Table of Contents
Protect your small business from scams! Small businesses are a favorite target of fraudsters and scammers and their activity is on the rise. A common question that business owners often ask is “how can I avoid being a victim of a scam?” Learn here how you can stay safe and secure.
Why do scammers target small businesses?
- Small businesses are often less prepared to spot a scam and protect themselves compared to larger companies
- 99% of U.S. businesses are small. Scammers have a greater chance of success by going after many victims
What are scammer’s main tactics?
- Scammers pose as people you know and trust. They present themselves as credible by claiming to be associated with a business or governmental organization that you are familiar with.
- Scammers make things seem urgent. They pressure you into acting before you have time to think about it.
- Scammers incite fear and intimidation. To compel you to give money before you have a chance to verify their requests, they threaten that something horrible is about to happen.
- Scammers request anonymous payment methods. They frequently request gift cards, wire transfer payments, and other payment methods that are nearly impossible to reverse or track.
How do scammers operate today?
- Same as old-school scam and fraud, but today it happens online because businesses use digital and online solutions for everything.
- Scammers will use various digital communication tools to 1) gain access to the businesses remotely and 2) try to trick people into giving up sensitive information or money.
- Some of these communication tools are: emails, social media, fake website, voicemail, text message, telephone calls.
How can I protect my business?
- An educated staff is your strongest protection. Your staff should be informed about scams and given instructions on how to deal with them.
- If someone notices a scam, encourage them to discuss it with their coworkers. A warning from one employee about a fraud can help stop others from being tricked because scammers frequently target numerous people in a company.
- Employees should be instructed not to email passwords or other sensitive information, even if the email appears to be from their boss. Then, inform the bosses to stick with this plan and never email the staff asking for sensitive information.
Verify Payments and Invoices
- Examine each invoice carefully. Never pay a bill until you are certain that the products or services on it were indeed ordered and delivered. Tell your team to do the same.
- Make sure the processes for approving invoices or expenses are clear. Limit the number of employees with the authority to place orders and pay bills in order to minimize the risk of an expensive error.
- Examine your payment processes to ensure that significant spending cannot be started and completed by an unforeseen call, email, or invoice.
- Pay close attention to how someone requests a payment. Tell your team to do the same. You can bet it is a scam if you are asked to pay using a wire transfer, reloadable card, or gift card.
Know who you are doing business with
- Do an internet search on the firm's name and add the words "scam" or "complaint" before doing business with a new company. Look up what people are saying about that business.
- Ask for recommendations from other business owners in your industry when choosing goods and services for your company. Positive recommendations from respectable sources are more trustworthy than any sales pitch.
- Avoid paying for "free" information. VtSBDC provides you with a host of business development support and advice at no cost to your business.
- Do not trust the caller ID. Scammers frequently fake caller ID information so you will be more likely to trust them when they identify themselves as a reputable company or a government organization.
- Keep in mind that scammers can easily create email addresses and websites that appear trustworthy. Before you click on them, pause and consider whether it might be a fraud. Someone you trust can have their social media account hacked by scammers, who can then send you messages that look to be from them. Never open attachments nor download files from unexpected emails, they can include viruses that might damage your machine.
- Protect the documents, passwords, and financial data in your company.
Cybersecurity is nothing more than simple steps to protect your business in the digital and online world. There are 3 main business areas that are vital and must be protected.
- Create strong passwords for all software or systems that require a password
- They should have 12 or more characters, symbols, numbers, upper/lower-case letters, and avoid common words
- Use memorable sentences swapping letters for numbers and symbols as shown in the example above
- Alternatively, use a password manager (e.g. LastPass) which creates and stores strong passwords for you
- Enable multi-factor authentication (MFA) for all digital services used in your business, if available
- At the very least, use multi-factor authentication for all your digital financial services such as online banking
- Enable text message alerts from your bank and other financial services providers for suspicious transactions
Secure the router
- Secure the router that provides your business with internet access
- Change its default password for a strong one
- Create a separate network if customers need Wi-Fi access (guest network)
- Restrict access to certain software and systems only to those who need to use it
- E.g. Online banking: only those who make payments or use financial info should have access
- Set different levels of access: full access, restricted actions access, read-only access, etc.
- Ensure that all software and systems are always up to date. When outdated, they are vulnerable to hackers
- Enable automatic software updates on all your devices, including computers, laptops, tablets, smartphones, etc.
- Use an antivirus on all your devices no matter what type of device it is (yes, Mac computers too!)
- Ensure the antivirus is always enabled and up to date, including built-in antiviruses (e.g. Windows Defender)
- You can have a physical backup using a file storage device
- Alternatively, a virtual backup relying on a cloud storage service can be used
People and Business Protection
- Create rules for financial transactions: e.g. “At least two people must approve payments above XYZ dollars.”
- Create rules for access changes: e.g. “Two people must approve changes of access credentials for online banking.”
- Train employees to handle urgent or suspicious requests using the SLOW method:
- S – slow down, stop, and do not act!
- L – log the contact by writing down their information and their request
- O – one call to a primary contact to discuss and verify it
- W – who is the authority to be informed if it is a scam?
- Have a list of emergency contacts in an accessible place in case your business falls victim to fraud or scam
- The list can include: your IT provider, lawyer, 24-hour bank or other financial service hotline, among others
See below for actionable steps you can implement to protect your business.
Want to learn more?
Download One-pager: Fraud & Scam Prevention – Action Plan
Download webinar slides: Fraud and Scams – Are You Prepared to Protect Your Business?