Please ensure Javascript is enabled for purposes of website accessibility

Tag: cybersecurity

How to Protect Your Business Against a Data Breach in 2024

We all remember the time period when Chipotle repeatedly had one monumental security breach after another. However, data breaches can happen to big and small businesses alike. Nearly half of cyber-attacks target small businesses and 60% of small companies who experience a significant attack go out of business.

The annual Data Privacy Day on January 28 and Data Privacy Week on January 21-27 is a national effort by the National Cybersecurity Alliance to empower individuals and businesses to respect privacy, safeguard data and enable trust. Data Protection Day commemorates the January 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. This year’s Data Privacy Week theme is: Take Control of Your Data. 

READ: The Rise of Cybersecurity Attacks — What You Need to Know

What are the common causes of a data breach?

An overwhelming majority — a staggering 90% — of data breaches are due to human errors, such as a laptop or phone being accessible and stolen, employers or vendors having access to information they shouldn’t, a statement being mailed to the wrong address or a WiFi account not being encrypted. However, this is actually “good” news. Since such a large percentage of cyber attacks are because of human error, there are steps you can take to mitigate the risk.

How can you prevent a data breach?

The best offense is truly a good defense. Businesses can reduce the risk of cyber attacks by taking these proactive measures:

  1. Make sure your company is Payment Card Industry (PCI) certified. The PCI Data Security Standard is an information security standard to protect credit card data.
  2. Use secure passwords and properly secure your WiFi network. Make sure any passwords on mobile devices are encrypted and strong.
  3. Be skeptical of emails. Question generic greetings (i.e. “Dear Customer”) and threats regarding your financial accounts (i.e. “Please reply within five business days”).
  4. Stay aware of changing techniques for possible data theft. Bluetooth skimmers, RAM scrapers and malware programs are three common methods that thieves use to take advantage of businesses on a regular basis, but crooks are coming up with new methods constantly. During COVID-19, phishing scams increased 50%, according to Security Magazine. Knowledge of the enemy is important in any battle, and fighting to protect customer data is no different.

READ: Secure Your Business in the Digital Age — Essential Data Protection Strategies

What to do if your business is the victim of a data breach?

Sooner is always better. Don’t wait and don’t try to “fix” the situation; you’ll need professionals to step in right away.

  1. Reach out to your financial institution.
  2. Notify your insurance agent or carrier.
  3. Consult local authorities. 
  4. Contact affected customers. Even though some states don’t require you to inform impacted customers, honesty will serve you better in the long run. Incredible as the direct expenses from a data breach can be, reputational harm can also cause irreparable damage to a business.
  5. Make sure services offered to customers fit the nature of the exposed data. If debit or credit card information was exposed, credit monitoring is a waste of money — without a Social Security number, a new credit line cannot be opened via an exposed credit card alone. Inform customers to keep an eye on their accounts and advise they speak to their bank about the breach. Most likely, the affected financial institution will issue a new card.

In 2019, 62 percent of customers were concerned about data breaches at businesses with top worries cited as stolen payment information and account takeovers. For any business, the last thing they need is a devastating data breach. Let’s protect ourselves and give attackers something else to do this year.

Ensuring Business Survival: The Vital Role of Cybersecurity for Small Businesses

Security is important no matter the situation or environment, so why would cybersecurity not be a vital aspect of running a small business? Regardless of the size, stage of growth, product or industry that a small business owner is in, cybersecurity needs to be one of the more important matters attended to.

There are plenty of reasons for this, and while some of those may be obvious, there are other points that tend to be forgotten or overlooked. Much of this is due to the all too regular idea that the odds of such a thing happening are just so small. That is the kind of assumptive attitude that gets businesses into trouble. That alone is why cybersecurity is vital for small business protection.

READ: The FTC Safeguards Rule — Why Your Business Needs to Improve Cybersecurity in 2023

Why investing in Cybersecurity is Important

Cybersecurity has been a challenge to maintain even from its earliest development in the business world, but the more complex, technologically advanced and inventive cyber systems get, so do the criminals.

These developments in information technology and operating systems are double-sided: There are great benefits to individuals, economies and businesses all while creating more opportunities and new ways in which people can be scammed. The only way to protect against such actions is to employ powerful countermeasures.

It does not matter what size a business is, if there are weaknesses for hackers and criminals to find, they will eventually exploit them.

One mistake of small businesses is to assume that their size means the information or assets they possess are not tempting for criminals. While it is true that the larger bank accounts and information databases of large businesses are much more attractive to cyber criminals, it doesn’t mean that smaller companies are immune to disaster. 

READ: Navigating the Cybersecurity Landscape — Protecting B2B Companies from Advanced Cybercrime Tactics

How Financial capital helps with security

A significant difference between major companies and small businesses is that the former has far more capital which can be invested into advanced, powerful and effective systems and teams that are able to effectively manage security.

