Whether you run a manufacturing business, an online consulting firm or a florist shop, you have information that is valuable to crafty cyber criminals.
That’s why it’s important for small to medium-sized businesses to have a cybersecurity plan in place to protect their business, their customers, and their data from growing cybersecurity threats.
Learn about common scams and what you can do to protect your business.
1. Fake Invoice Scam
In this scam, businesses are typically sent an email with a fake invoice, claiming to be from a company that they do business with, informing them of a bank account switch and to re-direct their payments to the “new” account number. Many of these “invoices” appear at first glance to be legitimate bills, and may include threatening or confusing legal jargon to create a false sense of urgency to pressure recipients to make quick payments.
What you can do
- Ensure that employees who are responsible for processing payments remain vigilant and watch for changes to payment instructions. If you are suspicious about whether a supplier has truly changed their bank details, call them directly to confirm bank details over the phone.
- Review all invoices closely. Never pay an invoice unless you know the bill is for items that were actually ordered and delivered. Tell your staff to do the same.
- Always check order details, confirm the validity of the customer, and verify the information on invoices before transferring any funds.
- Before doing business with a new company, search the company’s name online with the term “scan” or “complaint.” Read what others are saying about that company.
2. Business Email Compromise (BEC)
A business email compromise (BEC) is an exploit in which the criminal impersonates a senior executive at a company, either by gaining access to their corporate email account or by creating a fake one. Through the use of social engineering tactics and research, often through social media, the criminal will craft credible emails and send them to someone within the company who likely has the authority to move money in hopes of tricking them into transferring money to a fraudulent account.
What you can do
- Educate you employees about these types of scams and advise them to be skeptical of urgent or suspicious requests made by email.
- Be mindful of what you share on social networking sites. Criminals can use these sites, and your website, to gather information about you that they can repurpose to target your company.
- Remember that email addresses and websites that look legitimate are easy for criminals to fake. Stop and think about whether it could be a scam before you click.
- Don’t rely on email to coordinate fund transfers. Have an additional communication process in place that requires face-to-face communication or a phone call to verify that the request is legitimate.
3. Spear phishing
Spear phishing is an email spoofing scam where criminals target a specific organization or employee with tailored messages, to gain unauthorized access to sensitive information, funds or computer systems. In a spear phishing scam, people within a company receive an email asking them to provide the sender with confidential company information. The email will look like it came from someone within the company, so they are more likely to trust them.
Criminals can gather information – typically via social networking sites – about their targets, like: email addresses, job titles, and interests, etc., and use it to send convincing, but fraudulent emails.
What you can do
- Train your employees to know what to look for. They should learn the importance of protecting the information they regularly handle to help reduce exposure to the business
- Confirm any email requests that you’re not expecting with the sender directly, even if the request looks like it’s coming from someone within the company.
- Ensure the appropriate security measures are in place within your company. Consider: firewalls, antivirus, email filtering, etc.
- Put privacy settings on your social media accounts to limit who can see them, and keep details about your business to a bare minimum.
4. Ransomware
Ransomware is a form of malicious software (malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. The criminals will use the ransomware to extort money from you before they restore your access to the files. A computer can be infected by ransomware a number of ways but most commonly it involves victims clicking on a malicious link or attachment received through a phishing email. Once infected, victims will see a "ransom" note which is often designed to scare or extort the victims into making payment.
What you can do
- Back up your data regularly. Backing up data will help ensure that your business is able to recover quickly and completely when a system crash, data corruption or when other setbacks happen.
- Train employees to avoid clicking links or opening email attachments from emails that are unsolicited and from unknown sources.
- Ensure your software is up to date. Regularly schedule and install updates and patches to improve security.
- Manage the use of privilege accounts. Give administrative privilege only to those who need it in order to limit exposing your networks to malware.
Contact us today for more information on protecting your business.
Article was originally posted here: https://www.rbc.com/cyber-security/how-to-protect-your-business/index.html
This document has been prepared for use by the RBC Wealth Management member companies, RBC Dominion Securities Inc.*, RBC Phillips, Hager & North Investment Counsel Inc., RBC Global Asset Management Inc. Royal Trust Corporation of Canada and The Royal Trust Company (collectively, the “Companies”) and their affiliate, Royal Mutual Funds Inc. (RMFI). *Member – Canada Investor Protection Fund. Each of the Companies, RMFI and Royal Bank of Canada are separate corporate entities which are affiliated. “RBC advisor” refers to Private Bankers who are employees of Royal Bank of Canada and licensed representatives of RMFI, Investment Counsellors who are employees of RBC Phillips, Hager & North Investment Counsel Inc., Portfolio Managers who are employees of RBC Global Asset Management Inc., Senior Trust Advisors and Trust Officers who are employees of The Royal Trust Company or Royal Trust Corporation of Canada, or Investment Advisors who are employees of RBC Dominion Securities Inc. In Quebec, financial planning services are provided by RMFI which is licensed as a financial services firm in that province. In the rest of Canada, financial planning services are available through RMFI, Royal Trust Corporation of Canada, The Royal Trust Company, or RBC Dominion Securities Inc. Estate and trust services are provided by Royal Trust Corporation of Canada and The Royal Trust Company. If specific products or services are not offered by one of the Companies, clients may request a referral to another RBC partner. The strategies, advice and technical content in this publication are provided for the general guidance and benefit of our clients, based on information believed to be accurate and complete, but neither the Companies, RMFI, nor Royal Bank of Canada, nor any of its affiliates nor any other person can guarantee accuracy or completeness. This publication is not intended as nor does it constitute tax or legal advice. Readers should consult a qualified legal, tax or other professional advisor when planning to implement a strategy. This will ensure that their individual circumstances have been considered properly and that action is taken on the latest available information. Interest rates, market conditions, tax rules, and other investment factors are subject to change. This information is not investment advice and should only be used in conjunction with a discussion with your RBC advisor. None of the Companies, RMFI, Royal Bank of Canada nor any of its affiliates nor any other person accepts any liability whatsoever for any direct or consequential loss arising from any use of this report or the information contained herein. In certain branch locations, one or more of the Companies may carry on business from premises shared with other Royal Bank of Canada affiliates. Notwithstanding this fact, each of the Companies is a separate business and personal information and confidential information relating to client accounts can only be disclosed to other RBC affiliates if required to service your needs, by law or with your consent. Under the RBC Code of Conduct, RBC Privacy Principles and RBC Conflict of Interest Policy confidential information may not be shared between RBC affiliates without a valid reason. ® / ™ Trademark(s) of Royal Bank of Canada. Used under licence. © Royal Bank of Canada 2024. All rights reserved.
RBC Wealth Management is a business segment of Royal Bank of Canada. Please click the “Legal” link at the bottom of this page for further information on the entities that are member companies of RBC Wealth Management. The content in this publication is provided for general information only and is not intended to provide any advice or endorse/recommend the content contained in the publication.
® / ™ Trademark(s) of Royal Bank of Canada. Used under licence. © Royal Bank of Canada 2024. All rights reserved.