The ways and means by which cybercriminals target businesses have evolved, with SMEs now subject to an increasingly sophisticated range of attempted attacks. In this article we explore four of the most common SME cyber scams affecting British businesses, explaining what the scam looks like, and how to deal with it. We’ll also look at how to train your employees to be more cyber-resilient and how to build greater security from within your organisation.
You’re at the desk and you get an urgent email from your line manager instructing you to click a link. It’s got to be done quickly, because the boss needs something, and your job may well be on the line if you don’t comply. Sure, it’s out of the ordinary, but with due diligence, you do as you’re told.
Targeting employees is a favourite SME scam tactic. The link will give scammers access to data, passwords, and banking. Scammers can even use this approach to lock software until you cough up a Bitcoin ransom. The key to beating this scam is to train all your employees in cybersecurity, and to have digital hygiene embedded into the heart of your organisation. To learn how to become an overnight master at organisational digital safety, read the section below.
Your IT system is about to collapse, is infected with a virus, and you are down to your last 10% of firewall. Lights start flashing, emails start appearing, and it all looks very serious. Then comes the authoritative, blissful, day-saving instruction. Click this link, you are told, for an immediate solution.
Welcome to the “tech support scam”. It’s a familiar face, but thankfully an easy one to spot. A legitimate tech support company will never make unsolicited contact with you to advise you of an issue. Companies cannot ‘see’ into your computer system and detect a problem without your consent and the right systems in place, and firewalls do not run out of space. These scams play on a lack of IT knowledge and our natural, human panic response. Always contact an expert if you think you have a problem with an IT system or hardware, or are uncertain about the details of an issue.
A tempting offer of low equipment leasing rates, credit card processing offers that are out of this world? Amazing. But when it comes to the full contract? It can be dealt with later. For now, just sign this hazy document and off you go, and do it quickly, because this offer won’t last for long…
This is the credit card processing and equipment scam. This is where your ‘contract’ turns out to be full of hidden fees, sneaky surcharges, and surging prices. When you reach out for support, it doesn’t exist. By far the worst part of this scam is that once you’ve signed, it is often legally binding. To avoid this nightmare, never rush into a leasing or hire decision. Always do your research, demand a full contract, and get a professional to double check the fine print.
An employee gets an email with the company logo asking them to log-in with their payroll credentials. It’s out of the ordinary, but who’s going to question it? Especially if the entire organisation gets the same email on the same day…
This payroll diversion scam enables the attackers to access the nexus of your SME banking. Once inside, scammers change the account details and simply wait for payday. When that day comes, nobody has been paid, and you have no money left to pay anyone. This very nasty scam is again targeted at employees. As such, training and awareness is the key to beating it.
Now that we’ve looked at the type of scams you’re up against, let’s talk about turning your organisation into security experts.
We’ve already seen that the majority of scammers see employees as the organisational weak link. There is quite a lot of psychology involved in this approach. Employees are encouraged to be obedient, trusting, and to follow orders from seniors. As such, people are already pre-programmed to behave in the ways that scammers want. With today’s technology, it is very easy for AI generated content to mimic the tone and content of your organisational communication, resulting in a very authentic looking and sounding scam email. As such, even the brightest employees can become a victim.
A powerful employee-led security strategy is to embed a ‘don’t click’ rule into your organisational culture. This means not allowing emails with hyperlinks and asking employees to immediately report any emails that break this rule. If everyone sticks to this golden principle, a scammer will never be able to dupe your team into clicking on a bad link, no matter how authentic the email seems. As such, the risk of phishing and ransomware scams can be dramatically reduced.
Passwords are often considered a necessary evil in the workplace, and employees will settle for whatever is the easiest option. However, changing the psychological response to passwords can be vital in the fight against cybercrime. If your employees are taught to consider their password to be as precious as their personal banking PIN number, they are much less likely to give it away. Adding an automatic reminder to your email template stating that your company will never ask for an employee’s login details or password – the same reminder that banks give – will help to reinforce this practice. This frontline defence strategy straight from the banking sector helps to keep employees safe from payroll diversion scams in particular.
One of the best ways to embed cybersecurity into the heart of your organisation is to talk about it. Cybercrime doesn’t have to be an elephant in the room, or a looming monster in the dark. Instead, consider it for what it is. Just like you have competition for your market space, you have competition for your security. A logical, clear-headed, and cool response is what’s needed. In the same way that you may launch new products, or embark on new projects, turn security into a vision and a goal. Communication is a great weapon against cyber criminals, so get talking.
Cyber criminals think that SMEs are easy prey. To stop your company from becoming a victim, always make sure that you’ve got formidable protection supporting you. Whether it’s just to answer a question, or for detailed security advice, Vantage IT have got your back. Click here to speak with one of our experts today.
