The numbers are staggering: 60% of small companies have experienced a cyber attack, including phishing and social engineering scams. Recognizing these threats early can save your business money and your hard-earned reputation.

Think critically about what you receive via email or while browsing the Internet.

1. Too Good to Be True Offers: If an offer looks incredibly favorable without any apparent catch, it probably isn’t legitimate. Scammers often lure victims with promises of high rewards for minimal effort or investment.

2. Urgency Tactics: Scammers love urgency. They might say you must act fast to claim an offer or resolve a problem. Before you react, take a moment to assess the situation critically. Genuine businesses understand that decision-making takes time.

3. Unusual Payment Methods: Be wary if you’re asked to make payments via wire transfer, cryptocurrency, or gift cards. These methods are difficult to trace and are favorites among fraudsters.

4. Suspicious Links and Attachments: Avoid clicking links or downloading attachments from unknown sources. These can lead to malicious sites that steal your personal information. Always verify the website's authenticity by checking its URL or directly navigating to the site through a search engine.

5. Grammar and Spelling Errors: Professional companies pride themselves on communication. If you receive an email with errors, it’s likely not from a legitimate source.

6. Call Now! If someone’s urging you to call a telephone number … don’t.

7. People Lie. Nobody from Microsoft is monitoring your computer. Microsoft doesn’t solicit end users to contact them across their computer, nor does the IRS. If you receive anything like this, somebody is lying to you. Stop falling for it.

By staying vigilant and educating your team on these signs, you can protect your business from the detrimental impacts of internet scams. Remember, when in doubt, it’s better to err on caution and verify everything before proceeding.

Data is as precious as gold.

Anything I can learn about you helps me defeat your safeguards; anything I know about you helps me market my product; anything I glean from your behaviors helps me understand how to exploit them.

Start treating your Personal Private Information (PPI) as an asset. It’s gold. It needs to be under lock and key.

Stop sharing your business cards in fishbowls. Stop giving away information about yourself on electronic devices/social media or in exchange for using an application like email.

Example: If you’re a small business using @gmail.com, @outlook.com, or a @yahoo.com account, you are constantly trading the confidentiality of your business and customers These are not secure platforms; they are, by their Terms of Service, used as marketing engines. Check the TOS of your email provider. If you’re a commercial business, are you following their guidelines?

A startling statistic from the U.S. Small Business Administration indicates that 88% of small business owners feel vulnerable to cyber threats, including data breaches that can expose sensitive information. This vulnerability underscores the necessity for stringent privacy protocols.

For small businesses, the stakes are high. The loss of PPI breaches trust and potentially leads to hefty fines under regulations such as GDPR in Europe and CCPA in California. Moreover, IBM reports that the average cost of a data breach for a small business can exceed $2.5 million, which is substantial enough to jeopardize a business's future.

So, how can small businesses protect themselves? It begins with people and behaviors.

• First, educating employees about the importance of data privacy is crucial. Simple practices such as recognizing phishing attempts, using strong passwords, and securing mobile devices can make a big difference. Additionally, small businesses should invest in robust cybersecurity measures like firewalls, anti-virus software, and regular security audits. A company like mine can help.
  

• Second, learn to recognize the trade. Exchanging your PPI for access in exchange for an email, a telephone number, a LIKE, or a FOLLOW is a trick. Anything or anyone trying to trade your PPI for access is a scam. Don’t do it carelessly. It’s like you’re giving away the gold.
  

• Third, lie, and lie often. If you must, and when you can, don’t provide your real birth date; don’t willingly give away where you were born; don’t give someone your actual name or mobile number. Lie. Give away false information. Isolate what is real and true to only a handful of friends, family, and associates.

In conclusion, protecting PPI isn’t just about avoiding financial losses—it’s about preserving your reputation and reducing the likelihood of harm. By taking proactive steps today, small businesses can protect themselves from the potentially devastating impacts of data breaches tomorrow.

Physical mail is often overlooked when thinking about information security, yet it remains a vital concern, especially for small businesses that send and receive sensitive information.

The United States Postal Service (USPS) handles about 129.2 billion pieces of mail annually. They mostly deliver that mail to insecure tin boxes along the side of the road, making mail a prime target for theft and fraud.

Here’s how you can safeguard your business mail effectively.

1. Work Hard to Eliminate the Use of Physical Mail. Stop!

• It’s nostalgic (read: naive) to think of a mail carrier putting a stack of confidential papers into an unsecured box and think everyone’s acting on their best behavior not to take them. That’s not how the world works, so get over it: stop using USPS.

• Sending confidential info through the USPS jeopardizes you and your customers. This isn’t to say we can’t trust the USPS; they have a secure process to route mail. However, when mail leaves USPS custody by leaving the mail in a mailbox or on a doorstep, it invites somebody to take it. Stop pretending or lying to yourself. This is a ridiculous practice.

• Anything considered sensitive shouldn’t be sent via USPS, period. Bills, remittances, and checks should move to electronic billing and statement retrieval. Ever. As you can’t guarantee secure delivery, stop using it.

2. Use USPS Secure Services. If you have no other option, opt for secure services like Certified Mail, which provides proof of mailing and delivery, or Registered Mail, which offers the highest level of security with locked containers and chain of custody documentation. These services not only deter theft but also help you track your mail at every step in delivery.

3. Implement a Mail Pickup Routine: If you have no other option, avoid leaving mail in your mailbox overnight. Arrange for mail pickup towards the end of your business day. If possible, personally collect important parcels from your local post office. This minimizes the risk of theft from unmonitored mailboxes.

4. Install a Lockable Mailbox: Again, nostalgia, but if you must own a mailbox, choose a sturdy, lockable mailbox that can be a simple yet effective barrier against mail theft. Ensure it is USPS-approved and placed in a well-lit, visible area to deter potential thieves.

5. Subscribe to a PO Box or Box Service. If you must send and receive physical mail, the smartest option for receiving physical mail is to have your mail delivered to a secure building in a secure box. Your deliveries and mail are looked after and monitored; access is controlled after the USPS delivery occurs.

Again, smart consumers opt for less friction in their lives. Stop receiving anything insecurely. Stop putting yourself and others at risk.

By incorporating these practices, small businesses can significantly enhance the security of their mail and protect themselves from potential losses and fraud.