What is often hard to believe — and upsetting to hear — is that even some of the most impressive and trusted companies, often worth billions of dollars, can have security breaches.

One only needs to listen to the news or do a quick internet search to be reminded of the frequency with which cybercrime occurs. While it is the larger, more shocking data breaches that are what will make headlines, that does not mean that midsize or small businesses are immune to or have been left out of the rising statistics.

According to a report done during the Verizon Data Breach Investigations, around 43% of breaches occur in small businesses.

READ: Protect Your Online Business — Minimizing Cybersecurity Risks in a Remote Environment

Vulnerability of small businesses

The fact that many small businesses may not have such liquidity makes them all the more vulnerable to criminal activity. That makes small businesses easier targets. Lawbreakers know this and thus may be very keen on exploiting low-level security systems. As such, small businesses are vulnerable in a variety of areas:

  • Personal information, whether client or employee, being stored in unprotected systems can be snatched out of something as common as an email account. That information can be resold for healthy profits. Worse still is that there are occasions when businesses and individuals do not even know that their personal information has been compromised. 
  • Intellectual property can often be worth far more than a database of a client’s personal information. Years of hard work can be ruined in seconds.

Being that the odds and potential consequences of a cyber-attack are both high for large or small businesses, it is clear that cybersecurity needs to be a constant, forefront concern in business owner’s minds.

 

Andrew Deen HeadshotAndrew Deen has been a consultant for startups in a number of industries from retail to medical devices and everything in between. He implements lean methodology and is currently writing a book about scaling up business.

Google Partners with Boulder Chamber of Commerce and Downtown Boulder Partnership For Free Cybersecurity Training

Yesterday, Google, the Boulder Chamber of Commerce and Downtown Boulder Partnership hosted a free cybersecurity workshop for small businesses in Boulder. Rep. Joe Neguse attended and spoke about the importance of Colorado businesses learning digital skills.

Eighty-five percent of SMB leaders say that having a cybersecurity plan in place would make them more comfortable using digital tools for their business over the next two years. During the workshop “Cybersecurity and Your Small Business,” small businesses in the Boulder area learned how to identify common risks and cyber threats to protect their businesses and as they grow their online presence.

READ: Navigating the Cybersecurity Landscape: Protecting Colorado B2B Companies from Advanced Cybercrime Tactics

“We are thrilled to partner with Google and the Downtown Boulder Partnership to provide this hands-on training for small businesses in our community,” said Scott Sternberg executive director of the Boulder Economic Council and associate vice president for economic vitality at the Boulder Chamber. “It is critical that companies have access to cybersecurity, project management, data analysis and other certifications to protect and grow their business.”

“There is an incredibly vibrant business community here in Boulder, and we are committed to ensuring those businesses remain strong and continue building their digital skills,” added Melanie Ricci community engagement manager at Downtown Boulder Partnership. “Tapping into vital resources through Grow with Google and strengthening the cybersecurity of small businesses are essential to the health of our economy.”

Google’s cybersecurity workshop was led by Anastasia Kudrez, a Grow with Google small business trainer. In her role, Kudrez provides resources and expertise to small businesses as part of the Grow with Google Partner Program, a free network for local organizations to access a range of training content, tools, and promotional materials, as well as best practices to continue sharing ‘Grow with Google’ resources within their community.

Since 2017, Grow with Google has partnered with 190 organizations in the state to train more than 172,000 Coloradans on digital skills, including organizations such as public libraries, chambers of commerce, community colleges and more. To learn more and sign-up for an upcoming local workshop, please visit: https://grow.google/grow-your-business.

 

About Google in Colorado

Google’s mission is to organize the world’s information and make it universally accessible and useful. Google has proudly called Colorado home for over 15 years, with offices in Boulder and Thornton. Working alongside trusted community institutions across the state, Google has brought digital skills training, grant funding and other resources and services to more Coloradans, including those historically underserved. 

Navigating the Cybersecurity Landscape: Protecting Colorado B2B Companies from Advanced Cybercrime Tactics

B2B companies and organizations in Colorado are at high risk of multiple types of cybercrime. As criminals become more advanced in their tactics, we’ll show you how to prepare by looking at some of the latest global trends like phishing and deepfakes, along with new ways to improve data security. We’ll provide insights into common types of cyber attacks that B2B companies face and practical guidance on how businesses can protect themselves from cyber threats.

READ: Protect Your Online Business — Minimizing Cybersecurity Risks in a Remote Environment

Colorado-based B2Bs are at a heightened risk of cybercrime

According to an article in The Denver Post, Colorado is in the top 10 states for losing money to internet-based crime. Business email compromise turned out to be the most costly form of cybercrime in 2020 — in Colorado as well as nationwide — which means it’s crucial that companies based in the US focus keenly on new cybercrime trends as they emerge.

