This blog post was updated on June 26, 2024
It was originally published on June 22, 2020
Cyber-threats to your business
By 2027, the global cost of cybercrime is expected to reach $23.84 trillion. That is slightly above the projected GDP of China, the second-largest economy, in that year. So technically, cybercrime will become the second-largest economy in the world by 2027.
You may feel that your business is too small or obscure to be targeted. However, that is a false sense of security since small businesses are increasingly being targeted by cybercriminals. According to the 2023 Business Impact Report published by the Identity Theft Resource Center, over one-third of surveyed small businesses reported being the victim of a cyberattack, a data breach, or both in the trailing twelve months.
While brute force hacks and ransomware attacks get the most attention, businesses are at a greater risk from phishing, scams, and fraud, which comprise 31% of attacks. Additionally, such seemingly innocuous attacks play a significant role in gathering data used for more sophisticated and novel cyberattacks. Therefore, they tend to be at the root of a much larger proportion of cyberattacks.
So, if you are able to prevent your employees from falling victim to phishing, scams, and fraud, the overall security of your business will improve dramatically. To help you in this fight, we are sharing 5 best practices that will help keep you from falling victim to online scams and fraud.
5 Best Practices For Safeguarding Against Online Scams And Frauds
1. Learn To Recognize Social Engineering
Social engineering is the psychological manipulation of people into giving away their personal information or performing actions that help the cause of the attacker. It usually involves tricking the users to divulge confidential information, login credentials, financial information, installing malicious software, or giving access to a computer or other device.
Criminals use social engineering tactics to get information on employees via phishing emails, phone calls, messages, and social networks. This information is then used to create convincing scams to trick your employees into performing actions that may be detrimental to your company.
Social engineering works because the attackers make themselves appear legitimate and helpful. To make their attacks more effective, the criminals often time their attacks to coincide with recent news or events such as health scares, natural disasters, tax deadlines, etc. Since it specifically targets individual employees, their response to such attacks is a big factor influencing information security in your organization.
From an administration perspective, the problem with social engineering is that no tool can prevent it. The only effective defense that works against it is employee training. You need to make your employees aware of the risks of social media and train them to identify common social engineering techniques such as pretexting, baiting, spear phishing, etc. Vigilant employees will prevent both personal and organizational losses.
We’ve discussed social engineering in great detail in another blog post that you can access here: Complete Guide To Social Engineering.
2. Learn To Identify Phishing Attempts
Given how easy and inexpensive email is, it isn’t a surprise that 94% of malware delivery happens through email. Most phishing emails are relatively easy to spot but the phishing techniques keep evolving so you always need to be on your toes.
Gmail is said to block about 18 million malware and phishing emails per day. While it is able to block around 99.9 percent of such emails, the 0.1 that bypasses the spam filters still amounts to a lot. Therefore, even though you may have spam filters in place, your employees still need to be vigilant, and knowledge is their best weapon against phishing.
If your employees can identify common phishing techniques and phishing emails they are unlikely to fall victim to online frauds and scams. What you need to do is to regularly update their knowledge about phishing.
Here are some useful phishing-related resources to help you get started:
How To Identify Phishing Emails And What To Do When You Are Phished
What is Business Email Compromise (BEC) And How To Prevent It
3. Beware Of Unexpected Phone Calls
A large amount of scams and fraud happens over the phone. Spoofed calls and text messages with malicious links are very common because messages are much more likely to be read than emails. In the case of targeted attacks, cybercriminals gather personal information on individual employees via social media sites such as Facebook and LinkedIn and use that information to make their calls or texts convincing.
Not even phone numbers can be trusted anymore because it is easy to spoof phone numbers to make them appear legitimate. So, whenever you are asked for any information or are called out of the blue, be sure to verify the identity of the caller.
Watch out for these telltale signs of fraudulent phone calls:
The caller tries to create a sense of urgency.
The call or text is purposely confusing.
They call you out of the blue and claim to be from your bank, a government agency, or tech support.
They ask you to provide personal or financial information or perform an action of your device.
Here are some useful resources related to voice and SMS scams:
4. Protect Against Malware
Malware, short for malicious software, is any software that is designed to intentionally cause harm to your computer or device. Malware includes viruses, trojans, worms, ransomware, spyware, adware, and more. Although phishing emails are the most common delivery method for malware, your device can also get infected when you visit an infected website, download pirated media, install malicious browser extensions, or use an infected storage device.
While there are several kinds of malware, each with its own purpose, most of them are financially motivated. Here are some common techniques used by malware:
Steal personal, financial, or business information.
Take control of the device or data for extortion.
Turn the infected device into a “zombie computer”.
Business espionage or sabotage.
And, here are steps that help you can safeguard against malware:
Install antivirus and anti-malware software on all devices.
Keep your operating system and all software up to date.
Backup your system and files regularly.
However, these safeguards can do only so much. The most important defense against malware is an informed and vigilant employee. Avoiding shady websites, pirated media, and open WiFi, as well as good password hygiene is instrumental in preventing malware infection and related online scams.
5. Recognize That Free Software And Applications Are Never Free
There are no free lunches; everything has a cost. Either you pay upfront in dollars or pay with your data, poor security, or loss of efficiency. Fake antivirus, free software, and browser extensions are behind many online frauds and scams. Many free software websites trick you into downloading additional unwanted software. Sometimes even legitimate software, when downloaded from dubious sources, comes with malware, adware, spyware, etc.
To prevent security risks from such free software and applications, you need to have a company IT policy with a whitelist of allowed software. Additionally, you also need to communicate with your employees the risks associated with unauthorized software and applications.
While you can restrict administrative access to computers in the office to prevent unauthorized software installation, this may be difficult to do for remote users. The only surefire way to mitigate the risks of free software is to train your employees to recognize the scams. The cybersecurity best practices that are utilized in the office are just as relevant when employees work from home or are simply browsing the internet in their personal time.
If you have to install software on your own follow your organization’s policies and for your personal devices use a trusted website such as Ninite.com.
Conclusion
Despite the advancements in cybersecurity tools, there is no one tool or system that can effectively protect your business against online fraud and scams. Effective protection requires a layered approach involving firewalls, web filtering, phishing and spam filters, antivirus signature protection, proactive malware protection, etc.
However, the most effective defense against online fraud and scams is provided by vigilant employees. There’s no better security than employees who can easily spot scams and fraud. Strong security policies combined with regular training will empower your employees to create a secure work environment, be it at the office or at home.
If you liked the blog, please share it with your friends