Table of Contents
From Dollar One — Chapter 3: Protect What You’ve Built
Protect What You’ve Built
You built your business. It’s only natural that you want to protect it, too.
Digital security is one of those things you might not always find time to focus on when you’re busy growing your business.
Listen to this chapter on SoundCloud
With threats growing more and more sophisticated, there really is no way around it: You have to take an active approach to digital security and fraud prevention — because even one successful scam could deal a serious blow to your bottom line.
Fraud is the use of deception — like giving someone false information or pretending you’re someone else — in order to deprive the target of something valuable (whether that’s money or something less tangible, like control over your digital accounts).
As an entrepreneur, becoming a victim of fraud can put your social channels in the hands of someone malicious, who can then distort your messages to your followers. Fraud can mean getting your bank account cleared out. Or, it can mean losing your customers' trust.
How can you help avoid these pitfalls? By learning (from others) and listening (to yourself). Listening to yourself means trusting your instincts: Ultimately, your last line of defence against fraud is the little voice inside you that speaks up when something doesn't quite seem right. And to make sure that inner voice is prepared, it's important to learn what risks are out there for you as an entrepreneur, and what the experts say about how to help avoid them.
That's why this chapter includes tips and resources to help secure your business: It will empower you to help spot scams and take your business’s digital security and fraud prevention into your own hands.
Now let's get into the specifics:
1.Protect yourself by learning how to spot common scams
2.Selling safely through online marketplaces
3.Be proactive with a digital security checkup
4.Use secure services for your transactions
1. Protect yourself by learning how to spot common scams
Scams have become sophisticated.
Unfortunately, recognizing them has become a necessary skill for entrepreneurs.
Fortunately, you can do it if you stay alert, and stay informed about the ways that fraudsters might try to take advantage of you.
When we’re talking about digital security, knowledge really is power: the power to protect your business and the revenue it brings you.
Let’s start by getting you up to speed. Here are some of the ways criminals prey on entrepreneurs — and definitions of some tips and tools to help prevent them.
When you get a message that appears to come from a trustworthy person or business, but it's actually a fraudster trying to lure you to a phony website or portal so you'll enter your sensitive information (like a login and password for your bank), that's a phishing scam. (You're the "phish" and the message is the bait. Get it?) Avoid them by carefully checking URLs, and/or separately contacting the (supposed) sender to check if a message is legit before sharing any info.
Also known as "spear phishing," whaling is like phishing but in a workplace context. So for example, a message supposedly comes from an employee asking you to do something — but it's a hacker trying to get you to compromise the company. If you're an entrepreneur, it’s your job to train any staff or contractors on recognizing genuine communications.
Email accounts are a central hub for your communications, especially when you’re running a business — so there are plenty of ways cybercriminals can cause havoc if they infiltrate your account(s), like reading sensitive info or intercepting money transfers. Take advantage of security features to protect yourself.
A lot of fraudsters try to trick people into revealing sensitive information (like account details) or transferring money by posing as the target’s bank — often using convincing logos, brand colours and so on. Verify any unexpected messages before acting on them, and once again scrutinize URLs carefully.
Package delivery scams
Everyone loves receiving a package, but beware: Scammers send fake delivery notices to deceive recipients into clicking malicious links, paying phony fees (posing as legitimate duty fees and other costs), or providing personal details. Call the courier company to verify messages about unexpected deliveries or fees before you do anything. And note that Canada Post doesn’t send unsolicited messages about packages or request personal information online.
Have you met someone who’s too charming and helpful to be true? Social engineering is a term for scams that involve establishing a relationship with the target and lulling them into a sense of comfort so you’ll drop your guard (they sometimes also use fear and threats) — so you’ll reveal information or do something that will benefit the scammer. Be on the alert for urgent requests from people you haven’t known very long.
Criminals can run scams involving cheques a few different ways, including using fake cheques, making purchases beyond what they can afford (and then disappearing, leaving you with a bounced cheque), or altering a target’s cheque with a higher amount. The easiest way to stay safe? Don’t use cheques.
Wire payment fraud
Scammers use social engineering, fake invoices and other deceptions to coax the target into sending a large amount of money (which isn’t actually owed, of course) via bank-to-bank wire transfer. It’s important to scrutinize requests for big payments really carefully to make sure they’re actually owed, and they’re headed to the right recipient. Some fraud experts advise not using wire transfers at all because of the risk.
Online marketplace scams
Criminals posing as online marketplace buyers use a few different tricks to deceive sellers. These include asking for a phone number (which they use to take control of your phone) and sending phony money transfer links (two ways to avoid this pitfall are to examine URLs carefully, and to sign up for Interac e-Transfer Autodeposit). Read more about online marketplaces below.
