Cyber criminals will try to harm your business by sending phishing emails to your employees. The criminal will typically use a compromised or fake email address that appears to come from a legitimate source such as a senior executive or a familiar vendor to trick you into changing account information or conducting a fraudulent financial transaction.
 

Invest in a strong antivirus software program and other security software that can flag suspicious emails. Also, make sure email addresses are spelled correctly or can be verified through alternative methods like a known good phone number.

Create a detailed cyber awareness program that’s specific to your company’s needs. You can start by using the Federal Communications Commission’s online cyberplanner tool. Then educate employees and regularly update them on cyber security best practices like changing passwords often and using secure and complex configurations.

Cyber criminals infect your computers, mobile devices and networks with ransomware, a type of malware that locks out users until you pay for the release of the data or return of service.
 

Avoid clicking on links or attachments from untrusted sources because they may contain malware, which infects your device to capture personal and financial information. Update your company’s computer and security software systems regularly with the latest malware and virus protections. Also, encrypt mobile device data and make sure people with access to your records and finances use only company-approved devices.

Back up data often and consider storing your company data on multiple media types and at least one that’s off network. To keep that data protected, remember to secure and monitor your network to deter unauthorized access or theft.

Cyber criminals set up fake online businesses that claim to help you run your company more efficiently, such as by offering small business loans or products that can help your brand stand out on social media. They may also ask for payment via untraceable methods such as a wire transfer or gift card.
 

Verify that companies you work with are who they claim to be by doing your own background check (does it list partners or other businesses it has worked with that you can contact?) and confirm that it has a real physical address and phone number.

Before working with a new vendor or business partner, talk to peers in your industry to see if they’ve used the company. You can also check the Better Business Bureau’s scam tracker.

Similar to a business email compromise, an unknown company sends an invoice that appears to be for something critical or from a regular vendor. What’s really happening is the criminal hopes you’ll be too worried or busy and that you—or your employee—will pay the invoice immediately.
 

Don’t blindly pay the invoice. Take the time to verify that services or items were actually ordered and fulfilled by the billing company. Also, consider limiting the number of employees with access to records and finances as much as possible, as well as requiring multiple users to initiate and approve transactions.

As with other scams, remind your employees about email security best practices so that they don’t click any “Pay now” links in the email or download suspicious invoice attachments. Also, double check that the invoice is not a spoof, or impersonation, of a vendor, regardless of whether you’ve used that vendor before.

Your company receives an overpayment for an item you’re selling, immediately followed by a request to deposit the check (which turns out to be a bad check) and then send them the difference via a wire transfer or gift card.
 

Be suspicious if someone varies from the normal way to pay for goods, such as via wire transfer.

Just like with fake invoices, decide if more than one person should be required to approve financial transactions (segregation of duties is a key best practice for businesses of any size), and use a dedicated machine for processing payments. It’s also a good idea to require multiple-person approvals for account and financial change requests.