Literally I have only just updated my iPhone 254 00:13:32,679 --> 00:13:35,480 Speaker 2: and it has been months since the last update came out, 255 00:13:35,520 --> 00:13:38,360 Speaker 2: and that is honestly not good enough. I also feel 256 00:13:38,360 --> 00:13:41,160 Speaker 2: like whenever my computer needs an update, it always pops 257 00:13:41,240 --> 00:13:44,120 Speaker 2: up at the most inopportune time. I'm jumping into a 258 00:13:44,120 --> 00:13:46,760 Speaker 2: Teams meeting in my computer's like, oh hey, they good 259 00:13:46,840 --> 00:13:49,920 Speaker 2: time to update your computer, and I always hit remind 260 00:13:50,000 --> 00:13:52,480 Speaker 2: me later. But what you're gonna do if that happens 261 00:13:52,600 --> 00:13:54,400 Speaker 2: is just set a little reminder on your phone so 262 00:13:54,440 --> 00:13:57,280 Speaker 2: that you can come back to it. Software updates often 263 00:13:57,320 --> 00:14:00,680 Speaker 2: contain really important patches or fixes for secure flaws in 264 00:14:00,760 --> 00:14:03,160 Speaker 2: your operating system or software, so what we need to 265 00:14:03,160 --> 00:14:05,400 Speaker 2: do is make sure that they're always up to date. 266 00:14:05,840 --> 00:14:09,080 Speaker 2: Cybercriminals know about these weaknesses, and they know how to 267 00:14:09,120 --> 00:14:12,280 Speaker 2: exploit them. It's why your software company wants to update 268 00:14:12,320 --> 00:14:15,560 Speaker 2: them because they've identified them as well, and usually it's 269 00:14:15,600 --> 00:14:18,920 Speaker 2: through a breach. So updating your software can close the 270 00:14:18,960 --> 00:14:21,400 Speaker 2: gaps to make it harder for cyber criminals to break 271 00:14:21,400 --> 00:14:23,800 Speaker 2: into your business, which is a win for everyone. And 272 00:14:23,840 --> 00:14:27,080 Speaker 2: cyber criminals, let's be honest, they're quite intelligent. I mean 273 00:14:27,120 --> 00:14:30,080 Speaker 2: I wish that they would use their intelligence for better 274 00:14:30,120 --> 00:14:32,600 Speaker 2: but they don't. But they know this and they attempt 275 00:14:32,680 --> 00:14:36,760 Speaker 2: to impersonate these trusted organizations to scam small businesses. So 276 00:14:37,000 --> 00:14:40,520 Speaker 2: always check who is sending you this notification. Is it 277 00:14:40,560 --> 00:14:43,440 Speaker 2: an email, Is that a trusted email? If it's a 278 00:14:43,480 --> 00:14:46,720 Speaker 2: text message, make sure you're trusting where this is coming 279 00:14:46,760 --> 00:14:50,280 Speaker 2: from before you action anything. In fact, across my entire life, 280 00:14:50,320 --> 00:14:52,640 Speaker 2: I have decided to never click a link in a 281 00:14:52,680 --> 00:14:55,240 Speaker 2: text message ever again, and I think that most businesses 282 00:14:55,280 --> 00:14:57,480 Speaker 2: are on board with this nowadays. I know the banks 283 00:14:57,480 --> 00:15:00,800 Speaker 2: are jumping up and down about how do not click links? 284 00:15:00,840 --> 00:15:03,000 Speaker 2: We would never send you a link, We would never 285 00:15:03,320 --> 00:15:05,560 Speaker 2: do that to you. So I feel like, if you 286 00:15:05,600 --> 00:15:07,520 Speaker 2: want my business, you will not send me a link. 287 00:15:07,560 --> 00:15:09,520 Speaker 2: You'll say, go to my website. I know your website. 288 00:15:09,520 --> 00:15:12,160 Speaker 2: Oh key it in myself. Thank you. The second thing 289 00:15:12,160 --> 00:15:14,800 Speaker 2: we're going to do is use multi factor authentication on 290 00:15:14,840 --> 00:15:17,960 Speaker 2: your devices. So, as I said before, I'm obsessed with this. 291 00:15:18,040 --> 00:15:20,000 Speaker 2: I have it now. It does make me feel a 292 00:15:20,040 --> 00:15:23,560 Speaker 2: lot safer. Multi factor authentication is an added layer of 293 00:15:23,600 --> 00:15:26,440 Speaker 2: security for your accounts that makes it so much harder 294 00:15:26,480 --> 00:15:30,120 Speaker 2: for hackers to break in. Using multi factor authentication means 295 00:15:30,120 --> 00:15:32,240 Speaker 2: that anyone who wants to log into your account is 296 00:15:32,240 --> 00:15:35,400 Speaker 2: going to need to supply additional information in addition to 297 00:15:35,440 --> 00:15:38,880 Speaker 2: your username and password, and some accounts use a