Business email compromise and phishing

Looking at a study by the Internet Crime Complaint Center (IC3), Colorado businesses appear to be at particular risk of business email compromise. This is a type of phishing that involves convincing an employee with access to your budget to provide sensitive data or transfer funds. Criminals usually do this by pretending to be a boss, IT support worker or someone close to the person they’re targeting. You might note here that staff is trained in noticing phishing red flags, such as poor grammar, spelling or an unknown email address. So why is there still a problem?

Criminals have caught up and are now using AI tools to appear more like genuine people close to their victims. They can also create audio deep fakes in order to emulate the sound of someone talking in videos. The Wall Street Journal reported on one such case where a senior executive was impersonated by a criminal via a deep fake of his voice, enabling them to steal $243,000 worth of funds from a UK-based energy firm.

What’s additionally concerning is that, in a Global Cybercrime Report by SEON, data from 2022 suggested that phishing and pharming were the two most common types of cybercrime, with a victim count of 300,497 in the US alone. According to the report, Cybercrime has generally cost the eCommerce industry a staggering $41.4 billion loss, which is likely a reflection of the fact that only 34% of businesses have invested in fraud prevention technology, according to a report by Juniper. With Colorado being one of the most at-risk states, there’s a high chance you’ll be dealing with these types of cybercrime at some point. We’ll look next at some of the issues that this can cause for you – beyond financial losses.

READ: Secure Your Business in the Digital Age — Essential Data Protection Strategies

The local impact of cybercrime on Colorado Businesses

What’s the local impact of cybercrime on B2Bs? Reputation damage is probably your main concern. Investing in cybercrime prevention technology makes you more likely to preserve a good reputation with the businesses and customers you deal with. Let’s look at some of the options.

How to beat AI phishing

Firstly, let’s look at combating the rise of AI phishing. Forbes suggests that AI tools are a strong bet when looking to beat criminals at their own game. They explain that AI anti-phishing software can be trained to detect what makes a suspicious email on the basis of “email content, context, metadata and trusted behavior.” It can then advise you to block or report a sender on the basis of its decision and can potentially learn from the choices you make about different suspicious emails (such as whether you should block them or not). 

What payment security options are there?

Another key issue for both B2Cs and B2B marketplaces is payment security. If customers don’t think your payments are secure, then they are less likely to use you. Regardless of whether you’re a B2B or a B2C organization, enabling two-factor authentication can help to prevent criminals from making payments via your site.

An article by The Balance explains that you can also use end-to-end card encryption in order to protect your customer’s data from criminals during transactions. Encryption involves providing a customer’s card with a one-time code — via the Europay, Mastercard and Visa (EMV) chip in modern cards — serving as a key that can only be deciphered by the credit card processor. Once it’s deciphered, the payment is processed.

READ: How to Minimize Cybersecurity Risks and Balance Customer Friction for your Online Business

Data protection solutions

As a B2B, you’re handling large quantities of client information (or prospect client information for marketing purposes). This is often contained in databases that could be stored internally, such as on the cloud. Therefore, it’s important to make sure that a firewall protects this data. Another option is using data masking software to protect client data in a similar way to the process of encryption. You can use these tools to mask particularly sensitive information like social security numbers or bank details.

Tackling new types of cybercrime like AI phishing doesn’t have to be daunting with the right tools. Colorado is a high-risk state when it comes to online fraud, so protecting your B2B company from attacks is crucial. By adopting AI tools, establishing multi-factor security for payments and maintaining the use of firewalls, you can ultimately help strengthen your defenses.

 

Tamas Kadar 1The Co-Founder of SEON Fraud Fighters, the Hungarian startup that broke funding records, Tamas Kadar is also the founder of Central Europe’s first crypto exchange. In fact, it was serendipitous events right then that led him to start working on his own fraud prevention company, when he realized what was already on the market didn’t cover his needs. Starting with the bold idea of utilizing digital footprints and social signals to assess customers’ true intentions, SEON promises to democratize the fight against fraud. Today, the company protects 5000+ brands around the world as an industry-agnostic, fully customizable yet intuitive end-to-end fraud prevention solution that’s highly ranked in the industry.

Secure Your Business in the Digital Age: Essential Data Protection Strategies

A robust approach to data protection is essential to running a successful business in the digital age. The rise of big data gives you a better understanding of consumer preferences and can help you identify trends and market pressures before your competitors. 

