Business fraud is as old as business, but it’s constantly evolving and taking new forms. Especially over the past year and a half, with many workers first shifting to their homes and now returning to the office, security gaps and changes in behavior have emerged that fraudsters are able to turn to their advantage.
Business owners need to know what to watch for and how to be prepared. Often the best defense is simple—stop, think, and ask questions when something unusual comes up. Here are some things to think about:
Keep a sharp eye out for email compromise fraud.
During the pandemic, cases of business email compromise (BEC) soared. In BEC, a criminal impersonates a coworker or partner and requests a payment to an account. They may pretend to be a CEO, salesperson, or banker, or may act as a regular employee and ask HR to change their direct deposit. Unlike “spoofed” emails, where the sender address is recognizably fake, today’s BEC often comes from a real hacked account. Keep passwords secure and follow up on every email request for funds with a call or in-person verification.
Beware of ransomware
Ransomware is also on the rise. Major attacks make the news, but small companies are a prime target regardless of industry. Ransomware is sold as a package to cybercriminals, so it is no longer the domain of a few skilled hackers. It infiltrates a system, often via an email link, and encrypts files in the background. A victim’s first sign will often come too late—a locked screen demanding payment in exchange for decrypting the data. The best defense: educated employees who don’t click on strange files and links, internet security software and robust data backups. A great resource is stopransomware.gov.
Cover your back with backups, tests, checks, and software
Start with internet security software and regular data backups, then go a step further with testing: Test your data backup to make sure it is copying all expected files, and practice accessing and using the backup. Make sure the backup can’t be infected from the network. Check bank accounts daily for unusual activity. You might even consider testing employees with fake phishing emails to see who clicks. This is a chance to reinforce key lessons and drive home risks.
Check your insurance policies
Active defenses and education are crucial, but it’s also important for businesses to mitigate risk. Check your insurance policy to confirm it covers cybercrime, fraud and ransomware attacks. Some companies provide assistance in the event of fraud. Insurance brokers and business advisors can help you identify the best level of coverage for you. It can be the difference between a slight disruption and being down for weeks—or maybe even out of business.
Employee education is the key to blocking fraud
It can’t be stated enough: People are most often the conduit through which fraud hits a company. Make sure all employees are trained. Too often leaders are taught about the risks, but don’t deliver the message effectively to those who need it. Make cyber defense a priority, teach it consistently, and revisit it often.
Alerus has been advising firms on fraud and keeping their financial information secure for decades, from the days of keeping paper checks secure to helping them understand the risks we face today. We offer services like Positive Pay to cut down on check fraud, and we offer presentations and webinars on fraud prevention to our customers and their employees to help make good habits second nature. Talk to your Alerus business advisor to learn more.