Is your business safe? It may not be. Many unscrupulous people operate online in search of new ways to exploit honest people.
I was recently involved in a scam enacted by someone who has yet to identify himself via a freelance website. Due to how personally this affected me and my brand reputation, I decided to write today’s blog post on how to protect your business online.
My personal experience involved Upwork.com, which is a website that boasts of the value of freelance talent.
Well, as the old saying goes: there is nothing more expensive than cheap labor.
Someone posing as me pretending to be a writer / editor from New York took a job writing a book for a client and the results were bad. 3 chapters completely badly plagiarized.
Worse still, they blamed me for the fraudulent work! This person’s profile had my name and photo on it and their client found me (the real me) through a Google search that matched my profile photo. You can imagine the shock I felt when I was falsely accused of scamming someone!
After realizing that this was a clear case of identity theft, I immediately contacted UpWork to have the fake profile removed. This person’s client did the same; we hope they were able to get a full refund of the money spent on the useless book they wrote for them.
Scary things. But compared to what others have found, they are tiny potatoes.
While hiring and supporting local talent has always been my thing, if you have to outsource (overseas or through those freelance sites), then a great idea to protect yourself is to insist on seeing a scan of a government-issued ID. Take your proof of identification one step further and insist on a video conference before committing.
Fraud is on the rise
2016 saw a significant increase in fraud compared to 2015. While figures show that the amount stolen decreased slightly, the volume of theft increased. Much.
While those figures relate more to consumer fraud if you are the seller, it may be out of your pocket if the claim means returning the now-used product to you.
The important thing is that fraud has increased, so you must take steps to prevent yourself and your customers from becoming victims.
How to prevent and report cybercrime
According to The National Cyber Security Alliance, there are several steps you need to take to protect your business and your customers:
• Assess risks
Identify what types of fraud or crime you may be most susceptible to. Do you work with medical information? Financial information?
Even if your business purpose is simply B2C, steps must be taken to protect yourself.
Users who buy through your website trust you to keep their financial information safe, so take steps to do so, such as having SSL installed for any e-commerce or confidential information, and it is advisable not to store it.
• Monitor threats
This can be as simple as making sure that spam messages are not opened or emails with attachments are scanned with some kind of antivirus software. While the software is not 100% effective, it will stop the scams that circulate better.
• Report attacks
If you are the victim of a cyber attack, you will feel frustrated and with good reason.
Currently, Canada is really vulnerable when it comes to cybercrime and your best hope is to call the police. While promises have been made to address this, very little has been done and international criminals are impossible to prosecute.
If you are the victim of a cybercrime, contact your local police and keep your fingers crossed. But the bad news is, you likely won’t get a resolution. This is something to consider if you have been hiring someone abroad.
In the United States, reporting cybercrime is much easier. You communicate with the FBI through this website. They have the ability to tackle international criminals, and recently the United States has cracked down on international crime that operates within its borders.
For those reading from any other country, I encourage you to do your own due diligence regarding the protocol for reporting cybercrimes so that you are prepared should you ever need it.
• Execute a security plan
To do this, the recommendation is to work with your ISP on a cybersecurity plan. While it’s worth talking to your ISP, you should speak to your website hosting company first.
The security of your customer and business information is sensitive, so make sure your host knows that there are things like routine backups of all information made and stored on another server.
Most specialties stay on top of things, but it’s always worth giving them a call for a quick review, especially if you have information relevant to them that can help.
If you have already been a victim, please report it to your host. The information can help others in the future.
• Protect your customers
The suggestion found in this article to scan all USB drives routinely is a good one. Sometimes the information can be airtight behind the most advanced firewall, but it still gets spread.
One of the easiest ways to exploit technology is social engineering. Many times the information is not so much stolen as internally leaked by someone.
Make sure that all software is up to date and that all computers connected to your network are running the most up-to-date version of your operating system.
• Educate your team
This is an easy one.
Have a protocol in place that ensures your employees follow all the steps outlined above.
All computers need to be scanned when connected to a network and also all USB drives.
Most people are used to this by now, so don’t worry about implementing it all of a sudden.
If you take steps to protect yourself, you will be ahead of the game in case something happens. Fighting after you’ve been a victim only helps the people who have robbed you by giving them time to disappear.
The online business is likely to grow even further, and along with it, fraud. The complexity of the scams will evolve and, hopefully, so will the solutions. In the meantime, I hope you have enjoyed these tips and that you never become a victim of cybercrime.