Protecting your business from fraud is always a priority, but now is an especially important time to revisit your cybersecurity precautions. For many small businesses, online activity is up due to the conditions of the pandemic—which can make them more vulnerable to cybercrime, including cyber fraud.
According to the Canadian Anti-Fraud Centre, here’s how the stats play out: Canadian reports of fraud reached 67,294 in 2020, compared to just 47,449 in 2019. Over 10,000 of those reports are due specifically to the impact of COVID-19 fraud.
“E-commerce may be new to some small businesses so it is important that owners educate themselves and their employees on the possible risks of conducting business through the internet or third-party apps or platforms,” says Amy Lee, Financial Crimes Risk Management Specialist for Coast Capital.
Here are some ways small business owners can strengthen their fraud-prevention strategies to better protect their bottom line.
Understanding the scope of cybercrime
The RCMP interprets cybercrime to be any crime where Internet and information technologies—such as computers, tablets, personal digital assistants, or mobile devices—have a substantial role in the commission of a criminal offence. Fraud is one such cybercrime. It can involve criminals misrepresenting themselves in any number of ways, such as through phishing—emails, texts, or other kinds of messages that coerce you to click on a link—or scams, to conduct any number of false, deceptive, misleading, or fraudulent acts.
Employees are small businesses’ first line of defence against cyber fraud. But one in four Canadians (27%) feel they are not prepared to face cyber threats, according to the Government of Canada’s 2020 Get Cyber Safe Awareness Tracking Survey. Roughly the same number (26%) report they have been victimized by an email scam.
“Many of the ways consumers are targeted can be applied to business as well, so being aware of common consumer-internet scam strategies is a good start to small-business preparedness,” says Lee.
A thread among many Internet scams is the use of “spoof” company names and email addresses that make information look as though it’s coming from legitimate sources. If employees are in a hurry and don’t slow down to look carefully at the from and reply-to addresses on messages—or more important, the names on invoices—they may exchange communications with scammers that can lead to fraudulent transactions.
Many best practices for preventing cyber fraud come down to due diligence. Here are four strategies, adapted from guidance from the Canadian Federation of Independent Business and the Canadian Anti-Fraud Centre, on staying cyber secure in 2021 and beyond.
1. Invest in employee education
Phishing schemes—in which criminals send fabricated emails, websites, and text messages in an effort to solicit sensitive information (making it look like it came from trusted sources)—are highly common. Make sure your employees know this.
Small business leaders should invest in training and policies for staff members. Even the most basic reminders can be powerful fraud preventers, like: don’t click on links in unsolicited emails and don’t give out sensitive information—such as addresses, phone or account numbers, or any information about equipment in the office—on unsolicited phone calls. They should also closely inspect the names and contact details on all invoices prior to making any payments.
2. Know the most common signs of fraud
At all levels of the business, employees should also be able to spot the most well-known kinds of fraudulent online transactions. These include:
- Larger-than-normal orders placed over the Internet without contact by the customer.
- Priority rush orders of high-value merchandise, where the customer requests overnight shipping.
- Multiple orders for the same product, or orders made up of “big-ticket” items.
- Missing contact information on an order (or a customer’s refusal to provide certain contact information, such as a daytime phone number).
- Orders that are set to be shipped to a different address than the billing address.
- Billing addresses that are not the same as the information on file with the credit card company. An address verification system (AVS) can block sales where addresses don’t match.
- Orders from other countries, especially those you rarely do business in.
- Use of multiple credit cards as a form of payment.
In the instance that any of these warning signs show up, inspect the order and contact the customer by phone to confirm the details. If the customer is unreachable, cancel the order.
3. Have security steps for online purchases
Implementing security protocols on your online-ordering process can help you avoid suspicious orders and prevent fraudulent activities from taking place.
For example, the use of weak and default passwords is one of the leading causes of payment data breaches for businesses, according to the Payment Card Industry Security Standards Council. Work to implement eight-digit passwords with a capital letter and special character on all internal employee and customer accounts.
Requiring customers to enter the three-digit Card Security Code on the back of their credit card also adds an extra layer of protection. Setting order limits on the maximum dollar amount of merchandise allowed in an online purchase can also make you a less susceptible cybercrime target, since criminals have less opportunity to benefit from those transactions.
4. Stay up-to-date with secure IT efforts
Investing in a firewall as well as anti-virus, malware, and spyware detection software is also essential to staying vigilant against cyber threats. If you have a Wi-Fi network for your workplace, you should also ensure it is secure, encrypted, and hidden.
Also, implement all IT updates as soon as they become available, and keep your payment systems isolated from less secure programs. That may mean using different computers for payment-related work compared to other tasks. Limit access or administrative privileges to sensitive data and payment systems only to those employees who must have that information to do their jobs.
Be flexible and always in learning mode
Cyber threats are always evolving, which means you should always be expanding your knowledge and implementing smart changes as your business evolves. “Just because a security strategy works for an in-person retail transaction does not mean it works for online purchases,” adds Lee. “Each new channel or solution has its own unique challenges.”
Ultimately, there’s no substitute for understanding common scams, looking for gaps in your security strategy, and continually updating your policies and procedures. A frequently updated list of common scams affecting businesses is available from the Canadian Anti-Fraud Centre. And for small merchants, there’s the Guide to Safe Payments from the Payment Card Industry Security Standard Council forum.
“It is important to look for solutions that help combat risks,” says Lee. “This pandemic may have forced many to conduct business differently. But it can also be seen as a positive opportunity for growth and implementing stronger protections.”
For additional guidance and solutions, visit Coast Capital’s Cybersecurity Hub.