How Des Moines Businesses Can Mitigate the Risks of Online Scams

The email looks legitimate. A vendor needs your company to wire money to pay an outstanding invoice. Your employee checks the records, and yes, there is an outstanding invoice for that amount. So, the employee wires the money.

Except that the money went to scammers, and you still owe your vendor.

While the Des Moines engineering consulting firm that lost $265,000 in this 2021 attack refused to be named, Des Moines cybersecurity firm Pratum confirmed a similar attack that cost an accounting company $400,000.

How can your business avoid falling victim to email compromise scams and other similar attacks? It takes a clear strategy, strong training and vigilance.

Watch for Small Changes: Call and Verify

Email compromise scams, as described above, rely on employees and business leaders not paying close enough attention to details.

For example, they’ll use an email address similar to your vendor but not exactly the same. It might be “companyinc.com” instead of “company.com.” Also, the email will request money to be sent to a different bank account than usual. If the employee replies to the email asking about the change, they’ll be given a vague but plausible excuse.

The key to preventing this kind of scam in your business is simple: call the phone number you already have for the vendor to verify the changes or ensure the invoice has to be paid right now. Never reply to the email for more information since you’ll only be reaching the scammer.

Every request for money should be carefully scrutinized. Training employees about the methods scammers use and the details to watch for is important, but it will only stick if it’s consistently followed up with refresher training, which can significantly reduce the chance of errors in the workplace. Refresher training keeps the information up to date, gives you a chance to add new information or details and increases employee confidence in their understanding of the information.

When employees pay close attention to details, notice changes and then call to verify these changes are legitimate — which they probably aren’t — your company can save hundreds of thousands of dollars.

Protecting Passwords: Password Manager and Mobile Device Plan

Another common scam involves stealing passwords from employees and using that access to get customer information, confidential company details and more from your network.

Bolstering web security and avoiding online scams in your business involves using long, unique passwords and two-factor authentication (2FA), updating software regularly and having high-quality antivirus and antimalware software installed.

However, many times, employees are the weakest link. For example, employees often pick simple passwords despite being educated on the risk because they don’t want to forget their login information.

To avoid this, use a password manager that stores complex passwords and ensure that two-factor authentication is always on. Also, limit the number of password attempts and 2FA requests to avoid bombing and spamming attacks.

Also, a mobile device plan helps protect your business when employees are on the go and requires password protection, data encryption and specific security apps to be installed on mobile devices used for business.

Security Updates: Automate as Much as Possible

Many times, small businesses are specifically targeted by scammers because they are less likely to keep software and security protocols updated. Almost all — 99.3% — of Iowa businesses are considered small businesses because they have less than 500 employees.

The best way to keep up with the software and security updates that keep your business safe is to automate as much as possible. The less human involvement there is, the less likely it is that there will be human error that leaves your company vulnerable.

The right tech can help your business succeed and stay safe. Automation tools can automatically update software patches, install the most recent version of all software, perform backups and monitor for irregular activity on your network. You can also use sophisticated software to trigger an automatic response to a potential cybersecurity incident.

Keep in mind that automation doesn’t mean that humans should be less vigilant or aware of cybersecurity threats or less involved in keeping the company safe. It simply helps reduce the likelihood of human error in specific essential security steps.

How Safe is Your Business from Online Scams?

Keeping your business safe from email fraud, password theft, and other cyberattacks takes preparation and awareness. It’s important to act on the tips above and take steps like creating a security culture, having clear cybersecurity policies and creating a recovery plan if something happens.

As we move forward, scammers get more sophisticated, but so does cybersecurity. Some exciting advances include improvements in AI that can make irregularities easier to discover, an increasing use of biometrics over highly fallible passwords and detection software that can recognize a live person over, say, a photograph in facial recognition.

You’ve poured blood, sweat and tears into making your business successful. Thieves don’t deserve hundreds of thousands of dollars of your money. With the tips above and the exciting cybersecurity innovations on the horizon, you can protect what you’ve built and continue to succeed.

The Greater Des Moines Partnership celebrates the Greater Des Moines (DSM) entrepreneur community and helps small businesses succeed with one-of-a-kind resources and opportunities for networking. Find out how other entrepreneurs have found success by reading their stories and attending local small business events in the region.