However, storing and managing data comes with a risk. You’re responsible for protecting the data you keep. Failing to abide by laws can result in hefty fines, as Meta found out after being hit with a $1.2 billion fine for mishandling user information. Keep in mind that Colorado has strict general data protection laws as well. 

Safeguarding your business requires constant vigilance and a strategic approach. If you suspect that your company is vulnerable to a breach, consider reaching out to state-funded organizations like Colorado’s CIAC Cyber Unit Support for help.

READ: Protect Your Online Business — Minimizing Cybersecurity Risks in a Remote Environment

Strengthening protections for consumer data privacy act

The Strengthening Protections for Consumer Data Privacy Act (SPCDPA) came into law in 2018. At its core, the act is designed to protect consumers and promote proactive cybersecurity and data protection across all Colorado businesses. 

Staying up to date with SPCDPA regulations can feel like a chore. However, Colorado companies are still getting hacked today and are falling victim to malicious actors and scammers. Fortunately, you can make the data protection process much easier by automating some of the fundamentals of IT security, like: 

  • Automated patching and updating.
  • Utilize robotic process automation (RPA) to detect vulnerabilities and unauthorized accounts.
  • Back up your data and install automated programs that can recover data in the event of a crash/hack.

Automating these functions will save your IT team time and minimize your risk of a data breach. In the event of a breach, automated programs, like RPA, may even be able to detect unusual activity and shut down unauthorized accounts before personal data is stolen from your servers. 

READ: How to Minimize Cybersecurity Risks and Balance Customer Friction for your Online Business

Account security

Colorado is a national hotspot for remote work. Nearly one in four Coloradans work remotely, as working from home jumped by 23.7% over the course of the pandemic. While the rise of digital work is good for employees, working from home may pose a significant data security risk for Colorado-based businesses. 

You can safeguard your firm and protect your business’s data by improving account security and minimizing the risk of unauthorized access. Use the best password policies today — including regular password changes and auditing your accounts to check for a breach — to mitigate the risk of malicious actors forcing their way into your company.

You can further improve your account security by limiting access and conducting employee training. You can even test your employees’ abilities to detect a phishing scam by running an attack simulator with Google. This will help your IT team spot vulnerabilities and improve your company’s ability to detect suspicious activity in the event of a real attack. 

Safeguarding Sensitive Information

Cyberattacks can take many forms. Common attacks, like phishing, spoofing and code-injection accounts, will test your procedures and may push your data protection plan to the limit. 

Improve your data protection plan by classifying data before you store it. Personally identifiable information (PII) should be kept behind the tightest of protections and should only be available to users who clear security checks and are deemed to have necessary reasons for access. 

You should also have a plan in place to protect physical documents that involve data. Shredding your sensitive documents can protect against insider attacks and ensure that on-site visitors don’t get a view of PPI. Complete an inventory check and safely secure any documents that you decide to keep on file.  

Consider encrypting the data that you plan to store for any length of time. Encryptions can be cracked but may slow malicious actors down during the process. Encryption can even give you time to recover stolen data and may aid your efforts to recover after a breach. If you suspect you’ve been the victim of a breach, you can find support via governmental organizations like: 

  • Governor’s Cybersecurity Council.
  • CIAC’s cyber unit.
  • Colorado Threat Information Sharing (CTIS) network.
  • Multi-State ISAC.
  • Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

These organizations are designed to serve Colorado businesses during the digital age. They can offer support, firm up your best practices and help you respond to attacks and data breaches.

READ: Increased Cybersecurity Risks Are a Threat to Corporate Governance

The bottom line 

Safeguarding the data you gather is an essential part of your business operations in the digital age. Stay up to date with Colorado data protection acts by taking a proactive approach to cybersecurity and PII. If you suspect you’ve been targeted by a hack, consider reaching out to organizations like the CIAC’s cyber unit for support.

 

Indiana Lee Bio PictureIndiana Lee is a writer, reader, and jigsaw puzzle enthusiast from the Pacific Northwest. An expert on business operations, leadership, marketing, and lifestyle, you can connect with her on LinkedIn.

Entrepreneur of 2023 Finalist — Rob Eggebrecht

Eggebrecht, 52, “rode the telecom wave” with Qwest and Level 3 in the 1990s before moving into cybersecurity in the early 2000s. A startup, an exit and a consulting stint with Deloitte later, he co-founded Cloudrise in 2019. 

The provider of data protection services has since raised $10 million in funding and grown to 55 employees. Eggebrecht forecasts revenue will hit $15 million in 2023. 

One investor, the Greater Colorado Venture Fund, convinced Eggebrecht to move his family and the company to Grand Junction as part of the deal in late 2020. “When we first founded Cloudrise, it was going to be based in Denver,” Eggebrecht says. “Of all places, Cloudrise is headquartered in Grand Junction, and I’m really proud of that.” 