2. Selling safely through online marketplaces
Online marketplaces — where ordinary people (and startup businesses) can list goods and services to buy and sell — can be an effective way to connect with your growing customer base, especially for entrepreneurs who are just getting off the ground.
While most people contacting sellers on online marketplaces are just there to find good deals in their community, a few of them are out to defraud sellers — which creates an element of risk. Thankfully, you can take the steps below to help prevent problems (and for more info, see our full guide to buying and selling securely via online marketplaces here).
Take precautions when selling your goods: For example, meet buyers in a safe place (in some cities, your local police may offer monitored safe spaces specifically designated for marketplace exchanges).
Interac e-Transfer gives you security features that will help you in your marketplace transactions. (You can learn more about the overall security benefits of Interac e-Transfer below.)
Use Interac e-Transfer to make marketplace selling safer (and easier)
- Use Interac e-Transfer to help make the transaction convenient for both parties.
- If you use Interac e-Transfer, you won’t have to face the risk of sellers using counterfeit cash, fake cheques or other payment-related fraud.
- With Interac e-Transfer, you’ll automatically have a digital record of all of your transactions so you can keep track.
Keep these tips in mind for safe marketplace transactions using Interac e-Transfer…
Use Interac e-Transfer Autodeposit
If you have the Autodeposit feature set up, the payments you receive are directly deposited into your bank account with no additional steps or passwords needed. This can help prevent email interception fraud.
Make sure the money’s moving the right way
Some scammers posing as buyers try to trick sellers into sending money instead of receiving it. Check money-related messages carefully. If you’re prompted to respond to a message relating to a money transfer when you’re the seller in a transaction, make sure you’re accepting a payment and not responding to a payment request!
Check your account before you say bye
To be extra sure you have the money you’re supposed to have, check your bank account balance before you send the buyer on their way.
3. Be proactive with a digital security checkup
Just as you would schedule a checkup with a doctor, it’s a great idea to set yourself reminders to perform periodic digital security self-assessments (say, once a quarter).
It won’t take you much time (especially after you get the hang of it), and it could save you a lot of trouble if it prevents you from falling victim to even one fraud attempt. Here’s a step-by-step guide to performing a digital security self-checkup for entrepreneurs, in four key areas where you could be vulnerable.
Email and bank accounts:
Start by locking down your two most important (and vulnerable) access points for potential fraud attempts.
Step 1: Review your passwords across your email, bank and other critical accounts. Make sure the passwords are strong, unique, and have not been duplicated across multiple accounts. If not, change them. (Tip: Strong passwords are often “ugly,” with a mix of upper- and lowercase letters, numbers and symbols.)
Step 2: Set up two-factor or multi-factor authentication on your accounts when available (as it often is for email and bank accounts).
Change your passwords regularly. (Consider setting a three-month reminder.) And consider setting up separate business and personal accounts to help contain the damage from any security issues that might happen.
For a lot of small businesses, your online identity pretty much is your business. The last thing you want is for someone to hijack your social accounts. So follow these steps to help strike a balance between sharing online with customers but not oversharing in a way that attracts hackers.
Step 1: Review your data privacy settings on platforms. When in doubt, lock it down. (For example, don’t show your date of birth.)
Step 2: Enable two-/multi-factor authentication wherever it’s available.
Step 3: Verify the account recovery contact details (make sure they’re up to date, and you’re in control as the business owner).
Step 4: Look at what personal details you’re sharing online. Are there any that you’d rather keep out of hackers’ hands? Could your passwords be guessed from your profile or posts? (Hint: Don’t use your pets’ or kids’ names as passwords.)
Any physical electronic devices you use for your business — mobile phones and laptops, for example — should also be safeguarded for the sake of your data protection.
Step 1: Make sure your devices are set up to require a password to log in. (Biometrics too, if that applies.)
Step 2: Check for software and operating system updates. Are they set to download automatically? Staying up to date can help ensure that you have the latest digital security settings and all bug fixes installed.
Step 3: Consider installing anti-virus software on your devices. The Canadian government recommends making sure your chosen software will scan for malware and malicious sites, while also monitoring any suspicious activity on your device. They also advise you to check the credentials on any free anti-virus software (ask an IT whiz if you’re not qualified — which, realistically, you might not be!).
Ongoing: Change your passwords regularly. And while you may love your favourite coffee shop, avoid completing sensitive tasks on public WiFi.
