Welcome to Let’s Speak, the place we dive into the urgent questions that matter most to your enterprise. Every week, we sort out actual challenges with sensible options you may implement instantly.
SMEs face a novel problem: fraud threats are rising, however enterprise-level safety options typically include enterprise-level worth tags. Not like giant companies, most small companies can’t afford devoted fraud prevention software program costing hundreds monthly. However that doesn’t imply they’re defenseless. So how can SMEs and startups construct sturdy fraud defenses on a funds?
Let’s Speak!
Contribute to Dynamic Business ✍
Aaron Bugal, Subject CISO, APJ at Sophos
“Fraud is a rising menace to SMEs typically taking the type of phishing, bill scams, and enterprise e-mail compromise scams. These assaults sometimes exploit uneducated staff and steal person credentials, quite than hackers using superior hacking strategies. Sophos’ 2025 Threat Report discovered greater than 90 per cent of assaults concerned credential or knowledge theft, which enabled cybercriminals to impersonate staff and interrupt monetary transactions.
“SMEs typically lack the assets for devoted cybersecurity groups, making them extra susceptible to fraud makes an attempt. Hiring consultants or investing in advanced techniques isn’t at all times attainable, however primary safety practices upheld by all staff can nonetheless provide robust safety. Easy steps like deploying multi-factor authentication, proscribing entry to delicate knowledge, retaining software program up to date, and backing up essential information can forestall many fraud makes an attempt. These measures are low value, and don’t require licensed experience, but can nonetheless considerably cut back danger.
“Whereas SMEs face limitations, many now use managed detection and response (MDR) or on-demand incident response for twenty-four/7 monitoring and professional assist throughout breaches. These choices present safety help with out the necessity for an in-house group, serving to SMEs enhance their defenses in a sensible means.”
Daniel Garcia, Vice President and Normal Supervisor APAC at Kaseya
“For a lot of Australian SMEs, the specter of fraud looms giant, but funds constraints typically push superior safety down the precedence checklist. The excellent news is that sturdy fraud prevention doesn’t at all times demand high-cost software program; it’s about automating your important safety duties and bringing all of your safety instruments collectively into one place.
“Safety begins with human vigilance – coaching staff to identify phishing emails and perceive frequent rip-off ways is your first, most cost-effective line of defence. Past this, automating your common safety checks takes away the handbook workload, permitting potential points to be recognized and addressed at a faster price, typically earlier than they trigger bigger issues. This prevents expensive downtime and avoids the necessity to rent an costly, devoted safety group.
“What really makes a distinction for SMEs is consolidating IT and safety efforts into one easy-to-manage system. As an alternative of juggling totally different instruments, which regularly means paying for a number of subscriptions and managing advanced integrations, you get all of your safety warnings in a single place. This helps you retain a detailed eye in your applied sciences and deal with points rapidly, not solely defending in opposition to cyberattacks earlier than they escalate, but in addition drastically reducing down on general safety bills. By bringing collectively important safety checks, SMEs are turning scattered, expensive safety efforts into a robust, all-around protect, permitting their enterprise to face tall in opposition to rising fraud threats with out spending a fortune.”
Kumar Mitra, Government Director, CAP & ANZ, ISG, Lenovo
“Fraud is without doubt one of the most persistent dangers going through small and medium companies right this moment. Past monetary loss, it threatens buyer belief and long-term development – each of that are essential for SMEs working laborious to scale sustainably. Whereas software program performs a task in safety, lasting safety doesn’t rely upon costly instruments. What issues extra is adopting a proactive mindset and making sensible, intentional decisions that go well with your enterprise actuality.
“It begins with figuring out the place you’re susceptible. Even a easy danger evaluation – performed in-house or with primary steering – can spotlight gaps throughout folks, processes, and techniques. This offers SMEs readability on the place to focus restricted time and funding.
“From there, small adjustments can ship huge influence. Common software program updates shut identified vulnerabilities. Robust, distinctive passwords shield entry factors. And adopting Zero Belief rules - the place entry is rarely assumed and permissions are restricted to what’s wanted – provides one other layer of protection.
“However know-how alone isn’t sufficient. Folks stay one of many strongest shields in opposition to fraud. Workers have to know the way scams work and what warning indicators to search for. Sensible coaching, paired with a transparent response plan, helps companies act quick when points come up.
“For SMEs, fraud prevention isn’t about spending extra – it’s about main with consciousness, making a tradition of vigilance, and placing the correct, lifelike safeguards in place to construct belief and resilience.”
