By Debbie Gregory.

VAMBOA, the Veterans and Military Business Owners Association, believes that knowledge is power and will protect you.  For this reason, we are bringing you this two-part article mini- series on Business Loan Scams.  Please be cautious.

As the owner of a small Veteran Owned Business, you need to be on the alert for business scams, especially those related to access to capital and loans.   There have been more scams than ever with the growth of online alternative loans that allow small business owners to access the funds they need.  Unfortunately, this creates opportunities for Internet scammers.   Various surveys have found that almost seventy percent of small businesses feel there is a greater risk of scams now compared to a few years ago.   In 2016, marketplace scams accounted for the loss of $50 billion dollars alone.

Many online and legitimate lenders have been invaluable to small business owners.   However, many hackers are running business loan scams preying on the needs of small business owners for quick and affordable capital.   They attempt to steal your money, personal information, business information by pretending to be legitimate lenders or small business loan brokers.   The good news is that there are ways to identify these business loan scams and avoid them.  If you should fall victim to a scam, you should know how to report it.

Most scammers will attempt to contact you online via email, phone, texts, direct mail, websites or search engine ads.  You must be cautious whenever anyone asks for money, personal information or your business information.  Below are a list of business scams to avoid when applying for financing:

• Advance Fee Scams:  This is when an individual or company promises easy access to low-cost debt in exchange for an upfront payment. It will include terms such as “zero interest, no credit or bad credit works, no fees, etc.”  The scammer may reference the upfront fee as a “processing fee” or a “one-time fee”.  The goal of the scammer is to get your money before approving you for this likely fictitious loan.

Advance Fee Scams are one of the most common and popular scams.  They entice the borrower by promising that anyone can qualify.  Most legitimate lenders have requirements.  The lower one’s credit score, the higher interest they will have to pay in the real world.   Often legitimate lenders do charge some upfront fees such as application fees or fees to do your credit report so you must be careful.

• Peer Lending Scams: Have you ever seen a message on Craigslist, FB Messenger, Reddit or other places that says: “Low-interest loans up to 100K.  Low credit scores and bankruptcy is not a problem”?   Often, these are scams.   There are credible peer-to-peer lenders with thousands of investors who pool together and purchase loans or parts of loans that meet their criteria.   Instead of a bank, think of it as dozens of lenders working collectively.

Typical peer lending scams often resemble advance fee scams.   These peer lending scammers will also ask for some type of upfront fee or they might also be after sensitive personal information.  Beware because they can also steal your identity.  Never ever use a money wiring services for a business loan and never make any payment in advance.

• Funding Kit Scams: Some unscrupulous online loan providers want you to believe that obtaining a business loan is so complicated, you need to pay them to walk you through the process. This is a scam!    The scammers might offer offers to obtain government grants or inside tips or tricks and offer to provide you information for a fee.

All of the information that you need to obtain a loan is easily found online and there are not any fees to use this information.  When you see words such as “free” and government grants”, it is time to run for the heels.    If you have questions that you cannot find online, ethical, and real lenders are more than happy to answer these questions without charging you a fee.  If anyone asks you to pay for information to obtain a grant or loan, it is likely they are trying to scam you.

• Credit Repair Scams: Have you ever heard offers to increase or improve your credit score by at least 100 points in a short timeframe.  Or perhaps it the offer is to wipe out your bad credit, etc.  When you are trying to obtain a small business loan, your credit history is the most important part of your financial record and used by lenders to make qualifying decisions.

You do not need to pay anyone if you want to challenge or dispute something on your credit report.  You can do this yourself and it is free.   Be wary of anyone wanting to charge you upfront fees to improve and remove negative information from your credit report.   Do not feel pressured and keep in mind that there are a multitude of legitimate lenders willing to work with you even if you have a low credit number or a brief credit history.

VAMBOA hopes that our small veteran and military business owners have enjoyed this first article.   Stay tuned for Part 2 with more Business Loan Scams.  We also want to invite you to become a member of VAMBOA.  There are not any fees or dues and you can use our seal on your collateral and website.  If you want to join, please register here:  https://vamboa.org/member-registration/

By Debbie Gregory.

