It may seem logical to think that data thieves would generally target larger companies, and the smaller ones such as a small business would be overlooked. Why, after all, would someone bother hacking a small business for a few thousand pieces of information when they could hack a big one and get tens of millions? Sadly, there is a powerful incentive for such criminals to target smaller businesses: They tend to be woefully defended against cyber security threats, and even if the profit is not as great, the relative ease of it still makes small businesses a very attractive target.
The problem for small and medium businesses is they don't have the resources of the multinationals. Many will just hire a consultant when they finally feel it is necessary. This beleaguered IT personnel rarely have access to the resources needed to ensure proper security, and in between all the other IT duties they undertake, are required to implement ad hoc solutions that do not always stand up to assault. While investing in a security can be expensive at times, we at Wide Merchant Group, cannot stress how important to make such an investment. We have been helping small to medium sized business owners for over a decade and understand the importance of making sure that our customer’s information is safeguarded.
All combined it's easy to see how a small business can look like an appealing target to a cyber-criminal, and an IT consultant or employee faces a stern challenge in protecting a small business. With the right approach it is possible to drastically reduce a company's vulnerability and, although perfect security is impossible, you can still make it difficult enough to attack that most people simply move on to an easier target.
12 Common Online Scams and How to Avoid Them
Whether it's banking, shopping or simply keeping in touch with friends and family, the Internet makes a lot of things easier. However, just as the Web makes life easier for people, it also presents a world of opportunity to con artists seeking to exploit the numerous potential security flaws of the virtual world. As such, online scams are ubiquitous and they come in many different forms, sometimes leading to devastating consequences. They are constantly evolving as scammers find new ways to exploit new software, operating systems and online communication methods. Unfortunately, you can only rely on your security software so much, since there is no substitute for common sense and getting into a few good habits to minimize the risk of becoming a victim. Following are the most common online scams to watch out for:
1. Phishing Scams
The most common online scam of all, phishing scams use social engineering to manipulate people into unwittingly giving away their personal or financial information to the scammer. Phishing scams most often come in the form of an email that appears to be from a legitimate business, such as an online bank or e-commerce store. Other phishing scams may take the form of entire websites, particularly when someone enters a commonly misspelled version of the Web address they're trying to reach. Most phishing scams are quite easy to distinguish since they often appear to come from companies you don't have any dealings with anyway. However, there are plenty of exceptions. In reality, no legitimate business will EVER ask for password or payment information by email, and any such attempt is undoubtedly a scam.
2. Advance Fee Fraud
Commonly known as the Nigerian 419 scam, advanced fee fraud is one of the older types of scam, and it actually predates the Internet when people would receive fraudulent faxes and mail in the post. Although extremely common and potentially financially devastating for victims, these scams are almost invariably blatantly obvious to the vast majority of people. An advanced fee fraud scam typically involves a claim that millions of dollars are being held abroad and the individual wants to move it out of the country. However, they'll need to you to pay the 'transfer fees' in advance before you can receive a 'portion' of the money. These scams are often targeted to businesses, particularly those that offer accommodation. In these cases, they usually involve huge reservations for dozens of people who don't exist.
3. Lottery Scams
The international lottery winner scam is another of the most common attempts at online fraud, although the vast majority of these emails end up straight in the spam folder never to see the light of day. Lottery scams are effectively a version of the Nigerian 419 scam in that they promise lots of money, but not without extorting you out of a large sum beforehand. Of course, the so-called winnings are completely fictitious, which shouldn't come as any surprise considering you wouldn't have entered the non-existent lottery in the first place or ever even heard of it for that matter. In order to enjoy your non-existent 'winnings', the scammer will ask you to pay a 'processing fee' potentially allowing them to gain complete access to your financial information at the same time.
4. Scareware
Scareware is one of the most common forms of malicious software and, like many online scams, it also uses social engineering tactics to dupe the user into shelling out their money. Scareware scams come in many different forms and range in severity from mild to severe. In fact, even some supposedly legitimate software can arguably be described as scareware, particularly if it provides fake or exaggerated claims about malware infections on your computer. Again, however, most of it is pretty obvious, and you'll most often come across scareware when downloading torrents or visiting adult websites. Scareware might appear to 'scan' your computer before telling you that your computer needs 'cleaning'. However, before you can 'clean' your computer of non-existent infections, you'll need to buy the full version.
5. Greeting Card Scams
Online scammers are increasingly likely to use greeting card scams to manipulate victims into unwittingly downloading malware onto their computers. As the name suggests, these scams exploit the recent growth of online greeting cards. Again, they often make use of social engineering tactics by appearing to be from a friend or family member. Nonetheless, most of these scams exhibit some tell-tale signs such as a lack of your name in the address and a lack of the sender's name in the email body. Additionally, fake greeting cards often end up in your inbox (or, more likely, spam folder) when it's not a birthday or other special occasion anyway. Usually, in order to open the 'greeting card', you'll first need to download a special viewer application which will in fact by a Trojan, virus or other malicious software.
