-
Estimated reading time
6 minKey points
- When you start and run a business, you invest precious time, energy and money into ensuring its success. Losing all of that to a cyber threat can be truly devastating. That’s why strengthening your cyber security is so vital for longevity.
- Using strong passwords or passphrases, logging out of your online banking when you’re done and limiting access to your bank accounts are just some steps to increase the security of your business bank account.
- Malware, phishing, insider threats, and business email compromise are common methods cybercriminals might use to access your business bank account and steal your hard-earned money.
Online business banking is the norm for many business owners. It’s simple and convenient to use, and if you’ve got your bank’s app, you can check your business accounts from the comfort of your smart device.
And while online banking should be safe, protecting your business bank account from cyber criminals comes down to how you (and employees with access to the account) act and behave. Your business bank account is one of the most valuable accounts a cybercriminal can access. Once they can get into your business bank account, they can quickly steal your hard-earned revenue.
That’s why we’re sharing some tips that can help you protect your business bank account from cybercriminals.
Why is safe online business banking important?
Having your online business banking compromised can have many consequences. It can disrupt your daily operations, impact your revenue, and cause additional business expenses. On top of that, businesses that experience cybercrime often have to spend time and resources repairing and improving their systems, including changing their business banking and contact information.1
If your business bank account has been compromised, it’s easy for a cybercriminal to transfer your money into their own account and walk away unscathed. The average cost of cybercrime for small businesses is $46,000, so it’s essential to do your online business banking safely and smartly to help ensure your money is right where it belongs – with your business.2
Common types of online banking threats
Malware
Malware (short for malicious software) is software designed by cybercriminals to corrupt your devices and files, steal information, spy on you, or even hold your files hostage in exchange for money. Cybercriminals might send an email with a file attached that will infect your device when downloaded. Or it might corrupt your device through an infected network. Once malware is on your work device, it can steal your banking credentials and relay that information back to cybercriminals, who can use it to make unauthorised money transfers.
For example, you might receive an unexpected email with an attachment. If you download the attachment, malware might spread onto your laptop and spy on you while you do your online banking business. The cybercriminal could track your keyboard movements when you type in your login credentials (such as username and password), which they can then use to log into your business bank account and steal your money.
Phishing
Phishing is when a cybercriminal attempts to trick you into giving out personal or business information, such as bank account numbers and passwords. A cybercriminal might send you a message that’s designed to look like it’s genuinely from the person or business they’re impersonating. When they contact you, the scammer will often add a sense of urgency to their request to encourage you to act without thinking.
For instance, you might receive a text message from a cybercriminal pretending to be your bank. The message says there has been unusual activity in your business bank account, and you must click the link now to verify your banking credentials or be locked out. If you click on the link, you’re taken to a fake website that looks legitimate. Thinking it’s real, you might enter your business banking details, only for the scammer to steal that information and, later, your money.
Business email compromise
Business email compromise (BEC) is when a criminal lurks in your business email server. They might access your email server by tricking someone into clicking a phishing link or by spreading malware across networks. Once the cybercriminal is on the server, they might:
- Intercept an invoice and modify the payment details so that you (or the payee) pay the cybercriminal instead.
- Impersonate someone within the organisation and manipulate you into doing something for their benefit, such as sharing banking details or sending money.
- Click ‘forget password’ on a critical account and reset the password so they’re the only ones who can log into the account.
Insider threats
Insider threats are when someone who works for or with you conducts cybercrime. They might tamper with your payroll system, install malware to get your banking details, or steal your customer data and sell it on the dark web.
For example, a disgruntled employee might infect your network with malware to steal the business’ banking details. Once they have the information, they might change the login details so no one else can log into the bank account. From there, they might apply for loans and credit cards under the business name. Or they might use the business bank account as a part of a money mule scam, where a cybercriminal moves money linked to criminal activity through a legitimate bank account.
11 tips for safer online business banking
- Use strong passwords, passphrases, and PINs for your business banking account. Don’t share these passwords with anyone who doesn’t need access to the account and ensure your business account password is different from the other passwords you use.
- Limit access to your business bank account to a select few. Take the time to ask yourself who needs access to your business’ bank account. For instance, your accountant or bookkeeper might need to log into your business bank account for financial reports, but the marketing manager certainly doesn’t.
- Turn on multifactor authentication (MFA) to verify the identity of employees logging into the bank account. For larger transactions, it’s also worth considering a two-step approval process, where a second person has to approve transactions over a certain amount.
- Don’t use public Wi-Fi for business banking. Cybercriminals can infect public networks with malware, which is malicious software that infects your device or network. This software then has the potential to steal your online banking information, which the criminal can then use to take your money.
- Log out of your business banking account after every session. If someone has unauthorised access to your device and you’re still logged into your business banking, they can quickly drain your funds.
- Keep your software updated to ensure your devices have the latest security. Cybercriminals will try to exploit weaknesses in your devices, but having the latest software updates can help keep them out. You can also turn on automatic updates (in your system settings) so your devices have the latest security software when available.
- Don’t click on any links in messages or emails, especially if you receive them unexpectedly. It’s most likely part of a scam to access your business’ vital information, including your business banking details. Pause and think before doing anything.
- Be aware of the different types of scams and stay up to date on the latest scam alerts. This can help you and your employees understand the signs of scams and be on the lookout for any suspicious behaviour.
- Educate your employees on cyber safety. Protecting your business from cyber threats is everyone’s job – not just yours. If everyone knows how to try to stay safe online when going about their day, it can go a long way toward ensuring your business is protected.
- Monitor your accounts and trust your instincts. Trust your intuition if you notice anything unusual in your business banking statements and have a bad feeling about it. Chances are, you’re right on the money, and it could be a sign that your business banking has been compromised.
- Consider removing account details from your invoices and offer PayID® or BPAY instead. These options allow the payer to see your business’ name and payment details before finalising payment.
How does ANZ work to protect your business online?
- ANZ Falcon® anti-fraud technology operates 24/7 to try to detect and prevent fraudulent transactions on your business credit card.
- Consider using MFA to verify transactions with a one-time passcode, voice ID, or ANZ Shield.
- The ANZ Fraud Money Back Guarantee means we may reimburse you for any eligible fraudulent transactions on your ANZ card.
- You can control employee access to your ANZ Internet Banking for Business account, which is an accounting and business management platform designed to streamline your business processes.
- Upload documents directly (and safely) to your banker using the ANZ Document Exchange.
- Customer support is available 24/7, so you can contact us whenever something doesn’t feel right.
What can you do if you’ve been scammed?
- Contact your bank immediately if you’ve shared financial information or transferred money. If you’re an ANZ business customer, contact us immediately.
- If you have shared business credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.
Who can you contact if you’ve been scammed?
- Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
- Help others by reporting to Scamwatch or to the Australian Signals Directorate’s Australian Cyber Security Centre’s ReportCyber.
- You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.
- Contact your bank immediately if you share personal or financial information.
- If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us.
- When you start and run a business, you invest precious time, energy and money into ensuring its success. Losing all of that to a cyber threat can be truly devastating. That’s why strengthening your cyber security is so vital for longevity.
Buying your next home?
See our home loan tools, articles and resources to help you explore your home loan options. We'll help you get to a good place.