An avid skier and mountain biker, Eggebrecht says he’s relished the move for access to the outdoors. He’s also gotten involved in community development as industry advisory council chairman for Colorado Mesa University’s cybersecurity and computer science programs. 

He sees an opportunity to build a pipeline of talent, with students transitioning to cybersecurity careers via the internal Cloudrise University. “There’s a tremendous opportunity,” Eggebrecht says. “We can provide jobs here in the community that are high-paying and sticky, and if they want to go and expand beyond Grand Junction, we can provide them an avenue to go beyond that. It’s really cool. It’s fun.” 

The plan is to expand Cloudrise to similar locations in the West. “In rural communities, we could have a revival with our own tech if we just stop looking outside of the borders,” Eggebrecht says. “Our business plan calls for expansion in rural communities.” 

His advice to fellow entrepreneurs: “Plan for the future, operate day by day. A lot of entrepreneurs get way ahead of their skis. You can plan for the future, but every day I just wake up and figure out what I can do for that day.”

 

Denver-based writer Eric Peterson is the author of Frommer’s Colorado, Frommer’s Montana & Wyoming, Frommer’s Yellowstone & Grand Teton National Parks and the Ramble series of guidebooks, featuring first-person travelogues covering everything from atomic landmarks in New Mexico to celebrity gone wrong in Hollywood. Peterson has also recently written about backpacking in Yosemite, cross-country skiing in Yellowstone and downhill skiing in Colorado for such publications as Denver’s Westword and The New York Daily News. He can be reached at [email protected]

Protect Your Online Business: Minimizing Cybersecurity Risks in a Remote Environment

Cybersecurity risks can do significant damage to your business. Not only do they risk your own time, money and information, but they can also be harmful to your customers. The Marriott breach that made international headlines several years ago compromised the personal data of hundreds of millions of people. 

Your remote business probably isn’t operating at quite such a large scale. Nevertheless, if you lose people’s private information, it will come at the cost of your clients, and your reputation. You don’t want that. 

READ: How to Minimize Cybersecurity Risks and Balance Customer Friction for Your Online Business

The remote business problem

Remote businesses are not necessarily uniquely vulnerable to cyber threats save for one factor — they do not have a brick-and-mortar location, so every action you make takes place online. This gives you more vulnerability. 

With no centralized location, you are subject to your team member’s decisions. The phrase “you’re only as good as your weakest link,” definitely applies here.

Hackers don’t need very much to get in. One mistake even from a low-ranking member of your team can be all that a bad actor needs to gain access to your entire system. Once they are in, it’s an enormous amount of trouble trying to get them out. 

Denial of service attacks

Denial of service attacks aren’t as destructive as they are disruptive. Basically, DoS attacks flood your computer system with hundreds of thousands of fake requests. While your computer is overwhelmed, it can’t function the way it is supposed to. 

Even a relatively simple denial of service attack can knock you out for several days. They also may require professional intervention. DoS mitigation companies can set you back hundreds of dollars, further increasing the damage done. 

Phishing emails

Most people think that they are above phishing emails. You know that if an African prince writes you up asking for money, you’re better off politely declining their request. But what if Amazon writes in to tell you that your preferred payment method has been declined on your Audible account? Or if Microsoft writes to let you know that they are currently processing your subscription renewal payment for $1000?

These emails look like they came from brands you use and trust. The fonts and formats are the same. The email addresses look legitimate. But they are designed to trick you into handing out sensitive information. 

In your right mind, you probably know that Microsoft doesn’t just charge people $1000 for no reason. However, when you get that message saying you’re on the hook for a huge bill, it naturally initiates a panic response. You don’t think clearly, and you make mistakes. 

READ: Prioritizing Cybersecurity When Building Your Company Website

Ransomware

Ransomware attacks hold your computer or personal information hostage in exchange for money. These attacks usually target large businesses or even countries, but private individuals and small businesses have been known to experience them as well. 

Of course, there’s no winning here. People who would break into your computer and demand money can’t be trusted to leave you alone once you pay them. It’s almost always better to repair or replace your system once it falls victim to ransomware. 

Complacency

This may sound like an “only you can prevent forest fires,” type of line, but it’s true. Complacency is the biggest threat to cybersecurity for small businesses, and even for powerful organizations and countries. Almost all of the major breaches that you hear about in the news happen because someone got careless. 

Well, ok. Not actually all of them, though. For example, I read about this thing that happened in Ireland a couple of years ago. You wouldn’t—

You must mean when Russian hackers broke into Ireland’s national health network? They locked the government out of their own computers for months and published hundreds of people’s personal data online as part of a cyber terrorism initiative. 

Yeah. Terrible stuff. But you can’t blame complacency for something that big. 

