Cyber Security Month Series Part Two

Last week as part of Cyber Security awareness month we talked about identifying where your critical information assets are that are important to you the small business owner. We also provided tips on how to better protect these information “assets” that are important for your operations. This week we are going to talk a bit about how criminals can target small business owners by using a technique known as social engineering. You may have heard of this before in different formats like Phishing and Business email compromise which are types of fraud.

Fraud comes in a variety of forms, from high to low tech, including phone calls, e-mails, in person and variety of forms, from high to low tech, including phone calls, E-mails, in person and even the U.S. Postal Service. But social engineering techniques used to manipulate victims are fairly consistent; these typically include the attacker using emotive language in order to get you to take an action to actually help the fraudster.

To avoid becoming a victim, please be aware of the following methods used by fraudsters:

  • The Secret – The fraudster is offering something secretive or “only for you.”
  • It’s Free – Giving away something for “free.”
  • Authority Figure – The fraudster is posing as an authority figure or agency.
  • You’re in trouble – The fraudster will attempt to make you believe you are at fault.
  • Guilt – An emotive play on your generosity.
  • Act before it is too late – Only limited quantities are often used.
  • Look what I just found – Fraudsters often use a baiting tactic such as leaving a USB or CD containing viruses in a public place, with the intention that you will use on your PC.
  • A combination of any of the above methods.


In regard to small business and Cybercrime, there have been many studies that show small businesses (those companies with 1,000 employees or less) are not prepared to counter any cyber security threats. These studies identify that small business can be impacted much more than their large counterparts in the event of a cyber-attack.  New business owners are also being targeted by suspect companies with letters that have official–sounding names such as “Records Office” asking for exorbitant fees for business processing services.

Remember: if it sounds too good to be true, it probably is!



Some ways on how to avoid becoming a victim are:

  • Review E-mail carefully as it is can be a large entry point for Cybercriminals into your business. Be aware of phishing techniques which include the social engineering methods mentioned above, also don’t click on URL’s or links without first checking them by hovering over the link.
  • Be watchful for e-mails from persons posing as business partners or suppliers asking for bank account information or to transfer money, follow up with a phone call if unsure.
  • Be careful of any business correspondence or phone calls that seems too good to be true, seems threating or possibly imitating an official figure.  Be guarded about what information you provide about your business to strangers or even other businesses.
  • Shred your business records when they are expired or old. Don’t leave these out in the trash without destroying them as this information could be a target for dumpster diving.
  • Be wary of anyone giving away free “USB sticks or CD’s”, they may contain malware that could infect your computer systems.

The author can be reached at

All rights reserved, Copyrighted work by William Tucek.





William T Tucek

This entry was posted on Tuesday, October 10th, 2017 at 4:50 pm and is filed under Blog, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.