Watching Out for Small Business Scams

Our clients tell us one of the most powerful benefits of formally meeting regularly with a group of other business owners is getting insights from experts in fields outside of their own. For over 15 years, peer group member Fred Moore, President of Moore Computing, has been helping his peers tackle complicated IT challenges like data management, server monitoring, and cloud computing.

Today, Fred tells us the number one IT challenge for his team and their clients is protection from cyberattacks. Cybercriminals are commonly known for hacking into a business’s IT system, encrypting the data, and demanding a ransom to unencrypt it. We’ve all seen the headlines about breeches into large corporations and even government systems. However, the Moore Computing team is seeing more small and medium-sized businesses targeted with a variety of scams beyond data encryption.

The past year has been impactful on the country’s tens of millions of small businesses, to say the least. When the government established the Paycheck Protection Program and small business owners have access to funding, bad actors stepped in to find ways to take that money away in the form of small business scams.

Scammers are taking advantage of so much confusion surrounding the PPP and other government loans by saying they can help business owners get their money faster and easier, and many owners will accept their offer. They will give scammers important and sensitive data, like bank accounts and tax ID information. 

Small business scams aren’t a newly emerging risk. The Better Business Bureau reported that almost two-thirds of small business respondents said they were a victim of at least one scam, with nearly 20% saying they lost money or business data due to the scam. The pandemic, like natural disasters, can bring fraudsters out of the shadows as businesses work to rebuild.

There are several ways that scammers can cheat. 

Imposters: A common scam includes someone calling your business claiming to be from a government agency or utility company. They will say that your bills are overdue or you need to pay a business license fee, and some will ask you to pay using gift cards that can’t be traced when spent. 

Fake invoices: Scammers will find out which vendors you regularly do business with, and submit invoices under their names in the hope that whoever is handling the payments won’t double-check for legitimacy.

Phishing emails: Cybercriminals will pose as a vendor or colleague and send emails to whoever is in charge of the accounting. These emails will demand urgent, overdue payments and include a link that will facilitate the transaction. 

These are just a few of the most common ways that businesses can be defrauded. Scammers can offer to fix your online reputation, sell you ads in business directories, offer to invest in your business in exchange for an upfront fee — the list goes on and on.

So how can small businesses protect themselves from being scammed?

  • Invest in training for every employee, from top to bottom. Tell them to never click a link from a sender they don’t know and use training tools like KnowBe4 to support these learning initiatives. 
  • Get covered by cyber insurance; this is likely an additional policy on top of the general liability coverage you already have for your business. Unless you have a very robust general liability policy, you won’t have cyber coverage.
  • Limit the number of employees that have access to funds and accounts. Additionally, establish clear rules and guidelines for handling things like ordering supplies or paying invoices, and consider requiring approval for each purchase.
  • Research vendors and partners before exchanging any money. Search for the company name online, investigate their website, and check for any scam alerts. Take it one step further and check the Better Business Bureau for a profile.
  • Verify all invoices before payment, and reconcile them with items that have been ordered, work that’s been completed, and services rendered. Make sure that everything is correct before sending money. 
  • Don’t respond to emails that ask for sensitive data, and don’t click on any links from senders you don’t recognize. The same goes for phone calls  — don’t give out information to callers that you can’t verify.
  • Make sure your business computers and devices are protected against viruses and malware. Secure or even encrypt files and software that connect to the internet and contain business and customer data.
  • Outsource your IT to a trusted company that stays up to date on cyber protection best practices.  In-house IT, even with a professional will not have the latest industry knowledge that a professional firm will.

Make sure your business is protected before it’s too late and you’ve been exploited, or worse, forced to close your doors because of a scam. To be fully sure that your business is protected against cyber scams, reach out to IT professionals for help on actionable guidance. If you aren’t benefitting from the wisdom of your business owner peers, contact us to learn more about our facilitated monthly peer group meetings.