Offering the best products and services to your customers is enough to keep anyone busy. Many small business owners and entrepreneurs are overwhelmed as it is and don’t give online security concerns and fraud prevention much thought. That is, until it happens to them.
In its 2022 report, the ACFE (Association of Certified Fraud Examiners) estimated that businesses lose 5% of their revenue to fraud each year. This amounts to over $3.6 billion in annual losses.
Fraud can come in many forms but failing to protect your business’s online accounts—from email and shopping sites to banking and payment platforms—is among its most common causes. In this article, we cover some of the collateral damage cyberattacks and fraud can cause businesses and a few simple ways to improve the security of your online accounts without going out of pocket.
Fraud means more than just lost funds
Beyond any direct financial losses, businesses that fall victim to fraud or other malicious online activities are often also at risk of:
- Losing customers. Businesses have a responsibility to keep their customers and clients safe. A potential breach in one of your online accounts could expose sensitive, or even confidential or proprietary information about your clients. If they believe you failed to take precautions to protect them, your customers may prefer to stay away from your business altogether.
- Scaring off partners. A cyberattack or hacking incident could harm your business’ reputation and leave potential partners wary of associating their names with yours.
- Damaging their credit score. If someone manages to gain control over an online account that has your credit card details (an e-commerce site, for example), they can easily start spending at your expense. Failing to notice and report these unauthorized transactions as fraud means a higher than usual card balance, resulting in utilization rates that can hurt your score, while also affecting your cash flow.
To help your business avoid these side effects, we’ve outlined some basic and free security measures you can take to minimize exposure.
5 simple and free ways to protect your business from online fraud
Improving your business’s security online doesn’t necessarily mean you have to spend a fortune or hire a specialist. Following these five simple steps will provide your business with some additional security layers for its online accounts that will significantly reduce the risk of hacking and resulting fraud. And, they also won’t cost you a dime.
Turn on email/SMS notifications
Many online services—including your favorite bill pay solution, Melio—offer the option to receive email or text notifications for every action performed in your account. While getting a lot of emails and texts may seem overwhelming at times, it’s one of the easiest ways to make sure you know exactly what’s going on in your accounts in real time.
If that’s too much, most services let you set certain thresholds or rules for these notifications, only sending them, for example, for sign-ins from new devices or for transactions above $1,000.
Change passwords regularly
Unlike a bottle of wine, a good password does not age well. The longer you use a password the bigger your exposure, especially if other members of your team are also using it to log on. Make a habit of resetting all your passwords at least once or twice a year so you have better control over who has them on file.
Use a password manager
Instead of trying to remember all of your passwords by heart, writing them down, or saving them in an unsecured doc file, keep them in a password management service. This way, your passwords will be easy for you to access when you need them but remain hidden from anyone else. Encourage your team members to do the same if they have access to your accounts and passwords. If you’re worried about costs, a simple manager is included for free with most browsers, including Chrome, Safari, and Microsoft Edge.
Another thing a password manager can help with is creating strong passwords. While it’s tempting to use your spouse’s birthday or dog’s name as the go-to password for all accounts, it’s better to follow password best practices to increase security. The main thing you need to make sure of is that every one of your accounts has a good and unique password that’s difficult to guess.
A good password is a random set of at least 8 digits that contains a combination of lower and uppercase letters, numbers, and symbols. Your passwords should look something like this: 9&q4Bm#y. To make things easier for you, your password manager comes with an automatic generator that will suggest strong passwords and keep them secure for you.
Periodically review who has access to your accounts
Some online services allow you to use more than one login to access your account information and perform various actions. Your bookkeeper, for example, may have access to your Melio account through their own username and password. This is a great way to delegate work without sharing your password but it's important to occasionally review the list of people who have access.
Double-check to ensure you know who everyone on the list is and that each person only has the permissions and access necessary for them to do their jobs. It’s also important to check that no former employees or other unintended individuals have access to your accounts and remove any unnecessary authorizations.
Make sure you know who you’re talking (and sending money) to
If you get an unusual email or text from a team member or a customer, especially if it includes a request to transfer funds, it’s crucial to make sure the message actually came from them and is not a phishing attempt.
Make sure you are familiar with the people and companies mentioned and that you actually do business with them. If they are requesting funds, double-check that you know what the payment is for and that the sum and payment details match what you have on file. If the bank account information or any other details that appear in the message are different than the ones you used in the past, be sure to verify them before sending a payment.
The best way to confirm you are in touch with the right person is to call them up and ask directly if they were the ones behind the message. If a live call is not possible, text or email them through the contact details you have on file. Don’t be tempted to reply through the suspicious message, as this communication can be intercepted by a potential attacker.
Better security starts with better habits
Following the tips provided above, will help keep your business’ online accounts safe without having to spend a cent. These strategies are also simple enough to be implemented immediately, without requiring any special training for you or your team. So, clear an hour off your schedule this week to make sure your business accounts are better protected. We promise you it’ll pay off.