For a small business owner, well-trained employees are a key defense against scams. Your business is less likely to lose money or information to scammers if everyone knows how to spot scams before they even happen.
If your employees can recognize social engineering and business email compromise attacks, spot phishing emails, identify fake websites, and use safe passwords, they are well-equipped to keep your business safe.
How can you train your employees to recognize a scam?
- Build awareness. Make sure your employees understand that scams are a big deal. Discuss the potential impact of scams and how they work. Help them understand what falling for a scam could cost your business.
- Share common red flags. Train employees to recognize common signs of a scam. These can include:
- Emails, texts, or phone calls that use urgent or threatening language
- Unexpected requests for wire transfers, gift cards or sensitive information
- Invoices for products or services that were never ordered
- Suspicious links or attachments in emails, especially from unknown senders or unusual sources
- Create a scam training program. Build a training program that fits your business’ needs. Consider what scams your business is at high risk for and teach employees to recognize them. Give your staff plenty of real-life examples. Keep your training concise, interactive and user-friendly. Offer physical handouts employees can reference later. Set up a training schedule, stick to it, and ensure new employees receive training during onboarding.
- Outsource to a trusted company. Many small business owners use third-party fraud training companies with pre-made videos, materials and quizzes. If you outsource, make sure you work with a reputable, trusted company.
- Encourage staff to speak up. Scammers often target multiple employees at a company, so if one person sounds the alarm, it could stop the scam in its tracks. Train employees to slow down, think twice, and use known contact information to verify changes, payments, and other transactions. This is especially helpful for avoiding Business Email Compromise (BEC) scams.
- Boost security procedures where necessary. Consider adding extra checks and balances for paying invoices or approving expenses over a certain dollar amount. That way, you'll have more than one set of eyes on important or unusual transactions, which decreases the likelihood of getting scammed.
- Make it easy for staff to report scams. Acknowledging that everyone makes mistakes can make your employees feel more comfortable reporting a scam. Consider rewarding your employees for reporting scams instead of punishing them, even if they fell for it.
- Set a good example. Always implement the advice you give your employees. For example, if you forbid emailing sensitive information such as passwords, don’t request those details from your staff by email.
- Repeat training regularly. Revisiting scam training annually at the very least will keep scam prevention at the top of everyone’s mind, helping your business stay safe and secure.
- Stay up to date. Read about trending scams at BBB.org or BBB Scam Tracker to stay informed about what scammers are up to. If you learn about a scam that could affect your business, share that knowledge with your employees.