Oh no? It happened after a relatively minor-ranking government official opened the wrong email. We could go on and on naming specific examples, but you’ll find the same story playing out time after time. People let their guard down, and they forget to exercise their usual caution. It’s common, and it’s also catastrophic. 

Don’t let that happen to you. Stay on top of your cybersecurity risks to help keep your business going strong. You don’t have to be a software engineer to make sensible cyber-security choices. A little common sense can go a long way toward protecting you and your customers. 

 

Andrew Deen HeadshotAndrew Deen has been a consultant for startups in a number of industries from retail to medical devices and everything in between. He implements lean methodology and is currently writing a book about scaling up business.

Combatting E-commerce Fraud: Best Practices for Fraud Prevention in Online Sales

With the fast-paced growth of online sales, e-commerce fraud risks are higher than ever. Fraudsters attack online shoppers and e-commerce stores, causing customer dissatisfaction and revenue losses for merchants. Remarkably, the total cost of fraud is on average much greater than the value of the goods sold. Signifyd’s State of Fraud 2023 report claims that every $100 in fraudulent orders results in $207 in tangible losses for online retailers.

To achieve high e-commerce cybersecurity levels, online store owners should take timely and effective fraud prevention steps.

READ: How to Minimize Cybersecurity Risks and Balance Customer Friction for your Online Business

What is e-commerce fraud?

E-commerce fraud is an illegal, deceptive activity on an e-commerce website where a fraudster impersonates a legitimate user to achieve personal or financial gain. In contrast to fraud at brick-and-mortar stores, in e-commerce offenders can use personal and credit card information for online transactions without producing a physical card.

How to detect e-commerce fraud

To be able to combat fraud, e-commerce merchants first need to identify it. Here is a checklist of red flags to help spot fraudulent activities on your e-commerce website.

  • Inconsistent order data (e.g., mismatched zip code and city)
  • Larger than average order volume
  • Multiple orders from different credit cards
  • Repeated declined transactions
  • Orders coming from unusual locations
  • Different billing and shipping addresses
  • PO box shipping addresses instead of physical locations

8 best fraud prevention practices

Merchants around the world are increasingly relying on e-commerce fraud management, with almost 90% of companies finding it very or extremely important to their overall business strategy. By adopting the following best practices, retailers can minimize the risk of fraud for their e-commerce websites.

READ: The FTC Safeguards Rule — Why Your Business Needs to Improve Cyber Security in 2023

1. Implement fraud detection tools

E-commerce businesses can implement ready-made fraud detection solutions to identify red-flag transactions and protect themselves and their customers from fraud. In particular, fraud detection tools enhanced with machine learning capabilities can effectively recognize suspicious account activity, detect the most common fraud patterns and predict fraudulent actions.

2. Comply with the PCI standard

All businesses dealing with online payments have to adhere to the Payment Card Industry Data Security Standard (PCI DSS) to ensure that credit card and cardholder details are stored and processed safely. While the PCI compliance level can vary depending on a business’s transaction volume, all merchants fulfilling the principal requirements will be less likely to suffer from fraud.

3. Use verification software

The verification software helps merchants identify billing, shipping, or card details inconsistencies. For example, an address verification system (AVS) verifies the customer’s billing address against the cardholder’s address filed with the issuing bank. If the addresses don’t match, which happens when fraudsters use multiple stolen cards to order goods to a single address, the AVS declines the transaction or flags it for manual review.

Another verification method involves checking security numbers written on the back of payment cards, such as card verification value (CVV), card security code (CSC) and card verification number (CVN). Store owners can ask customers to submit the security code at the checkout page, making sure the customer has their physical card.

4. Limit order quantities

By analyzing previous sales data, merchants can define the average daily order volume and cash value to set purchase limits. Orders beyond this limit should be automatically blocked to reduce the risk of fraud.

5. Collect proof of delivery

To protect against false claims of non-delivery and refund abuse, e-commerce merchants can cooperate with reliable logistics partners that provide tracking numbers or proofs of delivery like a customer’s signature or photos of delivered packages.

6. Tighten your return policies

Ambiguous return policy terms and conditions can allow scammers to easily exploit the returns system. Therefore, a store’s return policy should describe in straightforward terms what qualifies as a return, what refund options the seller offers (e.g., a product exchange or store credit instead of cash) and how the seller handles the entire returns process.

7. Be particularly alert during peak shopping seasons

Since people buy more from e-commerce stores around Black Friday, Cyber Monday and December holidays, they often overlook security measures. Predictably, fraudsters become highly active during these busy times, hoping merchants won’t be vigilant enough to detect fraud among the skyrocketing number of orders.

Businesses should prepare the staff and fraud prevention system for peak shopping times and be careful when handling rush orders, numerous low-value purchases and possible foreign orders, which all can be a sign of fraudulent behavior.

