Fraud prevention and cyber security: 4 tips to keep your business safe from cyber attacks.

As a business owner, you know the value of your company’s data. Unfortunately, you’re not alone in recognizing that value.

Fortunately, one of our primary concerns at CWB is the safety of data, so we’ve got some tips from our Information Security Office to help you keep your data safe.

Cyber risks are real

Cyber criminals regularly target businesses to steal sensitive information for personal or financial gain. Their methods are always evolving to become sneakier and harder to spot.

No business is too small for these fraudsters. Canadians have lost over $284 Million to fraud so far in 2022, and most business victims were small and medium enterprises (SMEs). Small business owners are often hit the hardest because they may not have the resources to deal with the aftermath of a cyber attack. 

On and offline solutions are possible

We care about your business’s health and security, so we’ve put together some top tips to keep you safe from cyber attacks. Read on to learn how to protect your organization’s sensitive data from prying eyes.

1. Invest in training your workforce

The more informed your team is, the less vulnerable your company will be to threats. Cybercriminals are using sophisticated social engineering techniques like spoofed calls, e-transfer scams, and wire scams, which pose a risk to cyber security posture. 

Tips to avoid social engineering threats

• Cybercriminals may impersonate trusted sources from well-known organizations such as Amazon or Windows to co-workers or senior leaders in your organization.
  • Be suspicious of unsolicited communications, especially those requesting personal information. Verify the authenticity of any request for information before disclosing any information.
  • Always check the sender’s email address for misspellings or additional punctuation. If a communication seems suspicious, call the supposed sender directly to confirm the authenticity of the request.
• Cybercriminals prey on our emotions by tricking us with scams that are too good to be true or by scaring us into a reactive state.
  • Beware of contest scams that collect personal data behind the disguise of a gift or contest prize. If it seems too good to be true, it probably is.
  • Don't open any suspicious links or attachments even if there's a threat of dire consequences, such as closing your account. Take time to assess the legitimacy of the email or text message.

Tips to avoid e-transfer and wire fraud scams

• Report any unexpected e-transfers to your bank. Do not respond to requests by unknown individuals claiming to have transferred funds in error.
• Do not respond directly to a suspicious email or use any contact details mentioned within, as scammers can provide false information via spoofed emails. 
• Always verify payment requests by contacting the organization through publicly listed contact details.

2. Develop a cyber security plan that works for your company.

Organizations of all sizes must develop a strategy to combat fraud. While it may take time for you to set up a plan, it's worth the work. A good plan will help you:

• Identify the assets you want to secure and the risks you want to reduce.
• List the types of threats your business may be prone to. Prioritize and focus on the most common threats.
• Budget for updating subscriptions, cloud security software or refresher cyber security courses for employees.
• Create a detailed contingency plan with clear steps to take in the event of a cyber attack.

3. Your business data is gold — protect it with strong passwords.

Cyber criminals will often try to get financial, employee and customer details by guessing or stealing passwords. Protecting the access points of your business data with passwords is crucial.

• Set up multifactor authentication on all platforms that support it.
• Choose hard-to-guess, complex passwords or passphrases that don't contain personal information (e.g. Birthdate, first/last name) and create a different password for every account.
• Avoiding storing passwords in plain text or in writing. Instead use a trusted password manager.

4. Stay alert and question everything

Most scams work on creating a sense of urgency or panic so that the victim is in a vulnerable state. Stay vigilant, even while interacting with known parties online. 

• Ensure that your security software is up to date and stay cautious while reviewing flagged emails or websites.
• Question the origin and contents of the call, text, or email. A message that invites an emotional reaction, such as panic or fear, is a big red flag. 
• Check for spelling or grammar mistakes and odd formatting choices.
• Most importantly, if something feels off, it probably is. Trust your gut as much as your security software to flag something suspicious when you see it.

As cyber security threats continue to evolve, so must Canadian businesses. We hope this advice has been helpful!

To learn more, you can take a free online course by CyberSecure Canada that guides you in establishing security controls to protect your business.