madartzgraphics / Pixabay

We certainly live in unprecedented and uncertain times. Businesses, in particular, are grappling with a current set of realities that were virtually unimaginable weeks ago. There is a great deal of information and insight on ways in which businesses can respond to these difficult times and navigate this ever-changing environment. One area that business leaders can’t neglect is cybersecurity.

It is more important than ever to be cautious when receiving and/or responding to emails and phone calls. Cybercriminals excel in the ability to take advantage of vulnerabilities. During these precarious times, businesses and their leaders must be vigilant, especially in terms of protecting personal data for employees, clients, and customers.

One of the most challenging aspects of combating cyber scams in uncertain times is that our attention is often diverted elsewhere, creating openings for cybercriminals to strike. Those attacks are becoming increasingly sophisticated as well.

Many of us understand that we shouldn’t trust anyone who contacts us unsolicited and requests we take action quickly. Likewise, we are all aware of avoiding attachments or links in suspicious emails. However, as cybercriminals become more sophisticated, so must businesses.

Scams Are Broad and Sophisticated, So Train Everyone

Remember that scams are sophisticated and only getting more so each day. Phone calls and e-mails will sound and look legitimate. Thus, the best way to recognize their illegitimacy is by the action they are requesting you take.

Recall the recent stories about how Barbara Corcoran, a hugely successful business leader and Shark Tank investor, initially lost almost $400,000 in a phishing scam. Fortunately for her and her company, the bank froze the transfer before it was completed. But this episode offers a lesson that all businesses are vulnerable.

Before taking any action, ask yourself why the request is being made. Has that person requested substantial money, account information, or wire instructions before? Why would they be asking for it now? For what reason would your bank call you to verify an account number they already have? The best advice: If you have any doubt in your mind why you are being asked to do something, do not do it. Don’t bother asking the person on the other end of the phone why they are requesting you to do something. They will certainly have a legitimate-sounding answer for you that will likely only make you feel more stressed or concerned. Hang up the phone or stop using your e-mail account if it’s been compromised. Then, contact your bank or account administrator or the person making the request by some other means of contact you believe to be secure with contact information you know to be accurate to verify if they need something from you.

A key takeaway for businesses is the importance of training everyone in your company about the perils of cyber scams and questioning any dubious request. There should be an established policy that it’s better to double or triple check every time. Also, don’t assume that certain employees – whether based on their age, job title, or experience – will innately understand how to spot a scammer. Everyone should receive consistent training.

Identify If A Request Is Legit

As part of that training, here are some tricks and hints that our company and team members have found helpful:

  • Check the Email Address: If you receive an email that looks valid, hover your mouse over the email address or expand the email to see the complete email address. Many fraudsters have mistaken, long, or illogical email addresses that do not match the supposed email source. Look carefully because there might only be one letter missing or one extra letter, but the email address won’t match the person it’s purportedly from.
  • Check Your Account Online: If you receive an email from an account you generally log in to, disregard the email. Don’t click on the link in the email, but rather start with a new web browser and log in to your account. Any message you were sent via email will most likely also be on the actual website.
  • Call Back To Verify: If you receive a telephone call that sounds like it could be valid, hang up the phone and dial the number you personally have for that contact, not the number the call came from. If you don’t know the person’s number, use a phone number for the business you know to be accurate.

These simple steps may take a few extra minutes, but can save the significant headache that comes from getting scammed.

Prevention Tips for Staff and Clients

Additionally, here are some valuable prevention tips that can limit fraudster emails:

  • Use strong passwords and don’t use the same password for multiple logins.
  • Enable multifactor authentication whenever possible. This extra step is one of the best deterrents to lost account information and scammers.
  • Do not share your password. No reputable organization would ask you to share a password or PIN over the telephone or through an email.
  • Have updated security software on your computer. Don’t skip those updates and software patches because cybercriminals use those vulnerabilities to take advantage of you.
  • Log completely out of all software as well as your computer every day or when not in use.

Of course, many businesses hire reputable security firms and consultants to assist in these cybersecurity efforts. Most businesses should be able to implement the tips outlined here. Importantly, train all your team members and encourage multifactor authentication as much as possible.

As more businesses move their operations online and employees need to work remotely, our vulnerabilities to cybercriminals multiply. Now more than ever, businesses must remain diligent while working online.