Let us begin with a frightening statistic!  Do you know that every three- and one-half seconds brand new cybersecurity threats arise?  Small businesses are typically the targets for these threats as they typically do not have strong cybersecurity practices. This article will review where the most common threats come from so you can be forewarned and forearmed.

1.)  Passwords:

A hacker with your password can access any of your private information and data. Hackers learn these passwords in a variety of ways.  The most common way is called a “brute force attack.” These types of attacks utilize specially designed bot programs that generate and try every possible combination of letters, symbols, and numbers out there to obtain your information.

How can you protect against this type of attack?

Creating and using a unique password of upper and lowercase letters that is at least ten characters long can substantially slow down these brute force program attacks. It can take them years to find your password if it is more complex.  It is also important that you do not use the same password over and over and you frequently change your passwords.

2.)  Phishing

Phishing is a technique used to trick people into willingly handing over their information to a hacker. These types of attacks target all types of personal data including, but not limited to passwords, bank account numbers, credit card numbers, Social Security numbers, and more.

How are these types of attacks performed?

Usually a hacker will pose as a reputable source asking their victim to allow them access to their computer or to click a specific link. They impress upon their victims that the reason for doing so is incredibly important and they must provide key personal information. These types of attacks happen via phone, email, and text message.  Often, they have what appears to be a legitimate email address but when you really look at it, you will see they are not who they pretend to be.   Be on the alert and never ever click on a link or open a document from someone you do not know or a generic email address because they are after your personal information.

3.)  Pharming:

Pharming is the term for website spoofing. In this type of attack, the hacker has compromised the naming system in the website’s server so that a visitor to the legitimate site is instead redirected to a fraudulent one. Once on the fraudulent site, the victim is prompted to provide their sensitive data, such as a credit card number or Social Security number.

4.) Malware

Malware is malicious software that is specifically designed to gain access to or to cause damage to a device. The goal is usually stealing personal data such as passwords, bank account numbers, credit card numbers, Social Security numbers, and more. Malware comes in many forms from adware to spyware to Trojan horses. All are extremely dangerous.

These are only a few of the potential risks your business faces. Other common attacks include point-of-sale hacks, drive-by-downloads, and ones that are so new they haven’t even been named yet. The best thing you can do is to take the time and effort to create and enforce strong cybersecurity policies. Stay on top of what is happening in the world of cybersecurity and help protect yourself, your employees, and your business.

By Debbie Gregory.

There is no way to completely secure any business against hackers. Even if you take every single precaution, you are still at risk from diligent criminals. Hackers seek out weaknesses and are very good at exploiting them. Thankfully there are a few things you can do to lower your chances of being hacked.

Focus Areas To Protect From Hacking:

1.) Professional IT support

If you do not have a professional IT (information technology) person or company working for you, get one. Criminals rarely discriminate between large and small companies and anyone can be exposed to a data hack. Paying a professional to evaluate your risks, install the right software, monitor activity, and keep everything up to date is a critical and essential business cost in our world today.

2.) Employee Training

Most security problems stem from employee-related errors. Things like clicking on bad websites, accidentally downloading or installing malicious software, opening up infected files, allowing fake IT companies remote access to their computer, etc. Invest in training a few times a year with a good IT security firm so that your employees are more aware of the potential problems they can face and how to avoid doing things that make your business more vulnerable.

3.) Employee Turnover

When employees leave a company, they tend to take data with them. This is usually not done maliciously.  However, there are always some people who may take things on purpose to sell to a competitor or for other potentially vengeful reasons. It is a good idea to have procedures in place for data when an employee exits your company.

4.) Remote Employees

Employees that are moving around outside of your company with your data are at a higher risk of that data being lost or stolen. If an employee or contractor is remotely connecting to your database or server through online services, these also have a chance of being hacked. Again, work with a professional IT person to make sure you have strong data management and connection tools in place for these remote workers and make sure they are being actively monitored.

