by Sergio Alvares, VtSBDC Statewide Advisor, Strategic Projects
What is the Limit of Our Ability to Assess Risk?
“Risk is what’s left over after you think you’ve thought of everything.” – Carl Richards
There are infinitely more things we do not know than there are things we know. If all human knowledge is a pie, each person’s knowledge is a very tiny, paper-thin slice of this pie. While this can be a crushing realization, there is great value in understanding our blind spots. This understanding can help you protect your business from a variety of risks. Think about it: it is the car that you do not see coming that creates an accident. Therefore, minimizing business risk is not about being prepared based on what you know – the thin slice of the pie. It is about considering all the things you are not thinking about that will hurt your business – the rest of the pie.
How Can Our Blind Spots Be a Great Asset?
“Hell is truth seen too late.” – Thomas Hobbes
This way, our blind spots can be a great asset if we are willing to explore them. You may ask: “How can I do that? How can I think about things I do not know about?” Curiosity is your friend! Investigate the main business areas – people, processes, and technology – by asking: What are all the ways things can go wrong here? What are all the ways your employees can be scammed? What are all the ways someone can exploit a weakness in some business process, especially financial processes? How many opportunities exist for someone to manipulate your business technology without being noticed? Another option to discover things you might not be considering is to get help from an outside business advisor. An external perspective is always helpful to identify our blind spots. Others can see what we do not!
What Are the Characteristics of 21st Century Fraud and Scams?
“Fool me once, shame on you; fool me twice, shame on me.” – Anthony Weldon
As a business owner, something you may not be thinking about and will hurt your business is scam and fraud prevention. It is the last thing on your mind, right? Fraud and scams are an ever-present and growing risk for every business, especially small businesses. Today, businesses rely on digital and online solutions for everything. Therefore, fraud and scams are everywhere in the digital and online world. Communication tools such as emails, text messages, and voicemails, are some of the entry doors used by scammers. Financial tools such as accounting software and online banking are critical infrastructure fraudsters want to access. Knowing which business areas should be most protected from digital bad actors is the cornerstone of your defense.
How Do Fraudster and Scammers Operate?
“If there was a trick, there must be a trickster.” – Dorothy Richardson
Understanding these bad actors and how they operate is critical to building defense mechanisms. Today’s digital scammers are no different from those of the analog past – all of them are after illegal financial gains. Their advantage in the digital and online age is the ability to safely access businesses from far away via the web. They use a variety of techniques to trick someone inside the business to “open the door” for them. Business owners and employees may inadvertently share sensitive information with them, exposing the business to theft. That is why monitoring communication tools such as emails and text messages is so important. Employees responsible for external communication should be aware of the risks of being lured into a scam. Most importantly, scammers will always prefer a “low-hanging fruit,” i.e., businesses that are the easiest targets.
What Are the Most Used Digital Frauds and Scam Tactics?
“It has been far safer to steal large sums with a pen than small sums with a gun.” – Warren Buffett
The preferred tactics for digital fraud are impersonation and deception. Pretending to be someone else to gain access. Most of us are trusting individuals and this very quality is exactly what scammers exploit. Emails, text messages, and voicemails are sent to individuals in the business pretending to be someone they know. This is what is known as phishing tactics. These messages will urge the person to either click on a link, download a file, or take some other action. If a link is clicked or a file is downloaded, a computer can be locked by a malicious software that asks for a ransom. This is known as ransomware, a software that keeps files hostage and requests payment for their release. Additionally, fraudsters may lure administrators or bookkeepers into taking actions such as changing banking access or sending checks.
Why Should Urgent Requests Always be Scrutinized?
“What is important is seldom urgent, and what is urgent is seldom important.” – Dwight Eisenhower
Often, fraudulent requests via email, text message, and voicemail will have a sense of urgency. This is done on purpose, so victims act hastily without questioning the authenticity of the sender and their request. Remember: someone else’s urgency is often not your urgency. Every urgent request should raise a red flag. Every individual in the business should be trained on how to deal with urgent requests using the SLOW method:
S – slow down, stop, and do not act
L – log the contact by writing down their information and their request
O – one call to a primary contact to discuss and verify it
W – who is the authority to be informed if it is a scam?
These simple steps can prevent major adverse consequences that can cost the livelihood of your business!
What Are the Top Methods to Deter Fraud and Scams?
