Is your business safe? It may not be. Many unscrupulous people are operating online looking for new ways to exploit honest people.
I was recently drawn into a scam promulgated by someone yet to be identified through a freelancing website. Because of how personally this affected me and my brand’s reputation, I decided to write today’s blog post on how to protect your business online.
My personal experience involved Upwork.com, which is a website that boasts of the value of freelance talent.
Well, as the old saying goes: nothing is more expensive than cheap labor.
Someone posing as me and pretending to be a New York writer/publisher took a job writing a book for a client and the results were poor. 3 chapters completely plagiarized wrong.
Worse still: I was blamed for the fraudulent work! This person’s profile had my name and photo on it and her client found me (the real me) through a Google search that matched my profile photo. You can imagine the shock I felt being falsely accused of scamming someone!
After realizing that this was a clear case of identity theft, I immediately contacted UpWork to have the fake profile removed. This person’s client did the same thing; we hope that they were able to get a full refund of the money spent on the useless book written for them.
Scary stuff. But compared to what others have found, they are small potatoes.
While hiring and supporting local talent has always been my thing, if you have to outsource (overseas or through those freelance sites), then a great idea to protect yourself is to insist on seeing a scan of your government-issued ID. Take your proof of identification a step further and insist on a video conference before committing.
Fraud is on the rise
2016 saw a significant increase in fraud over 2015. While the numbers show that the amount stolen decreased slightly, the volume of theft increased. Much.
While those numbers relate more to consumer fraud if you’re the seller, you may lose money out of pocket if the claim means returning the now-used product to you.
The take-home point is that fraud is on the rise, so you need to take steps to prevent yourself and your customers from becoming victims.
How to prevent and report cybercrime
According to the National Cyber Security Alliance, there are several steps you need to take to protect your business and customers:
• Assess risks
Identify what types of fraud or crime you may be most susceptible to. Do you work with medical information? Financial information?
Even if your business purpose is simply B2C, there are steps you can take to protect yourself.
Users shopping through your website trust you to keep their financial information secure, so take steps to do so, such as having SSL installed for any e-commerce or sensitive information and it’s wise not to store it.
• Monitor threats
This can be as simple as making sure no spam messages are opened or that emails with attachments are scanned with some form of antivirus software. While the software is not 100% effective, it will stop the best distributed scams.
• Report attacks
If you are the victim of a cyber attack you are going to be frustrated and with good reason.
Canada is really vulnerable these days when it comes to cybercrime and your best hope is to call the police. While promises have been made to address this, very little has been done and it is impossible to prosecute international criminals.
If you are the victim of a cyber crime, please contact your local police and cross your fingers. But the bad news is that you probably won’t get a resolution. This is something to consider if you have been hiring someone abroad.
In the US, reporting cybercrimes is much easier. You contact the FBI through this website. They have the ability to tackle international criminals, and the United States has recently cracked down on international crime operating within its borders.
For those reading from any other country, I encourage you to do your own due diligence on cybercrime reporting protocol so that you are prepared in case you need to be.
• Execute a Security Plan
For this, the recommendation is to work with your ISP on a cyber security plan. While it may be worth talking to your ISP, you should talk to your website hosting company first.
The security of your customer and business information is sensitive, so make sure your host knows that you have things like routine backups of all information made and stored on another server.
Most specs stay on top of everything, but it’s always worth calling them in for a quick review, especially if you have information relevant to them that might help.
If you have already been a victim, let your host know what happened. The information may help others in the future.
• Protect your customers
The suggestion in this article to scan all USB drives routinely is a good one. Sometimes information can be sealed behind the most advanced firewall, but it still gets out.
One of the easiest ways to exploit technology is social engineering. Many times the information is not so much stolen as it is leaked by someone internally.
Have a privacy policy and make sure your employees know that every time they connect something to your computer network, it will be scanned.
Make sure all software is up to date and all computers connected to your network are running the most up-to-date version of your operating system.
• Educate your team
This is an easy one.
Have a protocol in place that ensures your employees follow all of the steps listed above.
All computers should be scanned when connected to a network and all USB drives should be scanned as well.
Most people are used to this by now, so don’t worry about suddenly implementing it.
Stay safe
By taking steps to protect yourself, you stay ahead of the game should something happen. Fighting after being a victim only helps the people who have stolen from you by giving them time to disappear.
Online business is likely to grow even more, and with it, fraud. The complexity of the scams will evolve and hopefully so will the solutions. In the meantime, I hope you enjoyed these tips and that you never fall victim to cybercrime.