Yvonne Sears, Founder / CEO, Elev8 Resilience
“You don’t want costly software program to grasp your personal enterprise. Let’s take cyber fraud, crime utilizing computer systems or the web to steal knowledge, identities, or mental property. For SMEs, the most typical threats are phishing and ransomware. Right here’s how one can construct resilience with out high-cost instruments.
Firstly, know your essential knowledge. What do you depend on to function? Take into account the influence if it was misplaced, tampered with, or uncovered. Again it up usually. Prioritise your most vital information and check your backups. Allow multi-factor authentication (MFA). It’s a easy, highly effective barrier in opposition to unauthorised entry. Overview entry rights. Solely give employees entry to what they want. Take away it when roles change. Map your key belongings. Perceive how your techniques and other people could possibly be exploited. Add approval checks. Particularly for monetary adjustments like new accounts or up to date fee particulars. Educate your group. Workers are your first line of defence, prepare them to identify suspicious emails and hyperlinks.
“Cyber fraud prevention begins with consciousness, not software program. Easy, sensible steps shield your folks and your enterprise.”
Grant Crough, CISO / Founder, LEAP Methods
“Too many companies rush to purchase instruments, considering software program alone will maintain them protected. In fact, fraud prevention begins with folks, not merchandise.
“Most cyber fraud nonetheless begins with a human clicking the fallacious hyperlink. That’s why phishing simulations, schooling throughout employees on-boarding and common employees coaching stay probably the most cost-effective defences obtainable. Schooling breeds consciousness, and consciousness reduces danger.
“It’s additionally vital to query the recommendation you’ve acquired. Many companies are nonetheless counting on legacy options like VPNs for distant entry as a result of they “sound safe,” with out understanding the dangers. The precise safety recommendation ought to think about your enterprise, employees, and setup, quite than a straightforward answer.
“And when you could not want enterprise-grade techniques, primary safety monitoring is now inside value efficient attain. Managed Safety Operations Centres (SOC’s) are more and more accessible to SMEs and may warn you to threats earlier than they develop into breaches.
“None of those require large budgets. They do, nonetheless, require the correct recommendation and a tradition of safety.”
Steven Nicholson, Founder, GearChange Enterprise Advisory
“In 2023-24, the Australian Indicators Directorate reported the typical quantity that small companies misplaced to cyber-related fraud was nearly $50,000, an quantity that may put a gap within the money circulation forecast of most SMEs.
“As an skilled CFO, liable for danger administration, my recommendation would at all times be to rent an professional IT guide and set up best-in-class safety software program. However, there are different stuff you might be doing to guard in opposition to fraud:
- Practice Workers: Educate employees about recognizing and responding to cyber threats, particularly phishing and enterprise e-mail compromise scams. Guarantee change of financial institution particulars for suppliers and employees are confirmed by cellphone earlier than actioning.
- Tighten IT Controls: Implement multi-factor authentication; guarantee software program patches are up to date for identified vulnerabilities; take common backups of knowledge; and restrict entry management to techniques to solely those that will need to have it.
- Segregate Duties: Authorise all funds and payroll because the enterprise proprietor. Don’t delegate it to your bookkeeper or accounts group.
- Examine Insurance coverage Protection: Switch the danger of fraud loss to your insurance coverage firm with cyber insurance coverage and ensure protection for inner fraud danger.
“Don’t wait till you’re the sufferer of fraud to motion these ideas – shield your enterprise right this moment.”
Rolf Howard, Managing Companion, Owen Hodge Legal professionals
“SMEs can considerably bolster their fraud defenses with using know-how – with out it breaking the financial institution.
“Fraud, cybercrime and cash laundering pose a multi-billion greenback menace to Australian companies. With new AML/CTF obligations for ‘gatekeeper professions’ like ours, constructing a robust protection is non-negotiable. Vigilance and robust inner controls are paramount.
“SMEs should implement a number of methods. Firstly, utilizing know-how to deal with your Know Your Buyer (KYC) verification is one of the simplest ways for figuring out purchasers and making certain reputable transactions.
“Secondly, set up sturdy Shopper Due Diligence (CDD) by understanding the true nature and goal of shopper relationships, actively scrutinising uncommon transactions, and being vigilant for ‘purple flags.’
“Thirdly, worker coaching and consciousness are paramount. Educate employees on frequent fraud schemes like phishing and faux invoices, fostering a tradition of vigilance and establishing clear verification procedures for uncommon requests.
“At Owen Hodge Legal professionals, we’ve efficiently built-in My DataBoss, which has confirmed to be a low-cost, high-value software program possibility for our fraud prevention and AML/CTF compliance wants.
“And while you take into account that the prices of non-compliance could possibly be as excessive as $200,000, the funding in know-how is totally value it.”
