Small businesses can be a big target for scammers and cybersecurity threats during the holidays. Small businesses may not have the same kind of security measures in place that large organizations do, which makes them an attractive target. If your business saves credit card, bank information or processes large quantities of money then it may be more likely to be attacked.
One of the easiest things that you can do is educate your employees, your cybersecurity strength is only as strong as your weakest employee. Make your employees aware that they should never click on suspicious links or that you will never ask them to supply sensitive information through email. Send cybersecurity tips for small businesses to your employees regularly to keep them on top of the latest scams or developments within the industry.
Another popular scam involves gift cards where the email appears to come from their boss or CEO and asks the employee to purchase gift cards and send them the gift card information. This is known as spoofing when an email appears to come from a legitimate source or coworker but actually comes from an outside party. This kind of scam has even been noted by the FBI and has increased by over 1000% since 2017 and cost businesses over 1 million dollars in losses since 2017. Let your employees know that they will never be asked by email to perform these tasks or to check with the sender by phone or in-person before completing any tasks that seem suspicious. Another option to help address this is to designate one employee as the one who is allowed to make gift card purchases for the organization and to direct all other employees to work with them if they have a business need or request to purchase gift cards.
Also, make your finance department aware so they can look for any employees who are submitting expense reports for gift cards and they can also verify that the request was legitimate and stop any further fraud from occurring as once an employee is scammed once they become a target for repeat requests.
If your business doesn’t have a cybersecurity policy, make a New Year’s resolution to get one in place by the start of 2020. Include items like password standards, VPN, antivirus software, data backup, emergency protocols, wifi, and network security measures. There are plenty of companies within this space that can help act as consultants or who provide software or services to help businesses address cybersecurity concerns.
Find this topic interesting? Read more about it in my article about how small businesses are having their data held for ransom and what you can do to prepare your business.