You can’t literally hold it, but you have to protect the data that lives in the cloud — so it doesn’t end up in someone else’s hands.
Step 1: Your business data is valuable, and it belongs to you. Vet your cloud service provider carefully by finding out, or asking for, its data protection policies. Consider consulting an expert for advice about who’s a trustworthy cloud service provider.
Step 2: It’s essential to safeguard your customers’ data, too. If you store any client data (especially sensitive information), get advice from specialized legal counsel to make sure you’re doing everything that’s required to keep the data secure.
Step 3: Be careful what you leave in the cloud. Delete old files you don’t need anymore, especially if they contain sensitive information.
Ongoing: Log out of your cloud services when you’re not using them.
And if you employ staff or contractors…
Train them in fraud and security.
Conduct regular training sessions to educate your staff about common online threats like phishing. To avoid falling victim to cyberattacks, make sure they know how to recognize suspicious emails and links.
Remember: You’re the main line of defense.
When you’re using software that uses different tiers of access levels, assign unique accounts for each user, and only give staff and contractors the level of software access they need to do their jobs.
4. Use secure services for your transactions
The all-important task of getting paid is another area where security is a major consideration. But speed and convenience matter too — you want to get paid fast, right? By using Interac e-Transfer as a go-to for money transfers, entrepreneurs can ensure transactions are fast as well as secure (not to mention taking advantage of convenient features that you don’t get with traditional methods like cheques and cash).
It’s a good idea to use Interac e-Transfer Request Money to help you get paid: Not only because it nudges your clients to send you money, but also because it encourages them to use a secure method to pay you. (See how to use it here.)
Security advantages of Interac e-Transfer
- Uses bank-grade security, including encryption, to keep transactions secure.
- Interac uses a proprietary fraud detection system.
- Transactions are fast, helping you track your finances and spot anything that doesn’t look right.
- There’s no physical exchange, mitigating the concerns associated with lost or stolen cash or cheques.
Set up Interac e-Transfer Autodeposit for an extra layer of security
Did you know Interac e-Transfer Autodeposit can help keep your transactions secure?
Once you enable the Autodeposit feature, your incoming transfers will be automatically deposited in your account, following routine fraud checks by your financial institution.
Not only will there be fewer steps to complete your transfer (meaning you get paid just a little bit faster!), you bypass the email step — that means any fraudsters who have gained access to your email account won’t be able to intercept the message and divert the funds.
Accept Interac Debit as a secure method of payment
If your business involves retail or other face-to-face transactions with your customers, you obviously want to make sure your sales transactions are convenient and secure.
Interac Debit is a fast and convenient payment method that offers both you and your customers sophisticated security features to protect your transactions. It has security features designed to protect businesses like yours.
Bonus: With Interac Debit there are no chargebacks: The payment moves from the cardholder’s account to yours in real time.
Security features of Interac Debit
- Uses EMV® chip processing for contactless transactions, which makes it nearly impossible to create counterfeit cards and protects you against fraudulent activity.
- Contactless transactions are also secured in part by transaction limits.
- Other in-person transactions use secure chip-and-PIN processing.
- Real-time payment from the cardholder’s account (which means no inconvenient chargebacks for merchants — that’s you).
Use Interac Verified when available
Interac Verified enables businesses to digitally verify potential customer and client data. This could include using the personal information they’ve already provided to their financial institutions. It’s a service that makes it easier for Canadians to prove they are who they say they are.
One way you can use Interac Verified today as an entrepreneur is using Interac sign-in service to access select government services — like accessing your tax information and applying for business grants.
As your business grows, you can use Interac Verified to create a more streamlined process for acquiring customers and new accounts — while also verifying their information. In business, that’s what we call a win-win.
Getting off on a secure footing
The steps and information in the previous sections may seem like a lot to do. Some of it may even be a bit tedious. But once you’ve gone through your security checklist and worked to lock down potential vulnerable points, maintaining your business security will consist of small routines and practices that you’ll hardly have to think about. (Maybe give yourself a little reward for taking care of it…?)
The paradox is that while you always have to be vigilant, business security just becomes part of running your business.
And being mindful about security is just part of getting your business off on the right foot. You’re making sure that what you build is on a solid foundation. One that isn’t going to topple because of one untimely scam. A foundation that’s secure enough for you to help keep building and building on.
This article offers general information only and is not intended as financial, legal, technical, or other professional advice. While information presented is believed to be factual and current, its accuracy is not guaranteed and it should not be regarded as a complete analysis of the subject matter discussed. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Interac Corp. ® The word EMV is a registered trademark owned by EMVCo.