Rahul Bahl, Principal Marketing consultant, ERA Group
“Fraud might be damaging or worst nonetheless be deadly to small and medium-sized enterprises.
“The excellent news is defending your enterprise doesn’t require expensive software program. Disciplined processes and clear controls can cut back danger and shield money circulation with out blowing your funds.
“Begin by eliminating blind funds—transactions made with out verification. Implement a ‘No Blind Funds’ coverage supported by:
- Documented Authorisation: Each fee have to be backed by matching buy orders, supply receipts, and invoices.
- Twin Approval: Require two-person sign-off above set thresholds.
- Delegation of Authority (DoA): Outline clear spending limits by position and usually replace them.
- Segregation of Duties: Guarantee totally different folks deal with ordering, receiving, and fee.
- No Early Funds: By no means pay earlier than verifying supply and high quality.
- Scheduled Funds: Keep away from pressing, advert hoc requests that bypass checks.
“Questioning Fee Requests
Practice employees to query any fee that’s sudden, pressing, or entails adjustments to financial institution particulars or communication channels. All the time confirm fee adjustments utilizing identified contact strategies—not the small print in an e-mail. A brief delay is best than a expensive mistake.
“Keep away from Storing Card Particulars
By no means retailer debit or bank card data with suppliers. Use safe, one-time fee strategies or digital playing cards when potential to restrict publicity and enhance management.
“Stopping Inside Fraud
Inside threats might be as damaging as exterior ones. Mitigate them with:
- Necessary Depart: Fraud typically surfaces when employees take time without work.
- Shock Audits: Spot-check petty money, invoices, or provider exercise.
- Entry Controls: Restrict system permissions and monitor audit trails.
- Whistleblower Channels: Supply a protected technique to report suspicious behaviour.
“Fraud prevention isn’t nearly implementing know-how—it’s about construction, accountability, and constructing a tradition of diligence. With easy, well-enforced processes, SMEs can keep protected previous to deploying costly instruments.”
Adam Henderson, Companion, Company and Industrial, Hicksons | Hunt & Hunt
“There are a selection of measures that SMEs can set up for complete fraud prevention with out investing in costly software program options. A enterprise might be impacted by fraud by way of the conduct of exterior unhealthy actors and even by way of inner employees.
“Many companies don’t think about that fraud can happen internally inside their enterprise. Implementing sturdy inner controls is essential to decreasing inner dangers and supporting audits and investigations. For instance, to scale back the danger of monetary associated fraud, companies ought to require twin authorisations for all important transactions and conduct financial institution reconciliations at the least as soon as per week. Separating monetary duties amongst employees members, significantly for fee processing and reconciliation, can be an efficient method in decreasing the danger of monetary fraud.
“With extra SMEs utilizing digital applied sciences than ever earlier than, digital safety measures resembling implementing multi-factor authentication, sustaining robust password insurance policies and safe wi-fi community infrastructure needs to be utilised to forestall exterior fraud from occurring. Common employees coaching on frequent fraud schemes can also be vital to forestall exterior unhealthy actors from profiting from well-meaning staff.
“If you’re involved concerning the danger of fraud in your enterprise, having thorough documentation is important that can assist you establish potential points and successfully navigate any challenges that come up. This consists of sustaining detailed transaction information, having easy approval processes, and conducting common inner audits. A transparent doc retention coverage will assist monitor suspicious patterns and assist potential investigations.”
Michael Russell, Managing Director at Finwave Finance
“You don’t want enterprise grade techniques to guard your enterprise from fraud, simply sensible processes and vigilance.
“At Finwave Finance, we’ve seen firsthand how small companies are sometimes focused as a result of they’re seen as “low hanging fruit” and missing inner controls, separation of duties, or constant oversight. However easy, low value steps can dramatically cut back publicity.
“Begin with the fundamentals: allow two-factor authentication on all accounts, maintain admin passwords separate from basic customers, and reconcile financial institution transactions weekly not month-to-month. These habits catch anomalies early.
“One of the vital efficient ways is solely segregation of duties. For instance, by no means let the identical particular person elevate, approve, and pay an bill. Even in small groups, this may be achieved with sensible delegation or utilizing primary instruments like Xero’s person permissions.
“Lastly, construct a tradition of consciousness. Most fraud isn’t technical, it’s opportunistic. Coaching your group to recognise bill scams, phishing emails and inner purple flags is value greater than any software program subscription.
“Defending your enterprise begins with construction, not spend.”
Discover Let’s Talk Business Topics
Preserve updated with our tales on LinkedIn, Twitter, Facebook and Instagram.