“Invincibility lies in the defense.” – Sun Tzu
The best way to keep fraudsters and scammers at bay is by not being the “low-hanging fruit.” Discourage them from targeting your business by adding as many obstacles as possible. Strong passwords and two-factor authentication are the most foundational and effective defense methods. Strong passwords should have 12 or more characters, symbols, upper- and lower-case letters, and avoid common words. Any digital solution requiring a password becomes even more protected with two-factor authentication. This is an additional code you receive after using your password to authenticate access to a digital service or tool. This code can be received via phone app, text message, or email. At the very least, use two-factor authentication for financial services, financial software, and online banking. To add more obstacles for digital scammers, keep all software up to date and an antivirus running at all times. Last, but most important, train your employees so they can avoid these risks. We humans are the weakest link!
Are There Additional Methods to Protect a Business?
“The secret of all victory lies in the organization of the nonobvious.” – Marcus Aurelius
Yes! While the methods already mentioned will offer you a good level of protection, you can always do more. Backing up your files can save your business in case a fraudster keeps them hostage and requests a ransom. You can have a physical backup using a file storage device or a virtual backup relying on a cloud storage service. The router that provides your business with internet access is another entry door that should be secured. Change its default password for a strong one and create a separate network if customers need Wi-Fi access. Above all, knowing what to do when something goes terribly wrong can prevent even greater problems. That is why you must have a remediation plan! It can be as simple as having the phone number of an IT professional or IT service that you can reach anytime.
Why Are We Humans the Weakest Link in The Digital and Online World?
“A chain is only as strong as its weakest link.” – Thomas Reid
Machines are rule-based. Humans are emotional. That is what makes us unique, but also vulnerable. A machine algorithm goes: “If safety features are enabled, then perform the task. Else, do not perform the task.” A human algorithm goes: “If I am asked nicely, then perform the task. Else, do not perform the task.” That is why scammers will play on our emotions, such as exploiting compassion or triggering a sense of urgency. A central goal of the machine’s rule-based design is to prevent unintended errors, failures, and accidents. One way to combine the best of both worlds is to create internal protocols for employees and make sure they are followed. The above-mentioned SLOW method is one such protocol that adds rule-based benefits to human operations. At the very least, have internal protocols for anyone to access, change, or perform business financial transactions.
How Can Your Management Attitude Help Prevent Fraud and Scams?
“It takes as much energy to wish as it does to plan.” – Eleanor Roosevelt
Preparedness is an attitude, not a skill. A proactive management attitude is very different from a reactive one. Reactive managers act only when a problem appears and there is no way to ignore it. Proactive managers organize themselves to maximize the chances that the problem never happens. What do you prefer? To deal with problems when it is too late or ensure that you avoid problems that are avoidable? Obviously, it is best to avoid problems by being proactive. But that is not how most of us operate. Ask yourself: “Am I a reactive or proactive manager? Is my management attitude making things easier or harder for me?” Make a conscious choice towards proactive management. The benefits are limitless. Remember, not choosing anything and letting chance manage your business is also a choice!
How to Get Prepared Without Being Overwhelmed?
“A journey of a thousand miles begins with a single step.” – Lao Tzu
By now you must be thinking: “This is too much. I must run a business AND do all that? No way!” I understand your concern, but I would invite you to look at it differently. Imagine you come from another planet, exactly like Earth but with one single difference: you do not need to eat. Once you land on Earth you ask me: “Do you expect me to spend 1.5 hours every day preparing and consuming food?” My answer: “Yes, otherwise your body will stop functioning.” That is why we all do it and do not even question it. Essential routine tasks consume a large portion of our lives, but we do not mind it nor resent the time they consume. If business preparedness becomes part of your business routine, it is no longer a burden. It is simply what you do. Start with small steps to avoid overwhelm and slowly expand your defenses. An army is not built all at once in one day.
How to Know You Succeeded in Preventing Fraud and Scams?
“Success is consistently doing what you said you would do with clarity, focus, ease, and grace.” – Maria Nemeth
Business is an infinite game, and not a finite game. The objective of a finite game is to win. The objective of an infinite game is to stay in the game for as long as possible. Therefore, success is not an end goal, it is the process itself. Success in preventing business fraud and scam is proportional to how well you secure your business future. In other words, success is how prepared your business is to “stay in the game” and thrive for as long as possible. Can you confidently say that your people, processes, and technology are as “bullet-proof” as they can be against fraud? Do you have a clear plan of action if anything goes wrong as a consequence of fraud or scam? If your answer is a loud and clear “yes,” then congratulations! You are successfully prepared! If not, do not be discouraged. Reading this whole article and taking action already puts you ahead in the infinite game of business.
Can You Give Me a Simple Action Plan to Start?
“The best time to start was yesterday. The next best time is now.” – Unknown
Absolutely! Check out our action plan under the link below. It provides you with simple and actionable steps to implement foundational defense against fraud and scams.