How to Protect Your Small Business from Sneaky, Sophisticated Cyber ScamsAuthored by: Jim Stewart, Founder DocuSend, powered by MTI.
Posted on August 01, 2018
No one likes getting scammed. But these days, it’s the reality of having a business: even if your online presence is minimal, you're still a target for hackers.
A 2017 report from the FBI found that U.S. businesses lost $500 million in the previous year from phishing scams, and the amount they were losing each year was growing.
In the earlier days of the internet, schemes to steal your personal information or money were easy to identify; you might have received a comical email from a long-lost relative in a country you’d never heard of, along with a ridiculous request to wire money overseas.
Many hackers today are significantly more sophisticated in their approach. You, or an employee in your company, might get a very legitimate looking email from another company, or even talk to a so-called representative over the phone, only to find out too late that you have been duped into sending payment or revealing sensitive information.
That can be alarming to hear, but there’s no need to panic about cyber scams. Armed with knowledge and the proper precautions, you can effectively protect your business from even the most sophisticated hackers.
Beware: Common Cyber Scams That Dupe Small Businesses
A good defense starts with an awareness of your opponent’s best moves and strategies. By educating yourself and your organization’s employees about these common hacker schemes, you’ll be well on your way to security and peace of mind.
This is an older hacking tactic that dates back to the 90s. A hacker “lures” someone in through a website, app or email to click a link that will in turn compromise their personal or company data.
Some phishing scams look “phishy” right off the bat—like that email from “PayPal” that is clearly not legitimate because the authentic PayPal would not send communications with multiple spelling and grammatical errors. Usually these go straight to your spam folder anyway.
But many hackers’ phishing techniques have become very clever. You might receive an email from a company you trust asking you to provide sensitive data, only to later realize that the message was from a skilled copycat. For example, your accounting software could be vulnerable (see more: Cyber scams target small businesses through their accounting software).
“Spear phishing” is even trickier and more invasive. Unlike phishing that targets mass audiences, this type of attack targets specific companies and individuals. Imagine someone posing as the CEO of your company and then requesting your accountant to pay a phony bill. While unnerving, this is exactly the type of interaction a sophisticated hacker will attempt to use in order to steal from you.
2. Fake Invoices and Services
There are several ways that cyber scammers can trick you into paying for something you didn’t buy.
One is simply a fake invoice. Always check to make sure that your invoices are, in fact, legitimate. Some hackers may pose as a company you work with but change the banking information on the invoice. Others might claim bogus charges—domain name renewals are common.
Some scammers may personally reach out to you, offering to improve your website’s SEO or something similar. Even if they do a little bit of work, they can grossly overcharge for their service and then vanish, or threaten to harm your website if you stop payment.
3. Stolen Credentials
With large-scale data breaches making the news, many people—individuals and businesses—have had their login credentials compromised. Hackers will steal sensitive information from one website and use it to log in on another site.
This can hit small businesses in two ways. First, if a hacker steals login credentials from someone in your company and uses it to purchase or redeem products that can be resold, then you are at risk for a loss. Second, if you have a website that stores any login information and you get hacked, you may find yourself doing damage control for your website users.
Most likely you’ll be using a third-party application or service to handle sensitive data, so be diligent about choosing services that are reliably secure. At DocuSend, we use two respected security companies to regularly run comprehensive security tests on our system.
Small Business Strategies to Avoid Cyber Scams
If you’re running a small business, it’s your responsibility to ensure that all of your transactions, whether with customers or vendors, are secure. The FTC has several tips to protect your business from scams.
1. Employee Awareness
All employees who handle sensitive information should be trained about cyber scams. All it takes is one errant click to put your business at risk.
Employees should not send passwords or other sensitive information by email. And if they see anything suspicious, they should talk to other employees within the organization, as hackers may send similar emails to different people.
You and your employees need to know that if a provider can tell you your password, they are storing it incorrectly. They should only be able to send you a newly generated password, not your existing one.
2. Payment Procedures
Your business should have a verification procedure for every payment that is processed. Sometimes the only thing a scammer will change on an invoice is the banking number, while everything else looks legitimate. Go over every invoice, even from businesses you trust, to make sure that it is accurate.
Minimize the number of people who are authorized to make payments, especially for major expenses. Make sure they go through the same verification procedure.
Within your payment verification procedure, make sure that you or your employees are asking how the payments are being made. Payment processes like wire transfers and gift cards are impossible to trace and are common scammer tactics.
3. Due Diligence and Technical Proficiency
“I'm just not tech-savvy” isn’t an excuse anymore if you run a business, since so many communications and transactions are done online. It’s worth your time and energy to invest in technical training so that you can understand how business is being done.
That doesn’t mean you have to code your own website, but some basic precautions you should take with your business include:
- Changing your passwords regularly (and encouraging your employees to do so as well).
- Making sure that all sensitive files, passwords and financial information are secure.
- Verifying that you have a secure connection and a legitimate recipient any time you share sensitive information, such as login credentials. Websites that receive payment should use encryption.
- Only doing sensitive online transactions over a secure wireless network (not Wi-Fi hotspots).
- Keeping your software up to date, including on your company’s website.
- Only working with trusted, verified vendors. Do not trust unsolicited emails!
The FTC has other Small Business Computer Security Basics if you want more practical suggestions to maximize security.
Since there is so much scamming online, it’s not a surprise that many individuals and businesses still prefer to receive sensitive communication like invoicing through the mail. And unlike email, the USPS is protected by over 200 federal laws.
With DocuSend, all it takes is a few clicks, and you’re securely sending sensitive information like billing and customer information over the mail. For a few cents, you’ll have the peace of mind that your business transactions are hacker-free. Try it free today!