READ: Top 5 Ways to Ensure Cyber Security During the Holidays

8. Create blocklists

A good practice for warding off repeat offenders is to add customers with unusual activity to blocklists and ban them from future transactions with the e-commerce website. Usually, blocklists contain names, credit card details, shipping, email and IP addresses spotted in suspicious transactions. When the information from a new order matches the list, such transactions will be automatically blocked.

However, this tactic requires caution because a legitimate customer can unknowingly use a credit card previously marked as fraudulent. In this case, blocking the order without explanation can discourage the consumer from returning to your online store.

The bottom line

Modern e-commerce fraudsters can employ an array of tactics, so merchants have to keep modernizing their security methods to keep payments and orders safe. The first step is to implement comprehensive anti-fraud technology to detect and avert malicious actions. Next, e-commerce companies should adopt and closely follow fraud prevention strategies to minimize risks. In the long run, these efforts will enable merchants to protect their customers and revenue as well as the future of their online business.

 

Stan PopovichStan Popovich is the author of the popular managing fear book, “A Layman’s Guide to Managing Fear”. For more information about Stan’s book and to get some free mental health advice, please visit Stan’s website at www.managingfear.com

How to Minimize Cybersecurity Risks and Balance Customer Friction for Your Online Business

If you launch an online business or want to improve your existing brand, you must set up a good security system, not just to minimize cybersecurity risks, but also to compete with established rivals.

In addition to a shared customer base, your competition may already have a productive balance between security and friction that keeps their business safe without driving people away. That’s the standard you should aim for to avoid losing traffic to competitors.

It seems easier said than done, but there are a few key strategies that can help you plan the ideal cybersecurity system for your business and customers.

READ: The FTC Safeguards Rule — Why Your Business Needs to Improve Cyber Security in 2023

Understand and Minimize Cybersecurity Risks

Do you run an e-shop, banking service or website that stores medical records? Each type of domain may have something of interest to criminals, such as personal data that can be used fraudulently or by account hackers who can exploit such information for money or access to otherwise secure systems.

Think about what assets could attract bad actors to your online business and read up on threats you could face down the line, as well as the damage they’d cause if successful.

Take synthetic identity fraud, for example — also known as sleeper fraud or credit bust-out fraud. It uses IDs made of both fake and real details that were stolen, but they can also be a combination of real information, or even completely manufactured by an algorithm that creates sequences, such as fake social security numbers, with randomized data.

Statistics show that up to 95% of legacy security systems can’t spot synthetic IDs. As a result, they cause around 80% of credit card fraud losses.

But how does knowing about this threat improve your security? For one, you learn just how valuable stolen data can be, but also what it can do in the hands of fraudsters. They can take out loans, file insurance claims, grab more sensitive details and more.

As a business owner, you come to terms with the importance of fraud detection and, with further research into the workings of different cybercrimes, you should be able to find the best possible suite for your platform.

READ: Increased Cybersecurity Risks Are a Threat to Corporate Governance

Go for a Multi-Layered Security System

There are too many threats to online businesses to justify relying on basic cybersecurity and manual checks — even more so as your platform grows in popularity.

It’s telling that less than 40% of consumers in the US, UK, Germany, and France felt they could trust businesses’ ability to counter scams in 2021, according to Statista. To ensure your customers are secure and confident in your services, focus on attaining improved fraud prevention measures.

The same statistics reported that processes like card verification number (CVN) and email verification make a difference, but don’t hesitate to make your KYC system even more sophisticated.

If you have data or tools that criminals would want to get their hands on, protect your business records with additional measures like encryption, two-factor authentication, device fingerprinting, data enrichment, and intensive training in online security.

Set Internal Safeguards

The biggest question is: How do you balance multi-layered security and frictionless user experience for customers and staff? Start by taking responsibility for part of your cybersecurity.

For starters, know that the most common cybercrimes to safeguard your business from include phishing and identity theft, both of which could be tackled manually if you know what you’re looking for.

For instance, your business should train employees on how to spot and report suspicious transaction patterns, as well as what phishing messages would look like and how to protect their passwords.

Build on this foundation with regularly updated software that scans for malware and vulnerabilities, while also checking credentials without needing too much input from customers or even potential employees.

Prepare yourself for the latter scenario as insider fraud cost businesses 5% of their annual revenue in 2020.

Choose Customer Security Checks that Limit Friction

Just using reverse email or phone lookup tools can spare your users unnecessary trouble and give you plenty of information to verify their identity and purpose. Look for this balance in your security efforts.

Advanced options like device fingerprinting can be frictionless, too. Such systems collect information about a device and its configurations, including the presence of proxies or emulators. This is especially useful as many people use these technologies alongside VPNs for nefarious purposes.

