Earn public trust by being cyber aware

By Shelley Polansky, President/CEO 

Unscrupulous people have been trying to swindle money from others for thousands of years. In fact, the earliest recorded case of insurance fraud dates back to 300 BC (yes, BC). Two Greek sea merchants took out an insurance policy on their ship and cargo. They tried to sink the ship, so they could keep the loaned money – but they got caught in the act. One drowned in an attempt to escape, and the other stood trial in an Athenian court. 

Obviously, scams and fraud are nothing new, but as technology evolves, bad actors have become more sophisticated. Companies of all sizes fall victim to attackers daily – and the financial repercussions are staggering. Cybersecurity Ventures predicts the cost of damages from cybercrime will reach $10.5 trillion by 2025. To protect your business, you need to understand what threats are out there, educate yourself and your employees on best practices, and implement proven safeguards. 

Email is the weakest link

Attackers target the tool that businesses heavily rely on each and every day: email. According to industry experts, email is the source of 9 in 10 cyberattacks. The FBI has reported that business email compromise, of which phishing is one example, has resulted in more losses to small and large organizations than any other form of fraud in the U.S. 

Every day, people are bombarded with emails. Normally, employees do not closely examine the emails they receive from their supervisors or valued vendors. Unless something seems drastically out of place, we tend to believe the email is from the person whose name is listed in the sender line. Unfortunately, nefarious individuals or groups take advantage of this level of trust. The most common targeted email scams include bad actors posing as: 

  • An executive asking a CFO to wire money to someone

  • A vendor or supplier requesting a change in payment

  • Executives requesting copies of employee tax information

  • Senior employees asking to have their pay deposited into a different bank account

  • An employer requesting an employee buy gift cards on their behalf

  • A realtor or title company redirecting proceeds from a real estate transaction to a different account

In these cases, emails are carefully constructed to look legitimate and almost always impose a sense of urgency for the action. But in reality, these emails are not coming from the person in the sender line. Often, they’re sent from an email domain that is similar to the real one, or the attacker has been able to log in to someone’s email account (likely because they got the credentials through another phishing attempt, a spoofed website, or a malware-infected link). 

Education is the foundation of a good defense

Establish clear cybersecurity policies that outline risks and the steps your employees can take to protect themselves and the company, then make sure you train employees and provide regular updates on the latest threats and solutions.

Approach emails with a healthy dose of skepticism. Never click on links or download attachments that you don’t recognize. Watch out for typos and misspellings; grammatical mistakes; unfamiliar and stilted language; and inconsistencies in domain names, links, and email addresses. Be wary of emails that demand urgent action by threatening negative consequences. 

Before sending money, confirm that the email is legitimate. Contact the requester by phone or through a method other than responding to the email you received. Larger organizations, like banks and insurance companies, often have a page on their website that lists known scams that are being perpetrated in their name. 

Fortify your technology

Awareness and education are great first steps to protecting your business, but you also should use technology to help further solidify your defenses. At a minimum, Better Business Bureau recommends taking these actions: 

  • Always replace default passwords with ones that are long, unique, and random. Use a password manager to help you generate and keep track of these passwords.

  • Keep your systems up to date by using the most current operating systems, browsers, and software.

  • Automatically back up your critical data offsite in a secure location and have a method to easily restore data in the event of a breach or disaster. 

  • Implement role-based access control by giving employees access only to the systems and data they need to do their jobs. 

  • Consider setting up your email system to identify and flag emails that come from an outside organization.

Find out what threats are being perpetrated near you 

BBB Scam Tracker (available at bbb.org/scamtracker) enables people and businesses to report scams in an effort to prevent others from falling prey to similar cons. This easy-to-use tool collects and presents scam data in a searchable online “heat map,” showing users the number and types of scams and hoaxes reported in their communities. Data is then used to issue scam alerts and publish in-depth studies on the scams that impact people the most.

This October marks the 20th anniversary of Cybersecurity Awareness Month. It’s the ideal time to focus on what you can do to prepare for cyberattacks and learn industry best practices. Being aware and up to date on scams and cyber threats will not only help protect your company’s reputation and assets, but it also helps build the public’s trust in your business. 

Shelley Polansky is president/CEO of BBB Serving Northern Colorado and Wyoming.