unique 298 00:15:38,880 --> 00:15:42,040 Speaker 2: text message. Well others will suggest to use an authenticator app, 299 00:15:42,080 --> 00:15:44,760 Speaker 2: so I use both. But I think it's really important 300 00:15:44,800 --> 00:15:47,880 Speaker 2: that you're implementing these things. I told you that i'd 301 00:15:47,880 --> 00:15:50,640 Speaker 2: tell you how to pimp out your password. So new 302 00:15:50,680 --> 00:15:53,600 Speaker 2: financial year knew me, but also new password babe. The 303 00:15:53,760 --> 00:15:56,200 Speaker 2: new financial year is a great time to wipe the 304 00:15:56,240 --> 00:15:59,160 Speaker 2: slate clean with old passwords and usher in some new, 305 00:15:59,320 --> 00:16:04,040 Speaker 2: stronger ones week. Passwords, especially those used across multiple accounts, 306 00:16:04,240 --> 00:16:07,800 Speaker 2: are one of the biggest risks to cybersecurity for small businesses. 307 00:16:08,280 --> 00:16:11,160 Speaker 2: As I mentioned before, a password manager can help you 308 00:16:11,240 --> 00:16:13,920 Speaker 2: create strong passwords and then save them in a really 309 00:16:13,960 --> 00:16:16,800 Speaker 2: secure place, meaning you don't need to remember them all 310 00:16:16,800 --> 00:16:20,160 Speaker 2: for your accounts. They're in your password manager, which is 311 00:16:20,400 --> 00:16:24,040 Speaker 2: completely protected. And then four, what we're going to do 312 00:16:24,200 --> 00:16:27,600 Speaker 2: is back up our business. You back yourself in business. 313 00:16:27,680 --> 00:16:30,120 Speaker 2: You need to back your actual business when it comes 314 00:16:30,160 --> 00:16:32,680 Speaker 2: to protecting it from a cyber attack. What will you 315 00:16:32,760 --> 00:16:35,320 Speaker 2: do if your small business was the victim of a 316 00:16:35,320 --> 00:16:38,480 Speaker 2: cyber attack and your critical business information couldn't be recovered. 317 00:16:38,800 --> 00:16:41,320 Speaker 2: There's a few things here, right. Let's pretend that someone 318 00:16:41,360 --> 00:16:44,200 Speaker 2: attacks your business. You lose a heap of money, and 319 00:16:44,280 --> 00:16:48,520 Speaker 2: the bank refunds all of your money. Fantastic money win. However, 320 00:16:48,560 --> 00:16:51,360 Speaker 2: what about your reputation. I know that companies who have 321 00:16:51,440 --> 00:16:54,760 Speaker 2: experienced these types of breaches lose a lot of customers. 322 00:16:54,880 --> 00:16:57,320 Speaker 2: And they don't just lose customers because it happened to them. 323 00:16:57,480 --> 00:17:00,640 Speaker 2: They lose customers because the reputation that they were safe 324 00:17:01,000 --> 00:17:04,280 Speaker 2: makes people really, really worried. So it is so much 325 00:17:04,280 --> 00:17:07,840 Speaker 2: more important than just worrying about the financial loss. A 326 00:17:07,880 --> 00:17:10,800 Speaker 2: loss as important as business and customer data could be 327 00:17:10,880 --> 00:17:14,680 Speaker 2: completely devastating for any small business, and a really good 328 00:17:14,680 --> 00:17:17,280 Speaker 2: way to help protect yourself from that loss is to 329 00:17:17,359 --> 00:17:20,439 Speaker 2: make a plan to regularly back up your critical business 330 00:17:20,480 --> 00:17:24,720 Speaker 2: information either through an external storage drive or in the cloud, 331 00:17:25,000 --> 00:17:27,879 Speaker 2: or if you're me, you do both because you have 332 00:17:27,960 --> 00:17:31,000 Speaker 2: anxiety while you make up a backup plan. It's a 333 00:17:31,040 --> 00:17:33,720 Speaker 2: really good time to consider making an emergency plan in 334 00:17:33,760 --> 00:17:37,160 Speaker 2: the event of a cyber attack. A sound emergency plan 335 00:17:37,240 --> 00:17:40,880 Speaker 2: will outline how staff should report a suspected cyber incident, 336 00:17:41,240 --> 00:17:43,680 Speaker 2: who would you contact for help, and how would you 337 00:17:43,720 --> 00:17:47,359 Speaker 2: communicate any incident to customers or stuff, and how would 338 00:17:47,359 --> 00:17:50,359 Speaker 2: you manage if critical systems are then offline for any 339 00:17:50,359 --> 00:17:53,760 Speaker 2: period of time. An emergency plan sounds a bit silly, 340 00:17:53,800 --> 00:17:56,159 Speaker 2: but it can actually help you feel in control and 341 00:17:56,240 --> 00:17:59,440 Speaker 2: recover quickly in the event of a cyber threat or incident. 