Thank you to all of those who participated in the #BizSchemeSOS Twitter Chat co-hosted by Cybercrime Support Network (CSN) and the National Association of Secretaries of State (NASS) on September 2, 2021.
With a potential reach of more than 942K, over 1.5K organic engagements, and almost 300 hashtag mentions, #BizSchemeSOS was an insightful conversation highlighting tips and resources on how businesses can protect themselves from online schemes.
Here are some of our favorite answers from the Twitter chat:
Q1: Protecting businesses from threats starts with assessing risks. What are some important risk factors businesses should keep in mind? #BizSchemeSOS
A1: Businesses should consider how valuable the data they hold is and the age of the systems they use to house that data. If you’re using outdated, unsupported systems, you could be a prime target for a ransomware attack. #BizSchemeSOS
— MaineSOS (@MESecOfState) September 2, 2021
A1: Some of the risks related to business schemes can be phishing, spamming, malware, and ransomware attacks. Others include questionable business awards or directory services, notices for “filing services,” overpayment scams, or credit card fraud. #BizSchemeSOS
— Idaho Secretary of State (@IDSecOfState) September 2, 2021
A1: The more privileges employees have, the more vulnerable a business is to an insider threat. Ensure employees have access to the least amount of info needed to do their jobs and provide a good customer experience. #BizSchemeSOS
— Alex Achten (@Alex_ITRC) September 2, 2021
Q2: What red flags should businesses keep an eye out for online? #BizSchemeSOS
Some red flags businesses should keep an eye out for online would be strange pop-ups, spam/fake emails, internet pages being redirected to another webpage. These may indicate malware or a virus on your business’s website. #BizSchemeSOS
— Women In Government (@WomenInGovt) September 2, 2021
A2: Businesses should be wary of promises that any tool or technology can make their business completely secure. True cybersecurity is an evolving process that includes people and processes along with technology. Cybersecurity is a journey not a destination. #BizSchemeSOS https://t.co/vEyeQjDJ2V
— Cyber Readiness Institute (@Cyber_Readiness) September 2, 2021
A2: Spear phishing or spoofing of emails is a normal practice for scammers. Read and examine emails carefully to make sure you’re communicating with someone you trust so you don’t fall victim to a scheme. #BizSchemeSOS pic.twitter.com/radXIs0VlS
— Iowa Secretary of State Paul Pate (@IowaSOS) September 2, 2021
Q3: Small businesses impacted by business email compromise (BEC) schemes reported $1.8B in total losses to the FBI/IC3 in 2020. How can #BEC be prevented in small businesses? #BizSchemeSOS
A3: Educate employees on how to identify phishing scams! Exercising caution with hyperlinks and attachments as well as verifying email addresses before responding can prevent damages. If you suspect a colleague is being impersonated, reach out by phone to verify the request. pic.twitter.com/zEiEI2GHaV
— WV Secretary of State (@wvsosoffice) September 2, 2021
A3: Businesses should develop a written information security plan that includes educating all employees about how to use strong, secure passwords and how to recognize/prevent email attacks through phishing. An educated workforce can help prevent BEC schemes in any sized business.
— Delaware Department of State (@DEstatedept) September 2, 2021
A3: To protect yourself against BEC: enable multi-factor authentication, invest in phishing protection, business email compromise detection, internal email protection, and account compromise detection.
— Amy Hogan-Burney (@CyberAmyHB) September 2, 2021
Amy Hogan-Burney is the General Manager of the Digital Crimes Unit/Associate General Counsel at Microsoft.
Q4: If a business finds themselves impacted by a business scheme, who should they contact to report the incident? (Hint: Your Secretary of State is one 😉) #BizSchemeSOS
A4: If anyone believes they are a victim of a business scam or wants to learn more, contact the ITRC toll-free by phone 📞 (888.400.5530) or live-chat 🖥️ Just go to https://t.co/WWjTaSwcTk to get started. #BizSchemeSOS @cybersupportnet @NASSorg
— IDTheftCenter (@IDTheftCenter) September 2, 2021
A4: contact BBB and report the scam. Call your local office or report to BBB’s ScamTracker at https://t.co/CY781DmJda. YOUR story can help others avoid the same scam. #ReportReportReport #BizSchemeSOS
— BBB Serving Northern Indiana (@BBBNorthernIN) September 2, 2021
FTC – https://t.co/bnAfc5v3qV
FBI – https://t.co/LaSDbSM7L7
IRS – https://t.co/hCUDedaSC8
Oregon Secretary of State1/2 #BizSchemeSOS
— Oregon Office of Small Business Assistance (@ORBizAdvocate) September 2, 2021
Q5: After a business scheme strikes, it can be difficult for small businesses to recover. If your small business has been affected, visit FightCybercrime.org for recovery steps. What recovery tips do you have for small businesses? #BizSchemeSOS
A5. There are many tools to help a small business recover from a business scheme. The sooner you seek hep the better the chance for recovery! Planning and prevention techniques can save time and money by increasing resilience against nefarious business schemes. #BizSchemeSOS
— KS Sec. of State (@KansasSOS) September 2, 2021
A5: Immediate steps could consist of password changes and other security measures to regain security. Next, contact the Idaho Attorney General Consumer Protection Complaint Office or seek legal advice on further steps to take.
— Idaho Secretary of State (@IDSecOfState) September 2, 2021
Thanks again to all of the organizations and individuals who contributed to a lively Twitter Chat full of tips and resources to help businesses protect themselves from online schemes. Follow @CyberSupportNet on Twitter and subscribe to the CSN newsletter to stay in the loop for future Twitter chats.