Skip to main content

Cyber-crime: Is your small business protected?

Cyber-crime is a concern for all businesses, but the effect of being ripped off can be especially challenging for small businesses.

Cyber-crime hits small businesses hard:

  • 40% of cyber-attacks in 2011 were on small- to medium-sized businesses
  • The per employee cost of those small businesses victimized by cyber-fraud was $1,088, versus $284 for larger businesses
  • About 60% of small businesses will go out of business within six months of a cyber-attack

In 2012, Canadians made close to $20 billion worth of purchases over the Internet. As online business continues to grow, the potential for being victimized by cyber-crime also increases.

What is cyber-crime?

Cyber-crime is any criminal offence that involves a computer or the Internet as either the target of a crime or as the means used to commit a crime.

Some examples that relate to commercial transactions include:

  • Identity theft: Fraudsters hack into databases and steal usernames, passwords, credit card and other personal information, to make illicit purchases.
  • Phishing scams to take over legitimate customer accounts: A customer is tricked by an email or bogus website to provide passwords and login information, which are then used to make unauthorized purchases.

Fraud is the most common type of cybercrime reported to police, representing about half of all Internet-based crime, according to 2012 Statistics Canada data.

How can you protect your small business against cyber-crime?

Recent stories of cyber attacks have highlighted the need to be extra vilgilant in protecting your business.

In addition to standard common sense vigilance, businesses are encouraged to monitor purchase trends and keep a very close eye on statements and purchase orders. Watch for deviations from normal sales activities. Software solutions to protect data are also crucial (e.g., encryption, firewalls, anti-virus).

Tips to guard against cyber-crime:

  • PCI compliance: Check out the Payment Card Industry Security Standard Council forum, which is a network of of global brands, including Visa, MasterCard and AMEX, who have established best practices for conducting electronic transactions and payment processing.
  • Watch for well-known signs of a fraudulent purchase:
      • Unusually large orders placed over the Internet without contact by the customer
      • Priority rush orders of high-value merchandise, where the customer requests overnight shipping
      • Missing contact information on an order, or a customer refuses to provide key contact information, such as a daytime phone number
      • Orders that are set to be shipped to a different address than the billing address. Similarly, watch for billing addresses that are not the same as the information on file with the credit card company. An address verification system (AVS) can block sales where addresses don’t match.
      • Orders from other countries
  • Set limits on the number and dollar value amount of purchases, using your knowledge of your own business
  • Require customers to enter the three-digit Card Security Code on the back of their credit card
  • Use sophisticated passwords on customer accounts. Best practices call for an eight-digit password with a capital and a special character.
  • If you are suspicious, phone the card holder to confirm the order. If you can’t contact the cardholder using the information you were provided, don’t ship the merchandise. Fraudsters don’t leave phone numbers where they can actually be contacted.

What if you are a victim of cyber-crime?

If you think you may have been a target of online fraud, report it to your local police service and the Canadian Anti-Fraud Centre. Canada’s Competition Bureau is also a trusted resource for information related to fraud and cyber-crime.

Did you know that October is cyber-security month? The government of Canada has created an information portal where you can review your online safety practices. They also have a Get Cyber Safe Guide for Small and Medium Businesses

Related Documents