342 00:17:59,800 --> 00:18:02,480 Speaker 2: The other thing I would say here is how do 343 00:18:02,560 --> 00:18:06,960 Speaker 2: you educate your consumer in advance? So I know, because 344 00:18:07,000 --> 00:18:09,639 Speaker 2: I own a mortgage broken company and we deal with 345 00:18:09,720 --> 00:18:12,440 Speaker 2: money every single day, that at the bottom of our 346 00:18:12,520 --> 00:18:15,960 Speaker 2: emails we are always letting customers know. It's literally in 347 00:18:16,000 --> 00:18:19,120 Speaker 2: our email signature that we will never ask you via 348 00:18:19,240 --> 00:18:22,720 Speaker 2: email to transfer funds. If we ever send you bank 349 00:18:22,800 --> 00:18:26,439 Speaker 2: codes BSB and account numbers to deposit money, it is 350 00:18:26,480 --> 00:18:28,879 Speaker 2: not us because we would never do that. And I 351 00:18:28,920 --> 00:18:32,200 Speaker 2: think that educating your consumer upfront is going to mean 352 00:18:32,200 --> 00:18:35,800 Speaker 2: that you're protecting yourself as well as you can. Now, 353 00:18:35,840 --> 00:18:38,000 Speaker 2: I feel like that was a lot, because it is 354 00:18:38,040 --> 00:18:41,919 Speaker 2: a lot. Cybercrime is sadly on the rise, and I 355 00:18:41,960 --> 00:18:45,040 Speaker 2: think it's so important to keep your small business cyber safe. 356 00:18:45,040 --> 00:18:47,439 Speaker 2: It is something that has slipped to the wayside for 357 00:18:47,560 --> 00:18:50,400 Speaker 2: a long time for me and now is not, thank God, 358 00:18:50,840 --> 00:18:52,959 Speaker 2: But I think it's really important that you take it 359 00:18:53,000 --> 00:18:55,600 Speaker 2: seriously as well. To me, one of the things that 360 00:18:55,680 --> 00:18:58,760 Speaker 2: stopped me was it felt like an overwhelming admin task. 361 00:18:58,920 --> 00:19:01,240 Speaker 2: So if you're going to do it, set some time 362 00:19:01,280 --> 00:19:03,359 Speaker 2: aside and get it done, because it's one of the 363 00:19:03,400 --> 00:19:06,719 Speaker 2: most important things that you do for your business. But friends, 364 00:19:06,800 --> 00:19:08,840 Speaker 2: I know I have talked a lot about this. I'm 365 00:19:08,840 --> 00:19:11,800 Speaker 2: happy to continue the conversation, but unfortunately when it comes 366 00:19:11,800 --> 00:19:14,879 Speaker 2: to podcast time, that is all we have time for today. 367 00:19:14,960 --> 00:19:17,000 Speaker 2: So if you'd like to chat more about this, we 368 00:19:17,040 --> 00:19:19,679 Speaker 2: can jump into the Business Bible Facebook community. You can 369 00:19:19,760 --> 00:19:22,960 Speaker 2: join us on Instagram. Obviously, we're a community that shares 370 00:19:23,000 --> 00:19:25,880 Speaker 2: our business and money tips and tricks every single day 371 00:19:26,119 --> 00:19:28,639 Speaker 2: free of judgment. So so she's on the Money or 372 00:19:28,680 --> 00:19:31,680 Speaker 2: the Business Bible on Facebook and join us if Facebook's 373 00:19:31,720 --> 00:19:34,679 Speaker 2: not your thing though, She's on the Money aus so 374 00:19:34,760 --> 00:19:37,320 Speaker 2: don't forget to join the conversation and I will see 375 00:19:37,320 --> 00:19:46,960 Speaker 2: you next time, hopefully for another solo episode. The advice 376 00:19:47,000 --> 00:19:49,560 Speaker 2: shared on She's on the Money is general in nature 377 00:19:49,600 --> 00:19:53,119 Speaker 2: and does not consider your individual circumstances. She's on the 378 00:19:53,160 --> 00:19:56,719 Speaker 2: Money exists purely for educational purposes and should not be 379 00:19:56,760 --> 00:20:00,200 Speaker 2: relied upon to make an investment or financial decision. If 380 00:20:00,200 --> 00:20:02,520 Speaker 2: you do choose to buy a financial product, read the 381 00:20:02,560 --> 00:20:07,159 Speaker 2: PDS TMD and obtain appropriate financial advice tailored towards your needs. 382 00:20:07,520 --> 00:20:11,480 Speaker 2: Victoria Divine and She's on the Money are authorized representatives 383 00:20:11,520 --> 00:20:14,040 Speaker 2: of Money sherper P t y lt D A b 384 00:20:14,240 --> 00:20:17,280 Speaker 2: N three two one six four nine two seven seven 385 00:20:17,400 --> 00:20:22,000 Speaker 2: zero eight AFS L four five one two eight nine