Australian Small Business and Family Enterprise Ombudsman Bruce Billson interview with Kerry Peck.
Radio 2BS Bathurst
27 November 2023
Businesses lost $13.7 million to scams last year. Now, this is an absolutely horrific figure. A $100 million upgrade across the banking sector has just been introduced so we thought we'd catch up with the Small Business Ombudsman, Bruce Billson. Good morning, sir.
Great to be with you, sir, and with your listeners and congrats on 60 years of that silky, smooth, melodious tone you bring to airwaves.
Yeah, I"ve been around ... I'm doing okay. This is a very serious question at this particular stage and I know they did a fairly big exposé on it last night on television, and we've been talking about it for quite some time. We really do, in this day and age, have to be vitally aware of scams, don't we?
Well, absolutely, and particularly for small and family businesses. That’s what gets me out of bed every day. But for all of your listeners to be alert to the behaviour of these nefarious cats that try to mimic your log in details, even impersonate you, to gain access to services and support.
I mean the costs are about $46,000 per incident for a small business. So that's a big number in its own right. But part of the bigger concern is for too many small businesses that a cyber incident, a scam that they're involved with, can be a business ending event because you might lose control over your business systems that are vital for you to trade or, and this is what we're seeing, you lose the confidence of your customers. They say, I trusted you with this information so that you can deduct payments for my monthly gym membership, it might be a hairdresser, a beautician that has a routine appointment with you, and you start losing the confidence of those people if you start losing control over your data and the scammers get to mess with your information.
We all like to give the banks a bit of a bash every now and then, obviously, that's sort of part of the Australian sport, I think to a certain extent. But you know, the banks can only do so much. I mean, there's a lot of responsibility that should be on the small business itself.
It's a matter of people doing what each is able to do. I was very supportive of the banks’ announcement late last week where they said they'd use their technologies to compare the name of the bank account with the BSB and account details and if there's any irregularities then hold up the payment. That's a good measure. That's the measure that's been operating in the UK for some time and it's pleasing to see that that's happening here.
Now, why is that important? Let's say we had a builder in our community in Bathurst building a home for us. We knew we were up for a progress payment. So we're expecting an invoice for $85,000 or something like that. And a scammer got into the builder's technology and just sat there quietly, silently. But when that builder produced the invoice for us, it looked all legit. We were expecting it. It was for the right amount. But one of the scams that we've seen a lot of harm caused by, is this invoice substitution scam where they quietly go in and actually change the banking details on that invoice. So it looks very legit, but it's actually sending that money offshore, usually gets turned into crypto currency and is untraceable very quickly.
Now what the banks have said late last week is a couple of things will happen. One, where there's this irregularity between the account name and the banking account details, they'll stop the payment. Where there's a large payment that might not be your normal pattern of expenditure, they might query it with you or even slow it down. And in some cases they'll work together to delay the transfer of some money between banks so that if it is a scam, there's some chance of cutting it off. So that's what the banks are doing and that's great.
The telcos are doing good stuff to the extent that they can as well. It's called clean pipes and they cut off a lot of nefarious sort of traffic over the Internet and the like, just as part of their service. So that's good.
But for the individual and the individual business owner, there are things within their gifts that they should do. They should take steps to protect their data. They should only hold the information that they need. They should use that multi-factor identification to verify what's going on and also keep their software up to date, because often those software updates have patches or changes to them to guard against the cyber criminals.
I suppose I put it this way, we wouldn't leave our shop open in the main street of Bathurst with the door wide open and the lights on in the middle of the night and expect everything to be okay. It’s the same sort of logic that there are things that can be done in the digital world like that, and that's what I'm urging small and family businesses to do while those other parties do the things they do.
And the other thing, of course, is these guys have no conscience whatsoever.
It's actually quite a sophisticated business model. We've heard stories about these being structured like a corporation. They even have an HR Department. They have got people that are specialists in understanding human psychology - what sort of prompt or what sort of dodgy text message will most likely produce the action that they want. They know what time of year it is, so they'll send out little reminders through SMS masquerading as the Tax Office, and it's not them.
And that’s why it's also important in an announcement last week that the government made for their cyber security strategy that for small businesses you can jump on the Australian Cyber Security Center and get a bit of a health check just on where you're at with your cyber protection and then some steps to improve it. So jump on www.cyber.gov.au and you'll get onto those resources.
And then secondly, in the event that you are compromised, it's not up yet but it will be soon I hope, a new service the Government's announced that will see a skilled person get alongside the small business to help them navigate the circumstances they're confronted with because they've been compromised.
They’re two good initiatives sitting alongside the stuff the banks announced and hopefully an increase in awareness amongst people about what individuals and actual small businesses can do to help better protect themselves.
Thank you for your time this morning, sir. I really do appreciate it. There we go. Ombudsman for Small Business, Bruce Billson.