6. Online Theft
The rise of online banking has made it possible to sell products around the world with little to no hassle. However, it's also given birth to a whole new set of fraud risks that you should be wary of. You should regularly double check with your accountant to make sure that all online payments are going where they need to go. You don't want to wake up and find out that you've been paying a thief for months while your manufacturers are wondering if you're ever going to settle the bill.
7. Skimming Off the Top
Skimming is the act of stealing money from your company before it's written down or recorded. Crooked cashiers are most often to blame, as they're the ones who handle transactions and recording. All they need to do is to sell a product and not give a receipt. No receipt means no records of a transaction ever taking place, so you might not even know that money's missing until it's too late.
8. Invoice Fraud
A lot of your company will and should be automated. Automation not only saves on costs, but it makes the process of running a small business a lot easier. Unfortunately, this also makes you vulnerable to invoice fraud, a type of scam that involves been charged for services or items that were never purchased. This can quickly get out of hand, so at the start, you should require your signature on every transaction to make sure that no one dips into your coffers.
9. Compensation Fraud
The sad fact is that 1 out of every 4 businesses will suffer some form of payroll fraud, wherein someone gets paid for work that didn't happen. Small businesses, in particular, are vulnerable to this scam. If your team is small enough and you work at an office, you can keep this from happening with a little attention. Should your team be spread around the globe, utilizing workspace monitoring programs can make sure you don't get billed for freelancers who do nothing but goof off.
10. Reimbursements
Occasionally you will have to pay for an employee's expenditures, such as when you send them on a business trip. This is fine. What is not fine is when you end up reimbursing expenditures that have nothing to do with the business. Keep employees from gaming the system by requiring explanations for each expense, as well as requiring receipts. You should also require them to check with you before buying anything on the company's dime.
11. Material Theft
Fraud doesn't always come in the form of cash theft. Some people are more prone to pulling out the five-finger-discount and elect to simply rob the small business of products or materials. Preventing or spotting this is a matter of proper inventory management. At the end of each day, inventory should be checked to make sure that everything is in order. You should also have a list of people who have access to said products and materials to narrow down the list of suspects, should the worst occur.
12. Larceny
Larceny is like skimming, but with different timing. Here, the transaction is recorded, but the money never makes it to the company account, such as when someone cashes a check for the company and skips away with it. Another example is when someone nips a bit from petty cash. Handling this is a matter of mindfulness and vigilance. For example, checks to your company should be marked for deposit and should be in the small business's name.
Network Security For Small Businesses
“One of the key features of a business' security system is the network security. The difficulty lies in the fact that the same connections that make the network possible are what makes it vulnerable.”
Small business network security without compromising the efficiency of that network is the challenge, but with some care, it can be done even when your client's means are modest. There are some elements of this which are true across the whole field of IT security, but some are specific to network security issues:
• You must ensure secure password practices for all staff. The difficulty lies, of course, in actually convincing them to follow instructions on how to create secure passwords - you may need to talk to the business owner and explain why it is vital, and secure their help in enforcing these standards.
• You can greatly enhance this with 'two-factor authentication'.
• A firewall is essential as well, of course, as it helps to ensure all information and users are kept where they are supposed to be. Remember that security within a network as important as that between the network and the rest of the Internet - users should have access that is limited to their needs and responsibilities.
• Ideally, a small business network security setup will not allow users to perform general Internet browsing tasks on business computers. It is better to have those done through a different device or a different network entirely, to help guard against the possibility of downloading malicious files. This may not be feasible for all businesses but push for it where possible.
• Explain to the staff how to spot phishing and similar scams. They are a big threat that can be easily overlooked, but there's nothing a hacker would love more than getting the information handed over so easily.
This list doesn't contain anything particularly onerous or expensive, so the head of the business should like measures like these. The biggest challenge is often ensuring employees follow best security practices, for instance in having secure passwords and changing those passwords on a regular basis, and is not using network computers for personal matters. Emphasize the importance of these measures at all stages to everyone involved, especially the bosses or managers.
Remember Convenience
Businesses rarely want to spend time thinking about security; they want to leave it to someone else and get on with their own matters. It is therefore important that you keep in mind your clients will generally be disinterested in the specifics and that they want security measures that are unobtrusive both to employees and to customers.
Small business network security is important and often overlooked, but with the right measures, it can be done to a satisfying degree. No security system can ever be perfect, but a robust system will deter most hackers from even trying, as they will move on to search for easier targets rather than spending their time and energy on your security setup.
If your business needs funds to finance such a security system, a Merchant Cash Advance from Wide Merchant Group may be able to assist you. For more information on our services, visit us online at WideMercantGroup.com or click here to visit our blog and get answers to a business owner’s more pressing questions.
