I recently received an email from someone I knew, and the email address was his. The mail included an “open document” link to DocuSign, a highly reputable site. I wasn’t expecting a document from him, so I was suspicious. I reached out to him through LinkedIn and sure enough, he advised me not to open it and to delete it immediately (he had not sent me anything).
Lesson learned: there are amazingly crafty cybercriminals out there and we have to beware!
Protect your personal identity
As a business owner, your personal identity is tied to your business. Preserving the integrity of your personal information is essential. Just think what it would mean to your business’s ability to borrow money if your personal credit score were to be damaged because of identity theft.
What to do: Be sure you have appropriate protection for your computers and mobile devices, including strong password protection and protection software. The best software protection for 2017 protects against malware, spyware, and other online attacks for all your devices.
Protect your systems
Despite the best third-party computer protection, cybercriminals can get into your systems if you let them. For example, if you click on a fake link, your affirmative action can bypass the protection you’ve installed.
What to do: Don’t open email until you view the address (the name may be correct but that person’s contact list may have been stolen and used to reach out to you). Don’t click on any links in emails unless you are sure that the sender is who you think it is. Create company policy and instruct employees on their email activity to protect your company’s systems.
Protect your clients and customers
The data you maintain on clients and customers, which may include credit card and/or bank information, is confidential and needs to be protected. Once cybercriminals enter your system, they gain access to this information, so don’t let them in.
In January, for example, the IRS warned tax professionals of a 2-step scam designed to gain client information. An initial email asks the preparer for tax help. If the preparer responds, thinking he/she has a new client, the cyber-criminal sends a second email with an embedded web address, or a PDF attachment that has an embedded web address.
What to do: Create company policy about how to respond to unsolicited email. Consider using encryption for client/customer data.
Protect your employees
Cybercriminals are trying to steal your employees’ W-2 information, which includes their addresses and Social Security numbers. In early February, the IRS warned employers to be on the alert for this scam: Using spoofing techniques, cybercriminals send emails to payroll or HR departments requesting a list of all employees and their W-2s (the business email compromise or business email spoofing scam). The email may request the business to make wire transfers to a certain account.
What to do: Make sure your internal policies tell those responsible for payroll or HR to not respond to any email inquiries. If the inquiries purport to come from the IRS or other government agency, generate a phone call to the appropriate agency and ask whether the agency actually sent it.
If you’ve been scammed, take action immediately. Bring in experts to help you, such as those through Microsoft. Comply with federal and state notification requirements if customer/employee information has been compromised or potentially could be compromised. Inform the FBI by filing a complaint with the Internal Crime Complaint Center (IC3). Be safe!