Keep your Business Safe
Businesses are more susceptible to fraud and cyberattacks due to the vast amount of important information present on business accounts and software. Explore tips on how to spot cybersecurity issues and how to educate your employees on best cybersecurity safety practices.
Jump to:
Jan 17, 2025
Protect Yourself Against Bank Impersonation Scams
Fraud spoofing is a sophisticated scam where fraudsters manipulate technology to impersonate banks and trick victims into sharing sensitive information. Here’s how it works and what you can do to protect yourself and your business.
Read NowProtecting Company and Client Information
Information Security
Personally Identifiable Information (PII) refers to any information that can be used to identify, locate, or contact an individual. Handling PII properly is essential to keeping businesses information protected. Unprotected PII is often the beginning of a company cybersecurity attack or data breach.
Employee social security numbers, date of birth, address, phone number and more should not be used in passwords PIN numbers, or passcodes.
Always consider what you post online, since social media is a huge source for cybercriminals to access your private information. Review your privacy settings on all social media accounts.
Refrain from printing PII if possible and follow the U.S. Department of Homeland Security’s best practices for emailing PII.
Update and Patch Software Regularly
Ensuring devices are updated and patched is a simple yet, important step in keeping personal and business information safe, according to the Cybersecurity and Infrastructure Agency (CISA). Update software as soon as possible to protect your digital devices against attackers.
Some software will automatically check for updates, confirm what processes your systems use.
Updates improve how your device performs, as well as removing bugs, patching security vulnerabilities and add new and improved features.
Make sure you only download software updates from trusted vendor websites.
Fraud Awareness: Trending Scams Targeting Owners and Employees
Business Email Compromise (Email Scams)
Business Email Compromise (BEC) is among the most financially damaging cyber scams around. While the scenarios vary – cybercriminals pose as a trusted figure and then ask for a fraudulent bill to be paid or requests sensitive data they can use in another scam.
If you receive an unexpected phone call or email requesting any kind of financial transaction or update to usual transaction procedures, always call the contact or vendor directly to verify the authenticity of the request.
Always think before you click, especially if the sender appears suspicious or if you were not expecting the email. Practice hovering your mouse over hyperlinks to see where they are taking you.
Consider consulting with a Cybersecurity Insurance Specialist to learn about available options to protect your business should an act of fraud occur.
Fraud Scenario Examples
1
An email or “phish” from what appears to be a legitimate vendor requests you to update ACH information.
2
You receive a fraudulent invoice, it appears to come from a trusted source until further investigation.
3
A manager appears to email an employee requesting an unexpected urgent wire or financial transaction.
Check Fraud
Check fraud is a financial crime that can be devastating to businesses. It happens when a criminal obtains and uses a check without proper authorization, leading to unauthorized withdrawals or purchases. In recent months, there has been a notable increase in digital check fraud cases industry wide.
Today’s advanced technology allows these scammers to create convincing counterfeit checks and manipulate digital images for unauthorized transactions.
Cash management features including ACH, Positive Pay and Check Positive Pay add a sophisticated layer for fraud protection and detection.
The United States Postal Service reported that complaints of mail theft doubled in 2021 and Banks report that check fraud jumped to 680,000 reports in 2022, up from 300,000 the year prior.
Check Fraud Tips
1
Don’t send cash or checks: If you must mail a check, bring the envelope directly to the post office to hand deliver to an employee. Do not leave in any mailbox.
2
Inquire about overdue mail: If you haven’t received a check, or any other sensitive mail, contact the sender as soon as possible.
3
Request Signature Confirmation: When mailing something with confidential information consider requesting Signature Confirmation.
Securing Business Devices and Workstations
Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a login setting that allows users to use multiple methods (aside from your password) to verify your identity. For example, after putting your password into your email login, it will send a code to your cellphone that you will be prompted to plug into the email site.
Oftentimes, hackers are able to crack your passwords; therefore an extra layer of protection is needed.
