Congratulations…you’ve made it through the busiest time of the year for retailers and many other businesses! And hopefully you have done so without any incidents of fraud. There is no time to relax, though…the scammers and hackers do not adhere to a real “holiday schedule,” so you can’t, either. Here are a few common ways businesses get scammed and some methods to combat them.
Invoice Fraud. A savvy scammer might research what items your company purchases with regularity, then create new invoices—or alter real invoices if they can get their hands on them—to get you to pay for products and services you did not receive. They may provide an invoice from one of your actual suppliers along with instructions that their payment details have changed. You may never even known it until the real vendor comes along asking for payment.
Executive Impersonation. Most companies have a lot of information about their executives and upper management listed publicly on their websites. While this provides a sense of security for legitimate customers, it also provides a great starting place for a scammer to gather information. Add onto that the social media accounts of the same people and a bad guy can make calls to your employees trying to get them to divulge sensitive information or transfer funds.
Supply Chain Tampering. Sometimes even seemingly innocuous products can be counterfeited. You are presented with a “deal” on something your company normally stocks and decide to save some money. Then you find out the items were fake…and worthless. The supplier has already been paid and moved on with no way to find them.
Ransomware. This is a scam that has been around for years, but never seems to go out of season. Your website or company systems are hacked into and taken over, then the perpetrator offers to return control to you…for a price!
Data Breaches. Another oldie-but-a-goodie, data breaches seem to happen with alarming regularity, even to some of the biggest companies that should have very effective security measures in place.
This is just a short list, but obviously the bad actors never take a holiday. Here are a few things you can do to protect your business from becoming a victim.
Robust cybersecurity. Put into place the best security measures you can afford on your computer systems, including your website. Adopt and enforce strict password policies and multi-factor authentication. Keep any software on company systems updated…including any devices that connect to company systems, like your phones and tablets.
Employee training. Make sure all employees are trained on recognizing fraud attempts and give them ways to avoid it. In particular, make sure people in leadership roles know what to look for and give them steps to respond to it quickly and efficiently.
Vendor due diligence: When you work with a new vendor, ask for references and do more investigation than it seems you should have to before putting in that first order.
Insurance. Despite all your measures, you may not avoid all fraud. Make sure your insurance covers cybersecurity, and make sure there is a well-documented process in place for dealing with any incidents.
In dealing with fraud from any direction, knowledge is your best tool. Make sure everyone in your organization has the amount of training they need to recognize and avoid it. If you would like to know more, RockPointBank is hosting a Cybersecurity Symposium. Click here to register.