The Bottom Line

With all this in mind, it’s clear that moving onto a more complex digital footprint, behavior or other types of analyses will minimize cybersecurity risks — just don’t let the friction overwhelm your users.

 

Jimmy FongJimmy Fong, CCO at SEON, is a young veteran in the fraud detection space. The last three leading fraud and payments startups he has been involved in have been acquired by Visa, Ingenico, and American Express. He’s a regular speaker on disruptive technology in the fintech space and a massive advocate of flattening the tech barrier for merchants and financial institutions to fight fraud effectively. A graduate of Edinburgh University, he looks to marry his passion for tech with doing a bit of good in the world.

What’s Driving Up the Cost of Cyber Insurance? 

The first half of 2022 saw a 52% increase in detected cyber threats versus the same period a year ago, signaling that companies must invest in a robust toolset of cybersecurity protections.  The average ransomware payment rose 72% over the last year, not including additional mitigation costs.

READ — Prioritizing Cybersecurity When Building Your Company Website

While cybersecurity incidents are increasing, businesses and insurance companies can work together to manage risks and implement practices to protect against possible attacks.

The Impact on Cyber Insurance

The frequency and magnitude of cyber attacks have directly led to a rise in cyber insurance costs. Premiums grew by 74% in 2021, indicating that companies shouldn’t anticipate premium cost relief any time soon. According to a recent IBM report, the average cost of a data breach in 2022 is a staggering $4.35 million. Cyber insurance providers balance the skyrocketing costs of remediation efforts while ensuring companies are protected against possible losses.

The massive costs associated with a data breach illustrate the need for businesses of all sizes to find a cyber insurance option that fits their organization. Cyber insurance policies are nuanced because each business has a unique set of potential risks and coverage needs. Insurance companies must consider the possible ramifications of a data breach, as well as what processes a company has in place to mitigate potential cyberattacks.

READ — Increased Cybersecurity Risks Are a Threat to Corporate Governance

Cyber insurance policies generally cover business interruption, security and legal incident response, systems restoration, ransom payments, and other associated costs. Keep in mind that each policy is different, so coverages vary.

Steps to Protect Against Cyber Attacks

Proactivity is the best defense against digital threats. Just as cybercriminals evolve their tactics, IT and security teams have to evolve their approach. When you apply for a cyber insurance policy, your insurer will want to see strong, documented evidence of data protection policies and procedures. Having a solid plan in place can help you and your insurance company better manage the cost of your policy.

Examples of security strategies include:

  • Ensuring all employees use multi-factor authentication.
  • Continually updating security procedures and plans in the event of a cyber attack.
  • Offering ongoing training and education to ensure your employees are up-to-date on the latest information on phishing attempts, ransomware and other cyber threats.
  • Using anti-virus software and email filtering.
  • Documenting policies around user access and permissions.
  • Ensuring vendors and third parties have security practices in place.

What to Expect When Applying for Cyber Insurance

If you are preparing to apply for cyber insurance or renew your current policy, you’ll have to answer an enhanced set of questions before your policy is issued. Talk with your insurance advisor about what to expect — these questions are an opportunity to identify potential weak spots and implement stronger protocols to better protect your business.

Sample questions include:

  • How often do you perform backups and where is the information stored? 
  • What is your user management policy? 
  • What type of cybersecurity training do you provide employees and how often is it updated? 
  • Do you use two-factor or multi-factor authentication? 
  • What steps are you taking to actively protect against phishing and ransomware attacks?

With costs rising and underwriting guidelines tightening, start talking about your policies and renewals early to allow time to prepare for expanded questions about your company’s security approach. With premium increases across the board, companies can better manage costs by strengthening their security infrastructure and building documented procedures to better position themselves against cyberattacks.

At CCIG, we’re helping our clients stay future-ready by asking the right questions and collaborating with industry experts. Through our partnership with FRSecure, CCIG offers risk assessments, audit prep, penetration testing, and CSIRT risk registration to help our clients minimize risk and improve security programs.

While we can’t predict the future, we can prepare for it. Leverage the expertise of your insurance advisor to identify strategies and practices to maximize your coverage options while effectively managing your costs. Contact [email protected] or call (303) 799-0110 to get in touch with an advisor.

 

SpencermahoneySpencer Mahoney oversees carrier relations, IT, marketing and employee engagement at CCIG. Spencer – who started his career in Boston as a commercial broker in the Life Science space before moving to Denver in 2017 – also heads CCIG’s Life Science and Technology Practice areas. A business graduate of the University of Arizona, he’s a board member of the Colorado Uplift, the Insurance Charitable Foundation (IIFC) and NephCure Colorado.