5.) Employees’ Personal Devices

Are your employees allowed to bring and use their own devices for work? If so, their devices can create an easy way in for a hacker. Much like remote employees, any person using their own device for work should be monitored and secured by your IT professional.

6.) Old Outdated Computers and Operating Systems

Running older, out of date versions of Microsoft Windows or Apple’s iOS will leave you incredibly vulnerable to hackers. Make sure that all computers in your company are using the most recent version of whatever OS you utilize. If the hardware is unable to run the latest OS, then upgrade the hardware.

7.) Security Software

All devices used in your company need good security software. Always make sure that the software is up to date and that it is configured to run routine scans. Most security software applications are relatively inexpensive, they run quietly in the background of the device and check for malware, viruses, infected websites, and any other vulnerabilities in the system.

8.) Strong Passwords

Most people are still pretty lax with their passwords.   Can you believe the most common password today is still “1234?”  Make sure that you require strong passwords (a combination of letters, numbers and symbols) for all devices and make sure that those passwords are changed every month or two.

9.) Secure Your Data

Make sure that all data you handle is encrypted, backed up regularly, and stored securely. If your company handles data such as health, financial or other personal information about your customers, and it is stolen, you can have a huge problem on your hands. Make sure that you have polices and procedures in place to safeguard confidential customer data; and make sure that you train your employees to handle the data securely.

Unfortunately, you can’t completely avoid being hacked… but making sure you are taking care of the nine items listed above will increase your chances of avoiding hackers by quite a lot.

By Debbie Gregory.

Our world relies heavily on technology and the Internet. Criminals target companies of all sizes, including small businesses. Knowing a few security basics can help you protect your business and even reduce the risk of your business falling victim to a cyber criminal’s attacks.

Below are six key areas to focus on to help make your business more secure:

1.) Require strong passwords on everything

Strong passwords are at least 12 characters long and are a mix of numbers, symbols, and capital and lowercase letters. Use strong passwords for all laptops, tablets, computers, and smartphones owned or used by your company and your employees. Make sure that no one leaves any of these devices unattended in public places. Never reuse old passwords and never share passwords in texts or by email. Make sure that you also limit the number of unsuccessful log-in attempts to limit password-guessing attacks.

2.) Use multi-factor authentication

Require multi-factor authentication to access areas of your network with sensitive information. This requires additional steps beyond logging in with a password such as a temporary code on a smartphone or a key that’s inserted into a computer.

3.) Secure your router

Make sure that you change the default name and password that comes pre-installed on your router. Make sure that you also turn off remote management and log out as the administrator once the router is set up. Make sure your router offers WPA2 or WPA3 encryption, and that it’s turned on. Encryption protects information sent over your network so it can’t be read by outsiders. If you do not know how to do this we recommend getting in touch with a reputable tech company to take care of this for you.

4.) Keep all software up to date

Make sure that all of your devices are setup to automatically update when an update becomes available. This includes any apps, programs, web browsers, hardware, and operating systems.

5.) Secure all of your files

Backup all important files offline – either on an external hard drive or in the cloud. Make sure that the offline backup is secured with a strong password. Make sure you store all of your sensitive paper files securely. Also, make sure that you encrypt the data on devices and other media that contain sensitive personal information. This includes laptops, tablets, smartphones, removable drives, backup tapes, and storage solutions.

6.) Train your staff

Create a culture in your company of security by implementing a regular schedule of employee training and make sure that you keep your employees updated as you find out about new risks and vulnerabilities.

Most importantly, make sure that you have a plan in place just in case you do experience a breach. You will need to get backups online quickly so you can get back to work as well as notify any customers who may also be impacted. The FTC’s Data Breach Response: A Guide for Business gives you steps that you can take.

Again, cyber security is increasingly important in our world. If you are uncomfortable or lack the knowledge to implement security at your company we highly recommend hiring a professional technology company to keep your information secure.