MFA can be used for email, operations and financial logins, social media, and other sensitive accounts; popular forms of MFA include text message, fingerprints or email codes.
Read what the CISA has to say about why MFA is important.
Remote Work Best Practices
It is imperative to implement device safety measures when working outside of the office. There are many ways businesses can keep their employees and company information safe whether it's with Wi-Fi, VPNs or safety devices.
Be mindful when using public Wi-Fi. Your information is protected if there is a lock symbol or “https” in the address bar.
When working at home, ensure you are using routers and Wi-Fi that are fully updated.
Consider investing in a VPN (Virtual Private Network) which can be bought on most computer app stores.
Do not use personal devices to access work resources and email.
Install the latest software so your computer is up to date.
Social Engineering: Educating Your Employees
Phishing (Email Scams)
Phishing is a cyberattack in which a cybercriminal sends deceptive emails to obtain important information or infect a user’s device. The goal is to get the target to take action by clicking a link or providing protected information.
Phishing emails are often targeted to current event times of the year (i.e.: tax season). This is meant to throw the receiver off by thinking the email is legit. The email uses verbiage that creates a sense of urgency, creating the user to act quickly.
Always think before you click, especially if the sender appears suspicious or if you were not expecting the email. Practice hovering your mouse over hyperlinks to see where they are taking you.
The FTC recommends using security software, updating your devices, and using MFA to avoid phishing. Read more phishing tips below.
How to Spot Phishing
1
Emails are centered around relevant topics
2
Sender is suspicious
3
Email contains deceitful hyperlinks
4
Messaging insists there is a sense of urgency
5
Wording contains poor spelling / grammar
Vishing (Phone Scams)
Vishing (voice phishing) is a cyberattack when a criminal uses verbal scams, like phone calls, to gather confidential information. With the emergence of voice AI, it is easy to misidentify callers. Ensure that you are answering calls with caution.
If you receive an unexpected phone call or email requesting any kind of financial transaction or update to usual business transaction procedures, always call the contact or vendor directly to verify the authenticity of the request.
Similar to phishing, these calls are meant to cause a sense of urgency to the receiver. The cybercriminal will attempt to get their victim to provide sensitive information over the phone.
To report an unwanted call or register for the Do Not Call Registry click the link below.
Guide to Vishing
1
Calls often evoke a sense of urgency to persuade victims to provide personal information.
2
Although they are bogus, call numbers may display your local area code or a business number.
3
If you think you are a victim to a vishing call, hang up and call the public phone number of the company in question.
File Protection and Ongoing Account Monitoring
Account Monitoring & Reporting
Identity theft is known as the deliberate and intentional use of another person’s identity often for financial gain. Business owners are vulnerable to these types of attacks, but there are many ways to avoid, spot and report identity theft.
Avoid Identity theft by keeping track of financial statements, setting up alerts and credit monitoring.
Federal Parties also provide resources to file complaints or report a stolen identity. For example, the FBI and FTC have resources to help you file a complaint or report a stolen identity.
Avoid using public Wi-fi networks to access personal accounts, make purchases, sign into banking, credit or other applications where your personal data is available.
If you think you are a victim of identity theft it is essential to call your branch manager or visit your branch for guidance on what to do next.
What is Ransomware?
Ransomware is a type of malware that takes your files hostage and makes them unusable with restricted access. Cybercriminals threaten to publish your files or block access to them until a ransom is paid off.
Update software and operating systems with the latest patches.
Back up data frequently.
Never click on links or open attachments in unsolicited emails.
Be mindful of your activity when connected to unknown or unfamiliar Wi-Fi networks.
Train your staff to avoid scams.
For Informational/Educational Purposes Only: The content expressed on this site is educational and not intended as specific advice/recommendations/safeguards for any individual. You should carefully consider your needs and consult the appropriate professional(s) for the best solution to meet your needs. Outlooks and past performance are not guarantees of future results.